org.mozilla.javascript
Class SecurityController
java.lang.Object
|
+--org.mozilla.javascript.SecurityController
- public abstract class SecurityController
- extends java.lang.Object
This class describes the support needed to implement security.
Three main pieces of functionality are required to implement
security for JavaScript. First, it must be possible to define
classes with an associated security domain. (This security
domain may be any object incorporating notion of access
restrictions that has meaning to an embedding; for a client-side
JavaScript embedding this would typically be
java.security.ProtectionDomain or similar object depending on an
origin URL and/or a digital certificate.)
Next it must be possible to get a security domain object that
allows a particular action only if all security domains
associated with code on the current Java stack allows it. And
finally, it must be possible to execute script code with
associated security domain injected into Java stack.
These three pieces of functionality are encapsulated in the
SecurityController class.
- Since:
- 1.5 Release 4
- See Also:
Context.setSecurityController(SecurityController)
,
ClassLoader
Method Summary |
abstract org.mozilla.javascript.GeneratedClassLoader |
createClassLoader(java.lang.ClassLoader parentLoader,
java.lang.Object securityDomain)
Get class loader-like object that can be used
to define classes with the given security context. |
abstract java.lang.Object |
execWithDomain(Context cx,
Scriptable scope,
Script script,
java.lang.Object securityDomain)
Call Script.exec(Context cx, Scriptable scope) of
script under restricted security domain where an action is
allowed only if it is allowed according to the Java stack on the
moment of the execWithDomain call and securityDomain. |
abstract java.lang.Object |
getDynamicSecurityDomain(java.lang.Object securityDomain)
Get dynamic security domain that allows an action only if it is allowed
by the current Java stack and securityDomain. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SecurityController
public SecurityController()
createClassLoader
public abstract org.mozilla.javascript.GeneratedClassLoader createClassLoader(java.lang.ClassLoader parentLoader,
java.lang.Object securityDomain)
- Get class loader-like object that can be used
to define classes with the given security context.
- Parameters:
parentLoader
- parent class loader to delegate search for classes
not defined by the class loader itselfsecurityDomain
- some object specifying the security
context of the code that is defined by the returned class loader.
getDynamicSecurityDomain
public abstract java.lang.Object getDynamicSecurityDomain(java.lang.Object securityDomain)
- Get dynamic security domain that allows an action only if it is allowed
by the current Java stack and securityDomain. If
securityDomain is null, return domain representing permissions
allowed by the current stack.
execWithDomain
public abstract java.lang.Object execWithDomain(Context cx,
Scriptable scope,
Script script,
java.lang.Object securityDomain)
throws JavaScriptException
- Call
Script.exec(Context cx, Scriptable scope)
of
script under restricted security domain where an action is
allowed only if it is allowed according to the Java stack on the
moment of the execWithDomain call and securityDomain.
Any call to getDynamicSecurityDomain(Object)
during
execution of Script.exec(Context cx, Scriptable scope)
should return a domain incorporate restrictions imposed by
securityDomain.