public class ProtectionDomain extends Object
ProtectionDomain class encapsulates the characteristics of a domain, which encloses a set of classes whose instances are granted a set of permissions when being executed on behalf of a given set of Principals. A static set of permissions can be bound to a ProtectionDomain when it is constructed; such permissions are granted to the domain regardless of the policy in force. However, to support dynamic security policies, a ProtectionDomain can also be constructed such that it is dynamically mapped to a set of permissions by the current policy whenever a permission is checked.
| Constructor | Description |
|---|---|
ProtectionDomain |
Creates a new ProtectionDomain with the given CodeSource and permissions. |
ProtectionDomain |
Creates a new ProtectionDomain qualified by the given CodeSource, permissions, ClassLoader and array of principals. |
| Modifier and Type | Method | Description |
|---|---|---|
final ClassLoader |
getClassLoader() |
Returns the ClassLoader of this domain. |
final CodeSource |
getCodeSource() |
Returns the CodeSource of this domain. |
final PermissionCollection |
getPermissions() |
Returns the static permissions granted to this domain. |
final Principal[] |
getPrincipals() |
Returns an array of principals for this domain. |
boolean |
implies |
Check and see if this ProtectionDomain implies the permissions expressed in the Permission object. |
final boolean |
staticPermissionsOnly() |
Returns true if this domain contains only static permissions and does not check the current Policy at the time of permission checking. |
String |
toString() |
Convert a ProtectionDomain to a String. |
public ProtectionDomain(CodeSource codesource, PermissionCollection permissions)
ProtectionDomain with the given CodeSource and permissions. If permissions is not null, then setReadOnly() will be called on the passed in permissions. The permissions granted to this domain are static, i.e. invoking the staticPermissionsOnly() method returns true. They contain only the ones passed to this constructor and the current policy will not be consulted.
codesource - the codesource associated with this domainpermissions - the permissions granted to this domainpublic ProtectionDomain(CodeSource codesource, PermissionCollection permissions, ClassLoader classloader, Principal[] principals)
ProtectionDomain qualified by the given CodeSource, permissions, ClassLoader and array of principals. If permissions is not null, then setReadOnly() will be called on the passed in permissions. The permissions granted to this domain are dynamic, i.e. invoking the staticPermissionsOnly() method returns false. They include both the static permissions passed to this constructor, and any permissions granted to this domain by the current policy at the time a permission is checked.
This constructor is typically used by ClassLoaders and DomainCombiners which delegate to the Policy object to actively associate the permissions granted to this domain. This constructor affords the policy provider the opportunity to augment the supplied PermissionCollection to reflect policy changes.
codesource - the CodeSource associated with this domainpermissions - the permissions granted to this domainclassloader - the ClassLoader associated with this domainprincipals - the array of Principal objects associated with this domain. The contents of the array are copied to protect against subsequent modification.public final CodeSource getCodeSource()
CodeSource of this domain.CodeSource of this domain which may be null.public final ClassLoader getClassLoader()
ClassLoader of this domain.ClassLoader of this domain which may be null.public final Principal[] getPrincipals()
public final PermissionCollection getPermissions()
null.public final boolean staticPermissionsOnly()
true if this domain contains only static permissions and does not check the current Policy at the time of permission checking.true if this domain contains only static permissions.public boolean implies(Permission perm)
ProtectionDomain implies the permissions expressed in the Permission object. The set of permissions evaluated is a function of whether the ProtectionDomain was constructed with a static set of permissions or it was bound to a dynamically mapped set of permissions.
If the staticPermissionsOnly() method returns true, then the permission will only be checked against the PermissionCollection supplied at construction.
Otherwise, the permission will be checked against the combination of the PermissionCollection supplied at construction and the current policy binding.
perm - the {code Permission} object to check.true if perm is implied by this ProtectionDomain.public String toString()
ProtectionDomain to a String.
© 1993, 2023, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/security/ProtectionDomain.html