1 files changed, 181 insertions, 56 deletions

diff --git a/libjava/java/security/ProtectionDomain.java b/libjava/java/security/ProtectionDomain.java
index e8ead46..21d9b6d 100644
--- a/libjava/java/security/ProtectionDomain.java
+++ b/libjava/java/security/ProtectionDomain.java
@@ -1,5 +1,5 @@
 /* ProtectionDomain.java -- A security domain
-   Copyright (C) 1998 Free Software Foundation, Inc.
+   Copyright (C) 1998, 2003, Free Software Foundation, Inc.
 
 This file is part of GNU Classpath.
 
@@ -38,55 +38,109 @@ exception statement from your version. */
 package java.security;
 
 /**
- * This class represents a group of classes, along with the permissions
- * they are granted.  The classes are identified by a <code>CodeSource</code>.
- * Thus, any class loaded from the specified <code>CodeSource</code> is
- * treated as part of this domain.  The set of permissions is represented
- * by a <code>PermissionCollection</code>.
- * <p>
- * Every class in the system will belong to one and only one
- * <code>ProtectionDomain</code>.
+ * <p>This <code>ProtectionDomain</code> class encapsulates the characteristics
+ * of a domain, which encloses a set of classes whose instances are granted a
+ * set of permissions when being executed on behalf of a given set of
+ * <i>Principals</i>.
  *
- * @version 0.0
+ * <p>A static set of permissions can be bound to a <code>ProtectionDomain</code>
+ * when it is constructed; such permissions are granted to the domain regardless
+ * of the {@link Policy} in force. However, to support dynamic security
+ * policies, a <code>ProtectionDomain</code> can also be constructed such that
+ * it is dynamically mapped to a set of permissions by the current {@link
+ * Policy} whenever a permission is checked.</p>
  *
  * @author Aaron M. Renn (arenn@urbanophile.com)
+ * @version 0.0
  */
 public class ProtectionDomain
 {
-  /**
-   * This is the <code>CodeSource</code> for this protection domain
-   */
+  /** This is the <code>CodeSource</code> for this protection domain. */
   private CodeSource code_source;
 
+  /** This is the set of permissions granted to this domain. */
+  private PermissionCollection perms;
+
+  /** The {@link ClassLoader} associated with this domain. */
+  private ClassLoader classloader;
+
+  /** The array of Principals associated with this domain.. */
+  private Principal[] principals;
+
+  /** Post 1.4 the policy may be refreshed! use false for pre 1.4. */
+  private boolean staticBinding;
+
   /**
-   * This is the set of permissions granted to this domain
+   * Creates a new <code>ProtectionDomain</code> with the given {@link
+   * CodeSource} and {@link Permissions}. If the permissions object is not
+   * <code>null</code>, then <code>setReadOnly()</code> will be called on the
+   * passed in {@link Permissions} object. The only permissions granted to this
+   * domain are the ones specified; the current {@link Policy} will not be
+   * consulted.
+   *
+   * @param codesource the codesource associated with this domain.
+   * @param permissions the permissions granted to this domain
    */
-  private PermissionCollection perms;
+  public ProtectionDomain(CodeSource codesource, PermissionCollection permissions)
+  {
+    this(codesource, permissions, null, null, false);
+  }
 
   /**
-   * This method initializes a new instance of <code>ProtectionDomain</code>
-   * representing the specified <code>CodeSource</code> and permission set.
-   * No permissions may be added to the <code>PermissionCollection</code>
-   * and this contructor will call the <code>setReadOnly</code> method on
-   * the specified permission set.
+   * <p>Creates a new ProtectionDomain qualified by the given CodeSource,
+   * Permissions, ClassLoader and array of Principals. If the permissions
+   * object is not null, then <code>setReadOnly()</code> will be called on the
+   * passed in Permissions object. The permissions granted to this domain are
+   * dynamic; they include both the static permissions passed to this
+   * constructor, and any permissions granted to this domain by the current
+   * Policy at the time a permission is checked.</p>
    *
-   * @param code_source The <code>CodeSource</code> for this domain
-   * @param perms The permission set for this domain
+   * <p>This constructor is typically used by {@link ClassLoader}s and {@link
+   * DomainCombiner}s which delegate to <code>Policy</code> to actively
+   * associate the permissions granted to this domain. This constructor affords
+   * the Policy provider the opportunity to augment the supplied
+   * PermissionCollection to reflect policy changes.</p>
    *
-   * @see java.security.PermissionCollection#setReadOnly()
-   */
-  public ProtectionDomain(CodeSource code_source, PermissionCollection perms)
+   * @param codesource the CodeSource associated with this domain.
+   * @param permissions the permissions granted to this domain.
+   * @param classloader the ClassLoader associated with this domain.
+   * @param principals the array of Principals associated with this domain.
+   * @since 1.4
+   * @see Policy#refresh()
+   * @see Policy#getPermissions(ProtectionDomain)
+  */
+  public ProtectionDomain(CodeSource codesource,
+                          PermissionCollection permissions,
+                          ClassLoader classloader, Principal[] principals)
   {
-    this.code_source = code_source;
-    this.perms = perms;
-    if (perms != null)
-      perms.setReadOnly();
+    this(codesource, permissions, classloader, principals, false);
+  }
+
+  private ProtectionDomain(CodeSource codesource,
+                           PermissionCollection permissions,
+                           ClassLoader classloader, Principal[] principals,
+                           boolean staticBinding)
+  {
+    super();
+
+    code_source = codesource;
+    if (permissions != null)
+      {
+        perms = permissions;
+        perms.setReadOnly();
+      }
+
+    this.classloader = classloader;
+    this.principals =
+        (principals != null ? (Principal[]) principals.clone() : new Principal[0]);
+    this.staticBinding = staticBinding;
   }
 
   /**
-     * This method returns the <code>CodeSource</code> for this domain.
-     *
-     * @return This domain's <code>CodeSource</code>.
+   * Returns the {@link CodeSource} of this domain.
+   *
+   * @return the {@link CodeSource} of this domain which may be <code>null</code>.
+   * @since 1.2
    */
   public final CodeSource getCodeSource()
   {
@@ -94,9 +148,36 @@ public class ProtectionDomain
   }
 
   /**
-   * This method returns the set of permissions granted to this domain.
+   * Returns the {@link ClassLoader} of this domain.
    *
-   * @return The permission set for this domain
+   * @return the {@link ClassLoader} of this domain which may be
+   * <code>null</code>.
+   * @since 1.4
+   */
+  public final ClassLoader getClassLoader()
+  {
+    return this.classloader;
+  }
+
+  /**
+   * Returns an array of principals for this domain.
+   *
+   * @return returns a non-null array of principals for this domain. Changes to
+   * this array will have no impact on the <code>ProtectionDomain</code>.
+   * @since 1.4
+   */
+  public final Principal[] getPrincipals()
+  {
+    return (Principal[]) principals.clone();
+  }
+
+  /**
+   * Returns the static permissions granted to this domain.
+   *
+   * @return the static set of permissions for this domain which may be
+   * <code>null</code>.
+   * @see Policy#refresh()
+   * @see Policy#getPermissions(ProtectionDomain)
    */
   public final PermissionCollection getPermissions()
   {
@@ -104,41 +185,85 @@ public class ProtectionDomain
   }
 
   /**
-   * This method tests whether or not the specified <code>Permission</code> is
-   * implied by the set of permissions granted to this domain.
+   * <p>Check and see if this <code>ProtectionDomain</code> implies the
+   * permissions expressed in the <code>Permission</code> object.</p>
+   *
+   * <p>The set of permissions evaluated is a function of whether the
+   * <code>ProtectionDomain</code> was constructed with a static set of
+   * permissions or it was bound to a dynamically mapped set of permissions.</p>
    *
-   * @param perm The <code>Permission</code> to test.
+   * <p>If the <code>ProtectionDomain</code> was constructed to a statically
+   * bound {@link PermissionCollection} then the permission will only be checked
+   * against the {@link PermissionCollection} supplied at construction.</p>
    *
-   * @return <code>true</code> if the specified <code>Permission</code> is implied for this domain, <code>false</code> otherwise.
+   * <p>However, if the <code>ProtectionDomain</code> was constructed with the
+   * constructor variant which supports dynamically binding permissions, then
+   * the permission will be checked against the combination of the
+   * {@link PermissionCollection} supplied at construction and the current
+   * {@link Policy} binding.
+   *
+   * @param permission the {@link Permission} object to check.
+   * @return <code>true</code> if <code>permission</code> is implicit to this
+   * <code>ProtectionDomain</code>.
    */
-  public boolean implies(Permission perm)
+  public boolean implies(Permission permission)
   {
-    PermissionCollection pc = getPermissions();
-    if (pc == null)
-      return (false);
-
-    return (pc.implies(perm));
+    if (staticBinding)
+      return (perms == null ? false : perms.implies(permission));
+    // Else dynamically bound.  Do we have it?
+    // NOTE: this will force loading of Policy.currentPolicy
+    return Policy.getCurrentPolicy().implies(this, permission);
   }
 
   /**
-   * This method returns a <code>String</code> representation of this
-   * object.  It will print the <code>CodeSource</code> and 
-   * permission set associated with this domain.
+   * Convert a <code>ProtectionDomain</code> to a String.
    *
-   * @return A <code>String</code> representation of this object.
+   * @return a string representation of the object.
    */
   public String toString()
   {
     String linesep = System.getProperty("line.separator");
-    StringBuffer sb = new StringBuffer("");
-    sb.append("ProtectionDomain (" + linesep);
+    StringBuffer sb = new StringBuffer("ProtectionDomain (").append(linesep);
+
     if (code_source == null)
-      sb.append("CodeSource:null" + linesep);
+      sb.append("CodeSource:null");
+    else
+      sb.append(code_source);
+
+    sb.append(linesep);
+    if (classloader == null)
+      sb.append("ClassLoader:null");
     else
-      sb.append(code_source + linesep);
-    sb.append(perms);
-    sb.append(linesep + ")" + linesep);
-    
-    return sb.toString();
+      sb.append(classloader);
+
+    sb.append(linesep);
+    sb.append("Principals:");
+    if (principals != null && principals.length > 0)
+      {
+        sb.append("[");
+        Principal pal;
+        for (int i = 0; i < principals.length; i++)
+          {
+            pal = principals[i];
+            sb.append("'").append(pal.getName())
+                .append("' of type ").append(pal.getClass().getName());
+            if (i < principals.length-1)
+              sb.append(", ");
+          }
+        sb.append("]");
+      }
+    else
+      sb.append("none");
+
+    sb.append(linesep);
+    if (!staticBinding) // include all but dont force loading Policy.currentPolicy
+      if (Policy.isLoaded())
+        sb.append(Policy.getCurrentPolicy().getPermissions(this));
+      else // fallback on this one's permissions
+        sb.append(perms);
+    else
+      sb.append(perms);
+
+    return sb.append(linesep).append(")").append(linesep).toString();
   }
 }