oracle.security.jazn
Class JAZNPermission

java.lang.Object
java.security.Permission
java.security.BasicPermission
oracle.security.jazn.JAZNPermission

All Implemented Interfaces:

java.security.Guard, java.io.Serializable

public final class JAZNPermission

extends java.security.BasicPermission

This class is for authorization permissions. An JAZNPermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.

The target name is the name of the JAZN permission (see below).

The following table lists all the possible target names for an JAZNPermission, and for each provides a description of what the permission allows and a discussion of the risks of granting the permission.

Note:Risks section TBD

Permission Name	the Permission Allows	Risks of Allowing this Permission
getPolicy	allow the caller to retrieve the JAZNPolicy object	This allows someone to retrieve a JAZNPolicy object. Since the JAZNPolicy object can be used to modify the policy store, this permission should be granted only to the administrators.
getRealmManager	allow the caller to retrieve the RealmManager object	This allows someone to retrive a RealmManager object. Since the RealmManager object can be used to create/drop/modify realms, this permission should be granted only to the administrators.
getProperty.{propertyName}	allow the caller to retrieve the value of the JAZN property named {propertyName}	Depending on the particular key for which access has been granted, the code may have access to the location of the backend server as well as security credentials used to access the backend server. This should be very carefully protected and only be granted to administrators.
setProperty.{propertyName}	allow the caller to set the value of the JAZN property named {propertyName}	This could include setting a new backend server as well as new credentials to access the backend server. Since this can be used to bypass the enterprise policy, this should be very carefully protected and only be granted to administrators.

Version:

1.0

Author:

rkng

See Also:

Serialized Form

Constructor Summary

JAZNPermission(java.lang.String name)
Creates a new JAZNPermission with the specified name.

JAZNPermission(java.lang.String name, java.lang.String actions)
Creates a new JAZNPermission object with the specified name.

Methods inherited from class java.security.BasicPermission

equals, getActions, hashCode, implies, newPermissionCollection

Methods inherited from class java.security.Permission

checkGuard, getName, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

JAZNPermission

public JAZNPermission(java.lang.String name)

Creates a new JAZNPermission with the specified name. Name is the symbolic name of the permission, such as "getRealmManager", "getPolicy", "getProperty.{propertyName}", etc. An asterisk may appear at the end of the name, following a ".", or by itself, to signify a wildcard match.

Parameters:

name - the name of the JAZNPermission.

Throws:

java.lang.NullPointerException - if name is null.

java.lang.IllegalArgumentException - if name is empty.

JAZNPermission

public JAZNPermission(java.lang.String name,
                      java.lang.String actions)

Creates a new JAZNPermission object with the specified name. The name is the symbolic name of the JAZNPermission, and the actions String is currently unused. This constructor exists for use by the Policy object to instantiate new Permission objects.

Parameters:

name - the name of the JAZNPermission.

actions - ignored.

Throws:

java.lang.NullPointerException - if name is null.

java.lang.IllegalArgumentException - if name is empty.