private bool defaultImplies(ProtectionDomain domain, Permission permission)
{
if (domain == null && permission == null)
{
throw new java.lang.NullPointerException();
}
bool implies = false;
if (domain != null)
{
PermissionCollection total = getPermissions(domain);
PermissionCollection inherent = domain.getPermissions();
if (inherent != null)
{
java.util.Enumeration <Permission> en = inherent.elements();
while (en.hasMoreElements())
{
total.add(en.nextElement());
}
}
try {
implies = total.implies(permission);
} catch (java.lang.NullPointerException) {
// return false instead of throwing the NullPointerException
implies = false;
}
}
return(implies);
}
/**
* Returns a {@code PermissionCollection} describing what permissions are
* allowed for the specified {@code ProtectionDomain} (more specifically,
* its {@code CodeSource}) based on the current security policy.
* <p />
* Note that this method is not called for classes which are in the
* system domain (i.e. system classes). System classes are always
* given full permissions (i.e. AllPermission). This can not be changed by
* installing a new policy.
*
* @param domain
* the {@code ProtectionDomain} to compute the permissions for.
* @return the permissions that are granted to the specified {@code
* CodeSource}.
*/
public PermissionCollection getPermissions(ProtectionDomain domain)
{
Permissions permissions = new Permissions();
if (domain != null)
{
try {
PermissionCollection cds = getPermissions(domain
.getCodeSource());
if (cds != Policy.UNSUPPORTED_EMPTY_COLLECTION)
{
java.util.Enumeration <Permission> elements = cds.elements();
while (elements.hasMoreElements())
{
permissions.add(elements.nextElement());
}
}
} catch (java.lang.NullPointerException) {
// ignore the exception, just add nothing to the result set
}
PermissionCollection pds = domain.getPermissions();
if (pds != null)
{
java.util.Enumeration <Permission> pdElements = pds.elements();
while (pdElements.hasMoreElements())
{
permissions.add(pdElements.nextElement());
}
}
}
return(permissions);
}
/*
* Answers if the policy has granted a Permission to a
* ProtectionDomain.
*
* @param domain -
* the domain to check.
* @param permission -
* check whether this permission is granted to the specified
* domain.
* @return - true if the permission is granted to the domain.
*
*/
protected internal abstract bool engineImplies(ProtectionDomain domain,
Permission permission);
/*
* Answers a PermissionCollection object containing the set of permissions
* granted to the specified ProtectionDomain.
*
* The default implementation of this method returns
* Policy.UNSUPPORTED_EMPTY_COLLECTION object. This method can be overridden
* if the policy implementation can return a set of permissions granted to a
* ProtectionDomain.
*
* @param domain -
* the ProtectionDomain to which the returned
* PermissionCollection has been granted.
* @return a set of permissions granted to the specified ProtectionDomain.
* If this operation is supported, the returned set of permissions
* must be a new mutable instance and it must support heterogeneous
* Permission types. If this operation is not supported,
* Policy.UNSUPPORTED_EMPTY_COLLECTION is returned.
*/
protected internal PermissionCollection engineGetPermissions(ProtectionDomain domain)
{
return(Policy.UNSUPPORTED_EMPTY_COLLECTION);
}
/**
* Indicates whether the specified {@code Permission} is implied by the
* {@code PermissionCollection} of the specified {@code ProtectionDomain}.
*
* @param domain
* the {@code ProtectionDomain} for which the permission should
* be granted.
* @param permission
* the {@code Permission} for which authorization is to be
* verified.
* @return {@code true} if the {@code Permission} is implied by the {@code
* ProtectionDomain}, {@code false} otherwise.
*/
public bool implies(ProtectionDomain domain, Permission permission)
{
return(spiImpl == null?defaultImplies(domain, permission) : spiImpl
.engineImplies(domain, permission));
}
/**
* Answers a PermissionCollection object containing the set of permissions
* granted to the specified ProtectionDomain.
*
* The default implementation of this method returns
* Policy.UNSUPPORTED_EMPTY_COLLECTION object. This method can be overridden
* if the policy implementation can return a set of permissions granted to a
* ProtectionDomain.
*
* @param domain -
* the ProtectionDomain to which the returned
* PermissionCollection has been granted.
* @return a set of permissions granted to the specified ProtectionDomain.
* If this operation is supported, the returned set of permissions
* must be a new mutable instance and it must support heterogeneous
* Permission types. If this operation is not supported,
* Policy.UNSUPPORTED_EMPTY_COLLECTION is returned.
*/
protected internal PermissionCollection engineGetPermissions(ProtectionDomain domain)
{
return Policy.UNSUPPORTED_EMPTY_COLLECTION;
}
/**
* Answers if the policy has granted a Permission to a
* ProtectionDomain.
*
* @param domain -
* the domain to check.
* @param permission -
* check whether this permission is granted to the specified
* domain.
* @return - true if the permission is granted to the domain.
*
*/
protected internal abstract bool engineImplies(ProtectionDomain domain,
Permission permission);