Package org.mozilla.javascript
Class PolicySecurityController
java.lang.Object
org.mozilla.javascript.SecurityController
org.mozilla.javascript.PolicySecurityController
A security controller relying on Java
Policy in effect. When you use this security
controller, your securityDomain objects must be instances of CodeSource representing the
location from where you load your scripts. Any Java policy "grant" statements matching the URL
and certificate in code sources will apply to the scripts. If you specify any certificates within
your CodeSource objects, it is your responsibility to verify (or not) that the script
source files are signed in whatever implementation-specific way you're using.- Author:
- Attila Szegedi
-
Nested Class Summary
Nested Classes -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncallWithDomain(Object securityDomain, Context cx, Callable callable, Scriptable scope, Scriptable thisObj, Object[] args) CallCallable.call(Context cx, Scriptable scope, Scriptable thisObj, Object[] args)of callable under restricted security domain where an action is allowed only if it is allowed according to the Java stack on the moment of the execWithDomain call and securityDomain.createClassLoader(ClassLoader parent, Object securityDomain) Get class loader-like object that can be used to define classes with the given security context.getDynamicSecurityDomain(Object securityDomain) Get dynamic security domain that allows an action only if it is allowed by the current Java stack and securityDomain.Class<?> Methods inherited from class org.mozilla.javascript.SecurityController
createLoader, execWithDomain, getStaticSecurityDomainClass, hasGlobal, initGlobal
-
Constructor Details
-
PolicySecurityController
public PolicySecurityController()
-
-
Method Details
-
getStaticSecurityDomainClassInternal
- Overrides:
getStaticSecurityDomainClassInternalin classSecurityController
-
createClassLoader
Description copied from class:SecurityControllerGet class loader-like object that can be used to define classes with the given security context.- Specified by:
createClassLoaderin classSecurityController- Parameters:
parent- parent class loader to delegate search for classes not defined by the class loader itselfsecurityDomain- some object specifying the security context of the code that is defined by the returned class loader.
-
getDynamicSecurityDomain
Description copied from class:SecurityControllerGet dynamic security domain that allows an action only if it is allowed by the current Java stack and securityDomain. If securityDomain is null, return domain representing permissions allowed by the current stack.- Specified by:
getDynamicSecurityDomainin classSecurityController
-
callWithDomain
public Object callWithDomain(Object securityDomain, Context cx, Callable callable, Scriptable scope, Scriptable thisObj, Object[] args) Description copied from class:SecurityControllerCallCallable.call(Context cx, Scriptable scope, Scriptable thisObj, Object[] args)of callable under restricted security domain where an action is allowed only if it is allowed according to the Java stack on the moment of the execWithDomain call and securityDomain. Any call toSecurityController.getDynamicSecurityDomain(Object)during execution ofcallable.call(cx, scope, thisObj, args)should return a domain incorporate restrictions imposed by securityDomain and Java stack on the moment of callWithDomain invocation.The method should always be overridden, it is not declared abstract for compatibility reasons.
- Overrides:
callWithDomainin classSecurityController
-