com.sun.jini.discovery
Class ClientPermissionChecker

java.lang.Object
  extended by com.sun.jini.discovery.ClientPermissionChecker
All Implemented Interfaces:
ClientSubjectChecker

public class ClientPermissionChecker
extends Object
implements ClientSubjectChecker

Implementation of ClientSubjectChecker that approves or rejects client subjects based on whether or not they have been granted a particular permission.

Since:
2.0
Author:
Sun Microsystems, Inc.

Field Summary
private  SoftCache domains
           
private static CodeSource emptyCS
           
private static ProtectionDomain emptyPD
           
private  Permission permission
           
 
Constructor Summary
ClientPermissionChecker(Permission permission)
          Creates instance that checks if client subjects have been granted the specified permission.
 
Method Summary
 void checkClientSubject(Subject subject)
          Checks whether or not to permit exchanging or accepting data with/from a client authenticated as the given subject, by testing if the subject has been granted the permission that this instance was constructed with.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

emptyCS

private static final CodeSource emptyCS

emptyPD

private static final ProtectionDomain emptyPD

domains

private final SoftCache domains

permission

private final Permission permission
Constructor Detail

ClientPermissionChecker

public ClientPermissionChecker(Permission permission)
Creates instance that checks if client subjects have been granted the specified permission.

Parameters:
permission - the permission to use in client subject checks
Throws:
NullPointerException - if permission is null
Method Detail

checkClientSubject

public void checkClientSubject(Subject subject)
Checks whether or not to permit exchanging or accepting data with/from a client authenticated as the given subject, by testing if the subject has been granted the permission that this instance was constructed with. If a security manager is installed, a ProtectionDomain is constructed with an empty CodeSource (null location and certificates), null permissions, null class loader, and the principals from the given client subject (if any), and the implies method of that protection domain is invoked with the specified permission. If true is returned, this method returns normally, otherwise a SecurityException is thrown. If no security manager is installed, this method returns normally. The given client subject must be read-only if non-null.

Specified by:
checkClientSubject in interface ClientSubjectChecker
Parameters:
subject - the client subject to check
Throws:
SecurityException - if the client subject check fails
IllegalArgumentException - if the given subject is not read-only


Copyright 2007-2010, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.