java.rmi.server
Class BasicCallController

java.lang.Object
  |
  +--java.rmi.server.BasicCallController
All Implemented Interfaces:
RemoteCallControl

public class BasicCallController
extends java.lang.Object
implements RemoteCallControl

A basic remote call controller that allows an incoming secure remote call to proceed if the server did not require client authentication, or if the server did require client authentication and the client subject has been granted permission to call that specific method. This class exercises no control over parameter unmarshalling and result marshalling, but subclasses can impose their own control as desired.

Since:
1.4

Constructor Summary
BasicCallController(java.rmi.Remote obj, SecureExportDesc desc, java.lang.Class permClass)
          Creates a controller for the specified secure remote object, using the specified export descriptor and permission class.
 
Method Summary
protected  void checkAccess(java.lang.reflect.Method method)
          Checks for permission to call the specified method.
static void checkClientPermission(java.security.Permission perm)
          Checks that the client subject for the current secure remote call (as given by SecureRemoteServer.getClientSubject) has the specified permission.
protected  void checkPermission(java.security.Permission perm)
          Checks that the calling thread has the specified permission.
 void controlRemoteCall(java.lang.reflect.Method method, java.security.PrivilegedExceptionAction action)
          Checks for permission to call the specified method by calling checkAccess with the specified method.
 void controlRemoteResult(java.lang.reflect.Method method, java.security.PrivilegedExceptionAction action)
          This method does nothing (it does not execute the specified action), but subclasses can impose their own control as desired.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BasicCallController

public BasicCallController(java.rmi.Remote obj,
                           SecureExportDesc desc,
                           java.lang.Class permClass)
                    throws java.rmi.server.ExportException
Creates a controller for the specified secure remote object, using the specified export descriptor and permission class.
Parameters:
obj - the secure remote object
desc - the export descriptor
permClass - the permission class
Throws:
java.rmi.server.ExportException - if the specified descriptor has method-specific constraints for a method that is neither a method from a remote interface of the specified secure remote object nor the RemoteSecurity.getServerSubject method
java.lang.IllegalArgumentException - if the specified class is abstract, is not a subclass of java.security.Permission, or does not have a public constructor that takes two String parameters and has no declared exceptions
NullPointerException - if any parameter is null
Method Detail

checkAccess

protected void checkAccess(java.lang.reflect.Method method)
Checks for permission to call the specified method. If the server constraints for the specified method (as determined by the export descriptor that was specified when this controller was constructed) contain ClientAuthentication.YES as a requirement, then a permission check is made by calling checkPermission with a permission constructed from the permission class that was specified when this controller was constructed. The permission is constructed by passing the name of the specified method as the first constructor parameter (the name) and null as the second constructor parameter (the actions) to the constructor. If the server constraints for the specified method do not require client authentication, this method does nothing.
Parameters:
method - the method
Throws:
java.security.AccessControlException - if permission to call the specified method has not been granted
NullPointerException - if the parameter is null

checkPermission

protected void checkPermission(java.security.Permission perm)
Checks that the calling thread has the specified permission. This method calls checkClientPermission with the specified permission, but subclasses can impose their own semantics as desired.
Parameters:
perm - the requested permission
Throws:
java.security.AccessControlException - if the specified permission has not been granted

checkClientPermission

public static void checkClientPermission(java.security.Permission perm)
Checks that the client subject for the current secure remote call (as given by SecureRemoteServer.getClientSubject) has the specified permission. If the client subject is null, only the standard policy (java.security.Policy) is consulted, otherwise both the JAAS policy (javax.security.auth.Policy) and the standard policy are consulted. In both cases, an empty java.security.CodeSource (null location and certificates) is used when obtaining permissions from the policy.
Parameters:
perm - the requested permission
Throws:
java.security.AccessControlException - if the current client subject has not been granted the specified permission
java.lang.RuntimeException - if the current thread is not executing an incoming remote method for a secure remote object

controlRemoteCall

public void controlRemoteCall(java.lang.reflect.Method method,
                              java.security.PrivilegedExceptionAction action)
Checks for permission to call the specified method by calling checkAccess with the specified method. This method does not execute the specified action, but subclasses can impose their own control over parameter unmarshalling as desired.
Specified by:
controlRemoteCall in interface RemoteCallControl
Following copied from interface: java.rmi.server.RemoteCallControl
Parameters:
method - the remote method that will be invoked
action - the action that can be executed in the desired context to cause the parameters of the remote call to be unmarshalled in that context
Throws:
java.lang.RuntimeException - if the call should not be performed. This exception will be propagated back to the caller. Normally a SecurityException should be thrown.
NullPointerException - if any parameter is null

controlRemoteResult

public void controlRemoteResult(java.lang.reflect.Method method,
                                java.security.PrivilegedExceptionAction action)
This method does nothing (it does not execute the specified action), but subclasses can impose their own control as desired.
Specified by:
controlRemoteResult in interface RemoteCallControl
Following copied from interface: java.rmi.server.RemoteCallControl
Parameters:
method - the remote method that was invoked
action - the action that can be executed in the desired context to cause the result of the remote call to be marshalled in that context
Throws:
NullPointerException - if any parameter is null


Copyright © 2000 Sun Microsystems, Inc. All rights reserved