Java Reference
In-Depth Information
14.7.2
Date-based condition
Assume you want to restrict certain permission sets to be available before a given point
in time, but not after. Imagine that you want to associate permissions with a period of
validity, where the ability to perform certain operations expires after some time. The
following listing shows a condition you can use to make this possible.
Listing 14.4
BeforeDateCondition
example
class BeforeDateCondition implements Condition {
private final long m_date;
public static Condition getCondition(Bundle bundle, ConditionInfo info){
return new BeforeDateCondition(Bundle bundle, info);
)
private BeforeDateCondition(Bundle bundle, ConditionInfo info){
m_date = Long.parseLong(info.getArgs()[0]);
}
public boolean isMutable(){
return m_date > System.currentTimeMillis();
}
public boolean isPostponed(){
return false;
}
public boolean isSatisfied(){
return System.currentTimeMillis() < m_date;
}
public boolean isSatisfied(Condition[] conditions, Dictionary context){
return false;
}
}
As you can see, this implementation is pretty simple. When the framework evaluates
this condition, it uses the static
getCondition()
method to create an instance for the
target bundle. The condition's constructor
B
converts its argument to a
long
, which
sets the date. The framework then checks whether the condition is postponed by call-
ing the
isPostponed()
method. This tells the framework whether the condition
should be evaluated immediately or deferred; this condition is immediate, but you'll
see an opposite example later. Because this condition isn't postponed, the framework
invokes the
isSatisfied()
method immediately to test the condition. This method
checks whether the current time in milliseconds is still lower than the ending date
supplied in the constructor argument. Note that the second
isSatisfied()
method is
only used for postponed conditions and is ignored here.
The
isMutable()
method is purely used by the framework to optimize condition
evaluation. If a condition is immutable, the framework only needs to call its
isSatis-
fied()
method one time and can cache the result. For mutable conditions, the frame-
work needs to evaluate the condition on every check. For this particular condition,
you have an interesting case because it's mutable until the ending date is reached,
after which it becomes immutable.
You can now use this custom condition to define your security policy like the stan-
dard conditions. For example, in the policy file you can do something like this:
Condition
constructor
B
