|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
public interface PermissionsManager
Defines an interface through which modules can specify the permissions
they desire through the SecurityManager present in the
MMOUI Minion application.
Modules have automatic write access to the following directories:
config.xml file in Minion's
directory is deniedPermissionsManager. Furthermore, any connections to
remote hosts must be identified by a PermissionsManager object.
Modules do not have any access to remote hosts until requested.
PermissionsManager objects are requested from
services whenever they violate their current permissions to check if the
service should have access to the requested directory or URL. If
access is requested, then the user will be prompted with the access
request to verify it. If access is not requested, the installed
SecurityManager will throw a SecurityException. Similarly,
if the user does not approve the request, then the installed SecurityManager
will throw a SecurityException. If the access request is approved,
then the granted permissions will be remembered by MMOUI Minion and the user
will not have to approve access requests in the future.
Modules always have full read access to any files, subject to the operating system's restrictions. That is, MMOUI Minion will never block a request to read a file that the operating system would allow in the same context.
Modules work in a "tainting" environment. The granted permissions are the
intersection of the requested permissions of all modules in the execution path.
For example, for module "Foo" which creates package com.foo and
module "Bar" which creates package com.bar,
If the stack trace is:
com.foo.SomeClass.method()
at com.foo.Main.method()
at com.mmoui.manager.Main.method()
Then the module will have access as specified by Foo's PermissionsManager.
If the stack trace is:
com.foo.SomeClass.method()
at com.bar.SomeClass.method()
at com.mmoui.manager.Main.method()
Then the module will have access to only those folders and URLs which both
Foo and Bar request.
| Method Summary | |
|---|---|
java.io.File[] |
getRequestedDirectories()
Gets the list of File objects which point to directories to which
the module should be granted write permission. |
java.net.InetAddress[] |
getRequestedHosts()
Gets the list of InetAddress objects representing
hosts to which the module should be granted permission
to connect. |
| Method Detail |
|---|
java.io.File[] getRequestedDirectories()
File objects which point to directories to which
the module should be granted write permission. The directories do not
need to exist -- if it does not exist and the permission is granted, then
the module will be granted the rights to create the directory. The specified directories
as well as all subdirectories will be granted full write permission,
including the ability to create new files and subdirectories, pending
the user's agreement and subject to the operating system's restrictions.
null if no permissions should
be grantedjava.net.InetAddress[] getRequestedHosts()
InetAddress objects representing
hosts to which the module should be granted permission
to connect. Connections to the specified host(s) is/are granted
on any port using any protocol, subject to the user's agreement
and OS restrictions.
null if no permissions
should be granted
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||