Agent System POND 1.0 (1.7.2000)

PkgAgentSystem
Class DynamicPermissions

java.lang.Object
  |
  +--java.security.PermissionCollection
        |
        +--PkgAgentSystem.DynamicPermissions
Direct Known Subclasses:
ValuedPermissions

public class DynamicPermissions
extends PermissionCollection
implements Serializable

This class represents a heterogeneous collection of Permissions. That is, it contains different types of Permission objects, organized into PermissionCollections. For example, if any java.io.FilePermission objects are added to an instance of this class, they are all stored in a single PermissionCollection. It is the PermissionCollection returned by a call to the newPermissionCollection method in the FilePermission class. Similarly, any java.lang.RuntimePermission objects are stored in the PermissionCollection returned by a call to the newPermissionCollection method in the RuntimePermission class. Thus, this class represents a collection of PermissionCollections.

When the add method is called to add a Permission, the Permission is stored in the appropriate PermissionCollection. If no such collection exists yet, the Permission object's class is determined and the newPermissionCollection method is called on that class to create the PermissionCollection and add it to the Permissions object. If newPermissionCollection returns null, then a default PermissionCollection that uses a hashtable will be created and used. Each hashtable entry stores a Permission object as both the key and the value.

This collection allows also removing some or all permissions. This requires extensive modification to the security system, otherwise every thread could modify its own permissions and those of objects it holds a reference on.

Based on the java.security.Permissions class.

Version:
1.0, 12.04.99
Author:
Marianne Mueller, Roland Schemers (Permissions.java), Michael Sonntag
See Also:
Permission, PermissionCollection, AllPermission, Serialized Form

Field Summary
protected  PermissionCollection allPermission
          Optimization.
protected  Hashtable perms
          The contained permissions.
 
Constructor Summary
DynamicPermissions()
          Creates a new Permissions object containing no PermissionCollections.
 
Method Summary
 void add(Permission permission)
          Adds a permission object to the PermissionCollection for the class the permission belongs to.
(package private)  DynamicPermissions copy()
          Returns a copy of this object Package access for safety
 Enumeration elements()
          Returns an enumeration of all the Permission objects in all the PermissionCollections in this Permissions object.
protected  PermissionCollection getPermissionCollection(Permission p)
          Gets the PermissionCollection in this Permissions object for permissions whose type is the same as that of p.
 boolean implies(Permission permission)
          Checks to see if this object's PermissionCollection for permissions of the specified permission's type implies the permissions expressed in the permission object.
 void remove(Permission permission)
          Removes a permission object from the PermissionCollection for the class the permission belongs to.
 void removeAll()
          Removes all permissions.
 void setReadOnly()
          Sets this permission to read-only (Disabled here).
 
Methods inherited from class java.security.PermissionCollection
isReadOnly, toString
 
Methods inherited from class java.lang.Object
, clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

perms

protected Hashtable perms
The contained permissions.

allPermission

protected PermissionCollection allPermission
Optimization. Keep track of the AllPermission collection
Constructor Detail

DynamicPermissions

public DynamicPermissions()
Creates a new Permissions object containing no PermissionCollections.
Method Detail

setReadOnly

public void setReadOnly()
Sets this permission to read-only (Disabled here). As dynamic permissions can never be read-only, this is disabled (or they would not be dynamic!) Also necessary, as always called by the system and we must be able to modify permissions later on in the life of an agent.
Overrides:
setReadOnly in class PermissionCollection

add

public void add(Permission permission)
Adds a permission object to the PermissionCollection for the class the permission belongs to. For example, if permission is a FilePermission, it is added to the FilePermissionCollection stored in this Permissions object. This method creates a new PermissionCollection object (and adds the permission to it) if an appropriate collection does not yet exist.

Parameters:
permission - the Permission object to add.
Throws:
SecurityException - if the caller has not RuntimePermission("grantPermissions")
Overrides:
add in class PermissionCollection

remove

public void remove(Permission permission)
Removes a permission object from the PermissionCollection for the class the permission belongs to. For example, if permission is a FilePermission, it is removed from the FilePermissionCollection stored in this Permissions object. This method creates a new PermissionCollection object (by calling newPermissionCollection()) and adds all the permissions except the one to remove to it, if the collection is not the internal Collection, which can remove elements.

Parameters:
permission - the Permission object to remove.
Throws:
SecurityException - if the caller has not RuntimePermission("revokePermissions")

removeAll

public void removeAll()
Removes all permissions.
Throws:
SecurityException - if the caller has not RuntimePermission("revokePermissions")

implies

public boolean implies(Permission permission)
Checks to see if this object's PermissionCollection for permissions of the specified permission's type implies the permissions expressed in the permission object. Returns true if the combination of permissions in the appropriate PermissionCollection (e.g., a FilePermissionCollection for a FilePermission) together imply the specified permission.

For example, suppose there is a FilePermissionCollection in this Permissions object, and it contains one FilePermission that specifies "read" access for all files in all subdirectories of the "/tmp" directory, and another FilePermission that specifies "write" access for all files in the "/tmp/scratch/foo" directory. Then if the implies method is called with a permission specifying both "read" and "write" access to files in the "/tmp/scratch/foo" directory, true is returned.

Additionally, if this PermissionCollection contains the AllPermission, this method will always return true.

Parameters:
permission - the Permission object to check.
Returns:
true if "permission" is implied by the permissions in the PermissionCollection it belongs to, false if not.
Overrides:
implies in class PermissionCollection

elements

public Enumeration elements()
Returns an enumeration of all the Permission objects in all the PermissionCollections in this Permissions object.
Returns:
an enumeration of all the Permissions.
Overrides:
elements in class PermissionCollection

getPermissionCollection

protected PermissionCollection getPermissionCollection(Permission p)
Gets the PermissionCollection in this Permissions object for permissions whose type is the same as that of p. For example, if p is a FilePermission, the FilePermissionCollection stored in this Permissions object will be returned. This method creates a new PermissionCollection object for the specified type of permission objects if one does not yet exist. To do so, it first calls the newPermissionCollection method on p. Subclasses of class Permission override that method if they need to store their permissions in a particular PermissionCollection object in order to provide the correct semantics when the PermissionCollection.implies method is called. If the call returns a PermissionCollection, that collection is stored in this Permissions object. If the call returns null, then this method instantiates and stores a default PermissionCollection that uses a hashtable to store its permission objects.

copy

DynamicPermissions copy()
Returns a copy of this object

Package access for safety


Agent System POND 1.0 (1.7.2000)

Submit a bug

Copyright 2000 Michael Sonntag & Institute for Information Processing and Microprocessor Technology (FIM), Johannes-Kepler-University Linz, Altenbergerstr. 69, A-4040 Linz, Austria.