Skip navigation links

oracle.security.jps.util
Class JpsAuth

java.lang.Object
oracle.security.jps.util.JpsAuth

public final class JpsAuth

extends java.lang.Object

An Authorization related utility class

Nested Class Summary

static interface

JpsAuth.Authorizer

Constructor Summary

JpsAuth()

Method Summary

static void	checkPermission(java.security.Permission perm) Utility method to perform checkPermission.
static java.util.Set	getGrantedResources(javax.security.auth.Subject subject, boolean isAuthorized) Returns resource-actions that have been granted to a Subject.
static JpsAuth.Authorizer	getSystemAuthorizer() Returns the system-level Authorizer
static boolean	hasPermission(javax.security.auth.Subject subject, java.security.Permission perm)

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JpsAuth

public JpsAuth()

Method Detail

getSystemAuthorizer

public static JpsAuth.Authorizer getSystemAuthorizer()

Returns the system-level Authorizer

Returns:

the system-level Authorizer

checkPermission

public static void checkPermission(java.security.Permission perm)
                            throws java.security.AccessControlException

Utility method to perform checkPermission. <p/> The check proceeds as follows:

1. If SecurityManager is set, call SecurityManager.checkPermission
2. [else] If system property "java.security.policy" is set, call AccessController.checkPermission
3. [else] do nothing

Note that this algorithm is tentative & subject to change.

Parameters:

perm - permission to be checked

Throws:

java.security.AccessControlException - if the specified permission is not permitted, based on the current security policy.

hasPermission

public static boolean hasPermission(javax.security.auth.Subject subject,
                                    java.security.Permission perm)

getGrantedResources

public static java.util.Set getGrantedResources(javax.security.auth.Subject subject,
                                                boolean isAuthorized)
                                         throws JpsRuntimeException

Returns resource-actions that have been granted to a Subject. <p/> This utility method is to provide a runtime authorization query to fetch all granted resources on a given Subject instance. The return type is a Set of ResourceActionsEntry.<p/> Please note that only permissions associated with resource types (directly or indirectly through permission sets) will be returned by this method.If the subject is given java.security.AllPermission permission, then the returned resource actions entry will contain "<all actions>" action and "<all permissions>" resource where the resource type is "AllPermission".<p/>

Parameters:

subject - The Subject instance. This Subject instance can contain user identity, enterprise roles, or application roles. This method will not compute application roles for the given subject. The subject must be read-only.

isAuthorized - A boolean flag to indicate if it also needs to perform checkPermission for the subject on all the granted resources. Set to true to perform a checkPermission for the subject on the resource actions entries. If set to false, no checkPermission is performed. Please note that in certain cases, a subject is granted for a permission does not necessary mean that the subject is authorized. An example would be, say, we have a custom permission which implements its own implies method, and it adds one more condition to return imply true only if the access time is between 9 AM and 5 PM. In this case, a subject is granted the permission, but will only be authorized during 9 AM and 5 PM. If authorize is set to false, we will not evaluate the permissions and just return the entire set of permissions in ResourceActionsEntry.

Throws:

JpsRuntimeException - If the policy provider does not implement getGrantedResources.

Skip navigation links