net.sourceforge.htmlunit.corejs.javascript
Class PolicySecurityController
java.lang.Object
net.sourceforge.htmlunit.corejs.javascript.SecurityController
net.sourceforge.htmlunit.corejs.javascript.PolicySecurityController
public class PolicySecurityController
- extends SecurityController
A security controller relying on Java Policy in effect. When you use
this security controller, your securityDomain objects must be instances of
CodeSource representing the location from where you load your
scripts. Any Java policy "grant" statements matching the URL and certificate
in code sources will apply to the scripts. If you specify any certificates
within your CodeSource objects, it is your responsibility to verify
(or not) that the script source files are signed in whatever
implementation-specific way you're using.
- Author:
- Attila Szegedi
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
PolicySecurityController
public PolicySecurityController()
getStaticSecurityDomainClassInternal
public java.lang.Class<?> getStaticSecurityDomainClassInternal()
- Overrides:
getStaticSecurityDomainClassInternal in class SecurityController
createClassLoader
public GeneratedClassLoader createClassLoader(java.lang.ClassLoader parent,
java.lang.Object securityDomain)
- Description copied from class:
SecurityController
- Get class loader-like object that can be used to define classes with the
given security context.
- Specified by:
createClassLoader in class SecurityController
- Parameters:
parent - parent class loader to delegate search for classes not defined
by the class loader itselfsecurityDomain - some object specifying the security context of the code that
is defined by the returned class loader.
getDynamicSecurityDomain
public java.lang.Object getDynamicSecurityDomain(java.lang.Object securityDomain)
- Description copied from class:
SecurityController
- Get dynamic security domain that allows an action only if it is allowed
by the current Java stack and securityDomain. If
securityDomain is null, return domain representing permissions
allowed by the current stack.
- Specified by:
getDynamicSecurityDomain in class SecurityController
callWithDomain
public java.lang.Object callWithDomain(java.lang.Object securityDomain,
Context cx,
Callable callable,
Scriptable scope,
Scriptable thisObj,
java.lang.Object[] args)
- Description copied from class:
SecurityController
- Call
Callable.call(Context cx, Scriptable scope, Scriptable thisObj, Object[] args)
of callable under restricted security domain where an action is
allowed only if it is allowed according to the Java stack on the moment
of the execWithDomain call and securityDomain. Any call to
SecurityController.getDynamicSecurityDomain(Object) during execution of
callable.call(cx, scope, thisObj, args) should return a domain
incorporate restrictions imposed by securityDomain and Java stack
on the moment of callWithDomain invocation.
The method should always be overridden, it is not declared abstract for
compatibility reasons.
- Overrides:
callWithDomain in class SecurityController