Agent System POND 1.2 (28.2.2002)

PkgAgentSystem
Class AgentClassLoader

java.lang.Object
  |
  +--java.lang.ClassLoader
        |
        +--java.security.SecureClassLoader
              |
              +--PkgAgentSystem.AgentClassLoader

class AgentClassLoader
extends SecureClassLoader

ClassLoader to enforce the dynamic security for the agent system. Each AgentClassLoader is associated with exactly one agent and loads all classes for this agent except the java system and the agent-system classes.

Version:
1.0, 1.7.2000
Author:
Michael Sonntag
See Also:
ResourcePackage

Inner classes inherited from class java.lang.ClassLoader
ClassLoader.NativeLibrary
 
Field Summary
(package private)  ResourcePackage resources
          Where to get the resources (class-files, images, files, ...) from.
 
Fields inherited from class java.lang.ClassLoader
nocerts
 
Constructor Summary
AgentClassLoader(AgentSystem ag_sys, AgentData data, ClassLoader parent)
          Creates a new classloader associated with the provided system and agent.
 
Method Summary
protected  Package definePackage(String name, Manifest man, URL url)
          Defines a new package by name in this ClassLoader.
protected  Class findClass(String name)
          Finds the specified class.
protected  URL findResource(String name)
          Finds the resource with the given name.
protected  Enumeration findResources(String name)
          Returns an Enumeration of URLs representing all the resources with the given name.
 void grantAdditionalPermission(Permission perm)
          Grants all the classes loaded through this classloader an additional permission.
protected  Class loadClass(String name, boolean resolve)
          Loads the class with the specified name. We may not use findSystemClass, this would load the classes through the system classloader (which loads more classes than the primordial classloader!)
 void reSetPermissions(boolean quiet)
          Re-sets all permissions.
 void revokeAdditionalPermission(Permission perm)
          Revokes an additional permission from all the classes loaded through this classloader.
 void revokeAllAdditionalPermissions()
          Revokes all additional permissions granted to all the classes loaded through this classloader.
 void revokeAllPermissions()
          Revokes all permissions (basic and additional ones) granted to all the classes loaded through this classloader.
 
Methods inherited from class java.security.SecureClassLoader
, defineClass, getPermissions
 
Methods inherited from class java.lang.ClassLoader
addClass, defineClass, defineClass, defineClass, definePackage, findLibrary, findLoadedClass, findNative, findSystemClass, getBootstrapClassPath, getCallerClassLoader, getGetClassLoaderPerm, getPackage, getPackages, getParent, getResource, getResourceAsStream, getResources, getSystemClassLoader, getSystemResource, getSystemResourceAsStream, getSystemResources, isAncestor, loadClass, loadLibrary, resolveClass, setSigners
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

resources

ResourcePackage resources
Where to get the resources (class-files, images, files, ...) from. Package access for AMPURLConnection and deploy
Constructor Detail

AgentClassLoader

public AgentClassLoader(AgentSystem ag_sys,
                        AgentData data,
                        ClassLoader parent)
Creates a new classloader associated with the provided system and agent. The parent classloader is explicitely passed in.
Parameters:
ag_sys - the agent system
data - the control data of the associated agent
parent - the parent classloader
Method Detail

loadClass

protected Class loadClass(String name,
                          boolean resolve)
                   throws ClassNotFoundException
Loads the class with the specified name.

We may not use findSystemClass, this would load the classes through the system classloader (which loads more classes than the primordial classloader!) and circumvent our security (the system classloader assigns them ALL permissions, we have to restrict the permissions also for the system classes used)!
We must however use the bootstrap classloader, or we wont't find the java core classes. Access to findBootstrapClass is private, so we have to call super.classloader instead. There the parent classloader is asked first (which would again be the system classloader!), so the parent must be set to null in the constructor.

Classes from the following packages are loaded through the primordial classloader:
PkgAgentSystem.*: The classes of the agent system need to be shared, so all agents can call them (e. g. AgentSystem is called by all agents for moving, ...).
FIM.Util.Crypto.*: NamedKeyPair and NamedKeyAndCertificate are used by AgentBase. They need to call getClassLoader for ClassLoaderObjectInputStream and must therefore be able to use doPrivileged

FIM.payment.*: These classes are used for paying for permissions, and must therefore be passed from the agentsystem to agents and back freely.

We do not load the following classes:
java.io.FileOutputStream: Use LimitedFileOutputStream instead (Necessary for limting the length of files used by agents); Don't use FileWriter; use OutputStreamWriter(new LimitedFileOutputStream()) instead.

Overrides:
loadClass in class ClassLoader
Parameters:
name - the name of the class
resolve - if true then resolve the class
Returns:
the resulting Class object
Throws:
ClassNotFoundException - if the class could not be found
See Also:
AgentBase, LimitedFileOutputStream, NamedKeyPair, NamedKeyAndCertificate, ClassLoaderObjectInputStream

findClass

protected Class findClass(String name)
                   throws ClassNotFoundException
Finds the specified class. Uses findResource to find it and then loads the class to a byte array and defines it. Also checks for package sealing.
Overrides:
findClass in class ClassLoader
Parameters:
name - the name of the class
Returns:
the resulting Class object
Throws:
ClassNotFoundException - if the class could not be found

findResource

protected URL findResource(String name)
Finds the resource with the given name. Delegates to ResourcePackage. Resources will be searched for in the classpath, the agent-classpath, the library-directory and from where the agent was loaded (jar file or a directory)
Overrides:
findResource in class ClassLoader
Parameters:
name - the resource name
Returns:
a URL for reading the resource, or null if the resource could not be found
See Also:
ResourcePackage

findResources

protected Enumeration findResources(String name)
                             throws IOException
Returns an Enumeration of URLs representing all the resources with the given name. Delegates to ResourcePackage. Resources will be searched for in the classpath, the agent-classpath, the library-directory and from where the agent was loaded (jar file or a directory) Will find all resource whose name starts with the parameter (case ignored)
Overrides:
findResources in class ClassLoader
Parameters:
name - the resource name
Returns:
an Enumeration of URLs for the resources
See Also:
ResourcePackage

definePackage

protected Package definePackage(String name,
                                Manifest man,
                                URL url)
                         throws IllegalArgumentException
Defines a new package by name in this ClassLoader. The attributes contained in the specified Manifest will be used to obtain package version and sealing information. For sealed packages, the additional URL specifies the code source URL from which the package was loaded.
Parameters:
name - the package name
man - the Manifest containing package version and sealing information
url - the code source url for the package, or null if none
Throws:
IllegalArgumentException - if the package name duplicates an existing package either in this class loader or one of its ancestors

grantAdditionalPermission

public void grantAdditionalPermission(Permission perm)
                               throws SecurityException
Grants all the classes loaded through this classloader an additional permission. Fires a PermissionEvent to notify listeners. Does nothing if this permission is already granted or the basic permissions imply it.
Parameters:
perm - the permission to grant
Throws:
RuntimeException - if no protection domain yet set or the policy is not of class PolicyByValue
SecurityException - if the permission is not in the list of optional permissions for this agent
See Also:
PolicyByValue, PermissionChangeListener, PermissionEvent

revokeAdditionalPermission

public void revokeAdditionalPermission(Permission perm)
Revokes an additional permission from all the classes loaded through this classloader. Fires a PermissionEvent to notify listeners. Does nothing if this permission is currently not an additional granted one (If it is a basic permission it will remain and the method fails silently).
Parameters:
perm - the permission to revoke
See Also:
PermissionChangeListener, PermissionEvent

revokeAllAdditionalPermissions

public void revokeAllAdditionalPermissions()
Revokes all additional permissions granted to all the classes loaded through this classloader. Fires a PermissionEvent to notify listeners for each permission revoked.
See Also:
PermissionChangeListener, PermissionEvent

revokeAllPermissions

public void revokeAllPermissions()
Revokes all permissions (basic and additional ones) granted to all the classes loaded through this classloader. Fires a PermissionEvent to notify listeners for each permission revoked.
See Also:
PermissionChangeListener, PermissionEvent

reSetPermissions

public void reSetPermissions(boolean quiet)
Re-sets all permissions. To be called e. g. when the policy-class of the agent changes (e. g. the check of its certificate by the CA is now successfully). Basic permissions are replaced by the new set of basic permissions, but all additional permissions that were actually granted remain (we have to serve our contracts). The list of potential additional permissions is however updated (So an agent who returns a permission may no longer be able to re-acquire it).
Parameters:
quiet - if true no permission events will be generated
Throws:
RuntimeException - if the policy is not of class PolicyByValue
See Also:
PermissionChangeListener, PermissionEvent

Agent System POND 1.2 (28.2.2002)

Submit a bug

Copyright 2001,2002 Michael Sonntag & Institute for Information Processing and Microprocessor Technology (FIM), Johannes-Kepler-University Linz, Altenbergerstr. 69, A-4040 Linz, Austria.