public final class Sandbox extends Object
To 'execute through a class' means that the execution stack includes the class. E.g., if a method of class A
invokes a method of class B
, which then invokes a method of class C
, and all three classes were
previously confined
, then for all actions that are executed by class C
the intersection of the three Permissions
apply.
Once the permissions for a class, class name or class loader are confined, they cannot be changed; this prevents any attempts (e.g. of a confined class itself) to release the confinement.
Code example:
Runnable unprivileged = new Runnable() { public void run() { System.getProperty("user.dir"); } }; // Run without confinement. unprivileged.run(); // Works fine. // Set the most strict permissions. Sandbox.confine(unprivileged.getClass(), new Permissions()); unprivileged.run(); // Throws a SecurityException. // Attempt to change the permissions. { Permissions permissions = new Permissions(); permissions.add(new AllPermission()); Sandbox.confine(unprivileged.getClass(), permissions); // Throws a SecurityException. } unprivileged.run();
Modifier and Type | Method and Description |
---|---|
static void |
confine(Class<?> clasS,
AccessControlContext accessControlContext)
All future actions that are executed through the given clasS will be checked against the given
accessControlContext . |
static void |
confine(Class<?> clasS,
Permissions permissions)
All future actions that are executed through the given clasS will be checked against the given
permissions . |
static void |
confine(Class<?> clasS,
ProtectionDomain protectionDomain)
All future actions that are executed through the given clasS will be checked against the given
protectionDomain . |
static void |
confine(ClassLoader classLoader,
AccessControlContext accessControlContext)
All future actions that are executed through classes that were loaded through the given classLoader
will be checked against the given accessControlContext.
|
static void |
confine(ClassLoader classLoader,
Permissions permissions)
All future actions that are executed through classes that were loaded through the given classLoader
will be checked against the given permissions.
|
static void |
confine(ClassLoader classLoader,
ProtectionDomain protectionDomain)
All future actions that are executed through classes that were loaded through the given classLoader
will be checked against the given protectionDomain.
|
static void |
confine(String className,
AccessControlContext accessControlContext)
All future actions that are executed through the named class will be checked against the given
accessControlContext . |
static void |
confine(String className,
Permissions permissions)
All future actions that are executed through the named class will be checked against the given
permissions . |
static void |
confine(String className,
ProtectionDomain protectionDomain)
All future actions that are executed through the named class will be checked against the given
protectionDomain . |
public static void confine(Class<?> clasS, AccessControlContext accessControlContext)
accessControlContext
.SecurityException
- Permissions are already confined for the clasSpublic static void confine(Class<?> clasS, ProtectionDomain protectionDomain)
protectionDomain
.SecurityException
- Permissions are already confined for the clasSpublic static void confine(Class<?> clasS, Permissions permissions)
permissions
.SecurityException
- Permissions are already confined for the clasSpublic static void confine(String className, AccessControlContext accessControlContext)
accessControlContext
.SecurityException
- Permissions are already confined for the classNamepublic static void confine(String className, ProtectionDomain protectionDomain)
protectionDomain
.SecurityException
- Permissions are already confined for the classNamepublic static void confine(String className, Permissions permissions)
permissions
.SecurityException
- Permissions are already confined for the classNamepublic static void confine(ClassLoader classLoader, AccessControlContext accessControlContext)
SecurityException
- Permissions are already confined for the classLoaderpublic static void confine(ClassLoader classLoader, ProtectionDomain protectionDomain)
SecurityException
- Permissions are already confined for the classLoaderpublic static void confine(ClassLoader classLoader, Permissions permissions)
SecurityException
- Permissions are already confined for the classLoaderCopyright © 2018 Arno Unkrig. All rights reserved.