AppletSecurity.java revision 6285
2362N/A * Copyright (c) 1995, 2006, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * This class defines an applet security policy 0N/A //URLClassLoader.acc 0N/A //AccessControlContext.context; 0N/A * Construct and initialize. 0N/A // Cache to store known restricted packages 0N/A * Reset from Properties 0N/A // Enumerate system properties 0N/A // Cache restricted packages * get the current (first) instance of an AppletClassLoader on the stack. // try currentClassLoader first // if that fails, get all the classes on the stack and check them. * fix bug # 6433620 the logic here is : try to find URLClassLoader from * class context, check its AccessControlContext to see if * AppletClassLoader is in stack when it's created. for this kind of * URLClassLoader, return the AppContext assocated with the // if that fails, try the context class loader // no AppletClassLoaders on the stack * Returns true if this threadgroup is in the applet's own thread * group. This will return false if there is no current class * Returns true of the threadgroup of thread is in the applet's * Applets are not allowed to manipulate threads outside * applet thread groups. However a terminated thread no longer belongs /* When multiple applets is reloaded simultaneously, there will be * multiple invocations to this method from plugin's SecurityManager. * This method should not be synchronized to avoid deadlock when * a page with multiple applets is reloaded * Applets are not allowed to manipulate thread groups outside // if we are in a recursive check, it is because // inThreadGroup is calling appletLoader.getThreadGroup // in that case, only do the super check, as appletLoader * Throws a <code>SecurityException</code> if the * calling thread is not allowed to access the package specified by * This method is used by the <code>loadClass</code> method of class * The <code>checkPackageAccess</code> method for class * <code>SecurityManager</code> calls * <code>checkPermission</code> with the * <code>RuntimePermission("accessClassInPackage."+pkg)</code> * @param pkg the package name. * @exception SecurityException if the caller does not have * permission to access the specified package. * @see java.lang.ClassLoader#loadClass(java.lang.String, boolean) // first see if the VM-wide policy allows access to this package // now check the list of restricted packages // Prevent matching "sun" and "sunir" even if they // starts with similar beginning characters (
"accessClassInPackage." +
pkgname));
* Tests if a client can get access to the AWT event queue. * This method calls <code>checkPermission</code> with the * <code>AWTPermission("accessEventQueue")</code> permission. * @exception SecurityException if the caller does not have * permission to accesss the AWT event queue. // If we're about to allow access to the main EventQueue, // and anything untrusted is on the class context stack, }
// checkAwtEventQueueAccess() * Returns the thread group of the applet. We consult the classloader /* If any applet code is on the execution stack, we return that applet's ThreadGroup. Otherwise, we use the default * Get the AppContext corresponding to the current context. * The default implementation returns null, but this method * may be overridden by various SecurityManagers * (e.g. AppletSecurity) to index AppContext objects by the * @return the AppContext corresponding to the current context. * @see sun.awt.AppContext * @see java.lang.SecurityManager // context == null when some thread in applet thread group // has not been destroyed in AppContext.dispose() }
// class AppletSecurity