|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
|
+--javax.security.auth.Policy
|
+--com.sun.identity.policy.jaas.ISPolicy
This is an implementation of abstract class
javax.security.auth.Policy for representing the system security
policy for a Java application environment. It provides a custom policy
implementation based on JAAS 1.0 and JDK 1.3.1. It makes policy evaluation
against the Access Manager Policy Service instead of the default file based
one: PolicyFile
It provides implementation of the abstract methods in Policy class.
In general the source location for the policy information utilized by the Policy object to make policy decisions is up to the Policy implementation. In the case of ISPolicy the source comes from the Access Manager's policy store, which is consulted to make the policy evaluation.
A Policy object can be queried for the set of Permissions
granted to code running as a Principal in the following manner:
policy = Policy.getPolicy(); PermissionCollection perms = policy.getPermissions(subject, MyCodeSource);The
Policy object consults the local policy and returns the
appropriate PermissionCollection object
com.sun.identity.policy.jaas.ISPermissionCollection containing
the Permissions granted to the Principals associated with the provided
subject, and granted to the code specified by the provided
codeSource.
The currently-installed Policy object can be obtained by
calling the getPolicy method, and it can be
changed by a call to the setPolicy method (by
code with permission to reset the Policy).
The refresh method causes the policy
object to refresh/reload its current configuration.
CodeSource,
PermissionCollection| Constructor Summary | |
ISPolicy()
Constructs an ISPolicy instance. |
|
| Method Summary | |
java.security.PermissionCollection |
getPermissions(javax.security.auth.Subject subject,
java.security.CodeSource codesource)
Evaluates the global policy and returns a PermissionCollection object specifying the set of
permissions allowed for Principals associated with the specified code
source. |
void |
refresh()
Refreshes/reloads the policy configuration. |
| Methods inherited from class javax.security.auth.Policy |
getPolicy, setPolicy |
| Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
public ISPolicy()
ISPolicy instance.
Save the existing global policy , so that we can use that
for evaluating permissions we do not support through our custom policy
implementation like FilePermission,
SecurityPermission etc.| Method Detail |
public java.security.PermissionCollection getPermissions(javax.security.auth.Subject subject,
java.security.CodeSource codesource)
PermissionCollection object specifying the set of
permissions allowed for Principals associated with the specified code
source. Here we always return the PermissionCollection after
adding theISPermission object into it, so that policy
determination is also based on Access Manager's policies.getPermissions in class javax.security.auth.Policysubject - the Subject whose associated Principals, in conjunction
with the provided codesource, determines the Permissions
returned by this method. This parameter may be null.codesource - the CodeSource associated with the caller.
This encapsulates the original location of the code (where the code
came from) and the public key(s) of its signer.This parameter may be
null.codesource according to the policy.java.lang.SecurityException - if the current thread does not
have permission to call getPermissions on the policy object.public void refresh()
defaultPolicy we saved in the
ISPolicy constructor.refresh in class javax.security.auth.Policyjava.lang.SecurityException - if the current thread does not
have permission to refresh this Policy object.
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||