public class ProtectionDomain extends Object
ProtectionDomain
class encapsulates the characteristics of a domain, which encloses a set of classes whose instances are granted a set of permissions when being executed on behalf of a given set of Principals. A static set of permissions can be bound to a ProtectionDomain
when it is constructed; such permissions are granted to the domain regardless of the policy in force. However, to support dynamic security policies, a ProtectionDomain
can also be constructed such that it is dynamically mapped to a set of permissions by the current policy whenever a permission is checked.
Constructor | Description |
---|---|
ProtectionDomain |
Creates a new ProtectionDomain with the given CodeSource and permissions. |
ProtectionDomain |
Creates a new ProtectionDomain qualified by the given CodeSource , permissions, ClassLoader and array of principals. |
Modifier and Type | Method | Description |
---|---|---|
final ClassLoader |
getClassLoader() |
Returns the ClassLoader of this domain. |
final CodeSource |
getCodeSource() |
Returns the CodeSource of this domain. |
final PermissionCollection |
getPermissions() |
Returns the static permissions granted to this domain. |
final Principal[] |
getPrincipals() |
Returns an array of principals for this domain. |
boolean |
implies |
Check and see if this ProtectionDomain implies the permissions expressed in the Permission object. |
final boolean |
staticPermissionsOnly() |
Returns true if this domain contains only static permissions and does not check the current Policy at the time of permission checking. |
String |
toString() |
Convert a ProtectionDomain to a String . |
public ProtectionDomain(CodeSource codesource, PermissionCollection permissions)
ProtectionDomain
with the given CodeSource
and permissions. If permissions is not null
, then setReadOnly()
will be called on the passed in permissions. The permissions granted to this domain are static, i.e. invoking the staticPermissionsOnly()
method returns true
. They contain only the ones passed to this constructor and the current policy will not be consulted.
codesource
- the codesource associated with this domainpermissions
- the permissions granted to this domainpublic ProtectionDomain(CodeSource codesource, PermissionCollection permissions, ClassLoader classloader, Principal[] principals)
ProtectionDomain
qualified by the given CodeSource
, permissions, ClassLoader
and array of principals. If permissions is not null
, then setReadOnly()
will be called on the passed in permissions. The permissions granted to this domain are dynamic, i.e. invoking the staticPermissionsOnly()
method returns false
. They include both the static permissions passed to this constructor, and any permissions granted to this domain by the current policy at the time a permission is checked.
This constructor is typically used by ClassLoaders
and DomainCombiners
which delegate to the Policy
object to actively associate the permissions granted to this domain. This constructor affords the policy provider the opportunity to augment the supplied PermissionCollection
to reflect policy changes.
codesource
- the CodeSource
associated with this domainpermissions
- the permissions granted to this domainclassloader
- the ClassLoader
associated with this domainprincipals
- the array of Principal
objects associated with this domain. The contents of the array are copied to protect against subsequent modification.public final CodeSource getCodeSource()
CodeSource
of this domain.CodeSource
of this domain which may be null
.public final ClassLoader getClassLoader()
ClassLoader
of this domain.ClassLoader
of this domain which may be null
.public final Principal[] getPrincipals()
public final PermissionCollection getPermissions()
null
.public final boolean staticPermissionsOnly()
true
if this domain contains only static permissions and does not check the current Policy
at the time of permission checking.true
if this domain contains only static permissions.public boolean implies(Permission perm)
ProtectionDomain
implies the permissions expressed in the Permission
object. The set of permissions evaluated is a function of whether the ProtectionDomain
was constructed with a static set of permissions or it was bound to a dynamically mapped set of permissions.
If the staticPermissionsOnly()
method returns true
, then the permission will only be checked against the PermissionCollection
supplied at construction.
Otherwise, the permission will be checked against the combination of the PermissionCollection
supplied at construction and the current policy binding.
perm
- the {code Permission} object to check.true
if perm
is implied by this ProtectionDomain
.public String toString()
ProtectionDomain
to a String
.
© 1993, 2023, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/security/ProtectionDomain.html