org.dvb.application.plugins

Class ApplicationSecurityContext

java.lang.Object

org.dvb.application.plugins.ApplicationSecurityContext

public class ApplicationSecurityContext
extends Object

This class represents the security context for an application whose permissions are defined by the MHP security model, in particular a permission request file. One example of this is DVB-HTML applications managed by a plug-in application. This would also apply to applications in other content format where the permissions for that content format are signalled with MHP mechanisms and governed by the MHP security model.

Constructor Summary

Constructors

Constructor and Description
ApplicationSecurityContext(URL[] path, URL entryPoint, AppID appID) Creates a new security context for an application whose code can be found on the path supplied, and whose entry point directory is as given.

Method Summary

Methods

Modifier and Type	Method and Description
void	checkPermission(Permission p) Throws a SecurityException if the requested access, specified by the given permission, is not permitted to the application or sub-application represented by this application security context object.
ApplicationSecurityContext	createEmbeddedContext(URL[] path, URL entryPoint) Creates a context for an embedded part of an application, e.g.
Object	doPrivileged(PrivilegedAction action) Performs the specified PrivilegedAction with privileges enabled and restricted by the specified AccessControlContext.
ClassLoader	getClassLoader(String[] forbiddenPackages) Get a classloader that is appropriate for loading classes for the application (or sub-application) represented by this application security context object.
URL	getResource(String name, boolean sameSigner) Get a locator to the named resource, within the search path for this application.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ApplicationSecurityContext

public ApplicationSecurityContext(URL[] path,
                          URL entryPoint,
                          AppID appID)
                           throws IOException

Creates a new security context for an application whose code can be found on the path supplied, and whose entry point directory is as given. Under no circumstances will an application managed by a plug-in be given access to resources not available to the plug-in itself. This policy is reflected in the permissions granted to the ApplicationSecurityContext, as well as the permissions granted to any classes loaded by any class loaders managed by a security context.

If there is a permission request file in the directory identified by the entryPoint, it will be processed in the same way as the permission request file of a DVB-J application. i.e. reading it in, parsing it and taking account of the access rights granted by the user as defined under "General principles" in the main body of the present document.

Parameters:

path - The search path for locating resources within the application.

entryPoint - The directory containing the permission request file to use

appID - the application ID which the application is to run under

Throws:

IOException - when there is an IO error reading in the permission request file or attempting to read in the permission request file or attempting to discover the existence of a permission request file.

NullPointerException - if entryPoint is null, if path is null, or if any element of path is null.

IllegalArgumentException - if path.length < 1

Method Detail

getResource

public URL getResource(String name,
              boolean sameSigner)

Get a locator to the named resource, within the search path for this application. Will return null if a resource with the given name that is appropriately signed (if necessary) cannot be found.

Note (informative): This method can be used, for example, by an interoperable plug-in that needs to fetch part of an application that is not loaded by a classloader. For example, it could be used to get a locator to an HTML page, if and only if that page is appropriately signed.

Parameters:

name - The name of the resource (e.g. com/foo/MyPage.html)

sameSigner - True if this is code, or any other resource for which the signer must be the same as the signer of the entry point.

Returns:

URL to the named resource, or null.

createEmbeddedContext

public ApplicationSecurityContext createEmbeddedContext(URL[] path,
                                               URL entryPoint)

Creates a context for an embedded part of an application, e.g. an Xlet embedded within a DVB-HTML page. The set of permissions granted to the application will be the same as the parent ApplicationSecurityContext.

Parameters:

path - The search path for locating resources within the application.

entryPoint - The resource of the entry point of this application.

Returns:

a context for the part of the application concerned

Throws:

NullPointerException - if entryPoint is null, if path is null, or if any element of path is null.

IllegalArgumentException - if path.length < 1

getClassLoader

public ClassLoader getClassLoader(String[] forbiddenPackages)

Get a classloader that is appropriate for loading classes for the application (or sub-application) represented by this application security context object. If this method is called more than once, the same instance will be returned.

It is important that embedded DVB-J code be prevented from accessing classes that implement the plug-in application. To this end, the plug-in may specify a list of forbidden packages. Classes loaded by the returned classloader will be forbidden from loading or accessing classes in the named packages.

Parameters:

forbiddenPackages - a list of forbidden package names, e.g. { "de.tu-bs.ing.ifn.plugin.impl" }.

Returns:

A class loader that is appropriate for loading and DVB-J classes that are a part of this application or sub-application.

checkPermission

public void checkPermission(Permission p)

Throws a SecurityException if the requested access, specified by the given permission, is not permitted to the application or sub-application represented by this application security context object. The set of permissions granted to an entity is be a function of receiver policy, possibly influenced by user settings, application signer, and permission request file.

Parameters:

p - A permission object representing the resource for which access is being checked.

Throws:

NullPointerException - if p is null

SecurityException - if this application has not been granted access to the resource represented by p.

doPrivileged

public Object doPrivileged(PrivilegedAction action)

Performs the specified PrivilegedAction with privileges enabled and restricted by the specified AccessControlContext. The action is performed with the intersection of the permissions possessed by the caller's protection domain, and those possessed by the domains represented by the specified AccessControlContext. If the action's run method throws an (unchecked) exception, it will propagate through this method.

Parameters:

action - the action to be performed.

Returns:

the value returned by the action's run method.