|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Defines the interface for trust verifiers. The
SecurityConstraint
classes
that are trusted can be extended beyond those defined in the
java.rmi.constraint package using security
providers. Similarly, the Principal
classes,
SecureClientEndpoint
classes, and proxy objects that are trusted can be extended. A list of
TrustVerifier
instances is obtained as specified below. A
method of each one is called with the constraint class, principal class,
endpoint class, or proxy object. If any verifier returns true
,
the class or object is trusted. If none of the verifiers returns
true
, a SecurityException
is thrown.
The list of trust verifiers is obtained as follows. Each of the providers
returned by the getProviders
method of
java.security.Security
is considered in order, and if a
provider has a property named "rmi.verifier", and the property value is the
name of a class that implements TrustVerifier
and has a no-arg
constructor, and no instance of that class already exists in the list, then
an instance of that class is created and added to the end of the list.
Note that the SecurityConstraint
semantics impose some
restrictions on the extensibility of the constraint system, in that adding
a new constraint class may in some cases require reimplementing the
reduceBy
method of existing related constraints to take the
new class into account.
Method Summary | |
boolean |
trustedClientEndpointClass(java.lang.Class c)
Returns true if the given class is known to be a trusted
SecureClientEndpoint class; returns false
otherwise. |
boolean |
trustedConstraintClass(java.lang.Class c)
Returns true if the given class is known to be a trusted
SecurityConstraint class; returns false
otherwise. |
boolean |
trustedPrincipalClass(java.lang.Class c)
Returns true if the given class is known to be a trusted
Principal class, instances of which can be used in
security constraints; returns false otherwise. |
boolean |
trustedPrincipalType(java.lang.Class c)
Returns true if the given class is known to be a trusted
Principal class or a supertype, such that the class itself
(not instances of the class) can be used in security constraints;
returns false otherwise. |
boolean |
trustedProxy(java.lang.Object proxy,
SecurityConstraints constraints)
Returns true if the given proxy is known to be trusted to
correctly implement the RemoteSecurity interface; returns
false otherwise. |
Method Detail |
public boolean trustedConstraintClass(java.lang.Class c)
true
if the given class is known to be a trusted
SecurityConstraint
class; returns false
otherwise. This method does not need to return true
for
the standard constraint classes, it need only return true
for any additional constraint classes supported by the provider.c
- the constraint classtrue
if the given class is known to be a trusted
SecurityConstraint
class; false
otherwisepublic boolean trustedPrincipalClass(java.lang.Class c)
true
if the given class is known to be a trusted
Principal
class, instances of which can be used in
security constraints; returns false
otherwise. This method
only needs to return true
for the specific principal
classes supported by the provider.c
- the principal classtrue
if the given class is known to be a trusted
Principal
class, instances of which can be used in
security constraints; false
otherwisepublic boolean trustedPrincipalType(java.lang.Class c)
true
if the given class is known to be a trusted
Principal
class or a supertype, such that the class itself
(not instances of the class) can be used in security constraints;
returns false
otherwise. This method only needs to return
true
for the specific principal classes (and their
supertypes) supported by the provider. This method is permitted to
return true
for the degenerate classes
Principal
, Object
and
Serializable
.
In the usual case, for any class t
,
trustedPrincipalType(t)
is true
if there
exists a class c
such that
trustedPrincipalClass(c)
is true
and
t.isAssignableFrom(c)
is true
.
c
- the principal class or supertypetrue
if the given class is known to be a trusted
Principal
class or a supertype, such that the class itself
(not instances of the class) can be used in security constraints;
false
otherwisepublic boolean trustedClientEndpointClass(java.lang.Class c)
true
if the given class is known to be a trusted
SecureClientEndpoint
class; returns false
otherwise. This method only needs to return true
for the
specific client endpoint classes used by the provider.
An RMI implementation may impose additional requirements on endpoint implementations, such as requiring code to be signed by trusted entities, but only to the extent required by government encryption control regulations.
c
- the endpoint classtrue
if the given class is known to be a trusted
SecureClientEndpoint
class; false
otherwisepublic boolean trustedProxy(java.lang.Object proxy, SecurityConstraints constraints) throws java.rmi.RemoteException
true
if the given proxy is known to be trusted to
correctly implement the RemoteSecurity
interface; returns
false
otherwise. This method should always return
false
in most providers, leaving trust to remote object
implementations using the ProxyTrust
interface.proxy
- the proxyconstraints
- constraints to use for calls to the remote object,
or null
true
if the given proxy is known to be trusted to
correctly implement the RemoteSecurity
interface;
false
otherwisejava.rmi.RemoteException
- if a communication-related exception occursNullPointerException
- if the proxy is null
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |