com.sun.identity.policy.jaas
Class ISPermission

java.lang.Object
  java.security.Permission
      com.sun.identity.policy.jaas.ISPermission

All Implemented Interfaces:

java.security.Guard, java.io.Serializable

public class ISPermission

extends java.security.Permission

This class provides the support for JAAS Authorization service Its a new JAAS Permission which extends the Permission class. This is the only API which gets used by an application/container to evaluate policy against the Access Manager Policy framework. This class provides implementations of all the required abstract methods of java.security.Permission, in a way that the policy evaluation is made against the Access Manager's Policy service.

For example, one would use this class as follows to evaluate policy permissions:

 ISPermission perm = new ISPermission("iPlanetAMWebAgentService",
                  "http://www.sun.com:80","GET");
 AccessController.checkPermission(perm);
 

If Access Manager has the policy service iPlanetAMWebAgentService which has a Rule defined for resource http://www.sun.com:80 with action "GET" with allow privilege, this call will return quietly, if such a policy is not found then access is denied and Exception thrown accordingly. Also these ISPermission co-exist with the permissions specified in the JDK policy store ( by default file com.sun.security.auth.PolicyFile or defined on the command line using the -D option.

See Also:

Permission, Subject,

, Serialized Form

Constructor Summary

ISPermission(java.lang.String serviceName, java.lang.String resourceName, java.lang.String actions)
Constructs an ISPermission instance, with the specified service name, resource name and action name.

ISPermission(java.lang.String serviceName, java.lang.String resourceName, java.lang.String actions, java.util.Map envParams)
Constructs an ISPermission instance, with the specified service name, resource name and action name.

ISPermission(javax.security.auth.Subject subject, java.security.CodeSource codesource)
Constructs an ISPermission instance, with the specified Subject and the CodeSource.

Method Summary

boolean	equals(java.lang.Object obj) Returns true if two ISPermission objects for equality.
java.lang.String	getActions() returns a comma separated list of actions associated with this ISPermission.
java.security.CodeSource	getCodeSource() returns the CodeSourceassociated with this ISPermission.
java.util.Map	getEnvParams() returns environment parameters and their values associated with this ISPermission.
java.lang.String	getResourceName() returns the name of the resource associated with this ISPermission .
java.lang.String	getServiceName() returns the name of the service associated with this ISPermission .
javax.security.auth.Subject	getSubject() returns the Subjectassociated with this ISPermission .
int	hashCode() Returns the hash code value for this Permission object.
boolean	implies(java.security.Permission perm) Checks if the specified permission's actions are "implied by" this object's actions.
java.security.PermissionCollection	newPermissionCollection() Returns a java.security.PermissionCollection to store this kind of Permission.
java.lang.String	toString() Returns a string describing this Permission.

Methods inherited from class java.security.Permission

checkGuard, getName

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

ISPermission

public ISPermission(javax.security.auth.Subject subject,
                    java.security.CodeSource codesource)

Constructs an ISPermission instance, with the specified Subject and the CodeSource.

Parameters:

subject - Subject for which this ISPermission is being created.

codesource - CodeSource for which this permission is being created.

ISPermission

public ISPermission(java.lang.String serviceName,
                    java.lang.String resourceName,
                    java.lang.String actions)

Constructs an ISPermission instance, with the specified service name, resource name and action name.

Parameters:

serviceName - name of service for which this ISPermission is being created. This name needs to be one of the loaded services in the access manager's policy service. example: iPlanetAMWegAgentService

resourceName - name of the resource for which this ISPermission is being defined.

actions - name of the action that needs to be checked for. It may be a String like "GET", "POST" in case of service name iPlanetAMWebAgentService.

ISPermission

public ISPermission(java.lang.String serviceName,
                    java.lang.String resourceName,
                    java.lang.String actions,
                    java.util.Map envParams)

Constructs an ISPermission instance, with the specified service name, resource name and action name.

Parameters:

serviceName - name of service for which this ISPermission is being created. This name needs to be one of the loaded policy services in the access manager. example: iPlanetAMWegAgentService

resourceName - name of the resource for which this ISPermission is being defined.

actions - name of the action that needs to be checked for. It may be a String like "GET", "POST" in case of service name iPlanetAMWebAgentService.

envParams - a java.util.Map of environment parameters which are used by the com.sun.identity.policy.client.PolicyEvaluator to evaluate the com.sun.identity.policy.Conditions associated with the policy. This is a Map of attribute-value pairs representing the environment under which the policy needs to be evaluated.

Method Detail

getServiceName

public java.lang.String getServiceName()

returns the name of the service associated with this ISPermission .

Returns:

String representing the name of the service for this object.

getResourceName

public java.lang.String getResourceName()

returns the name of the resource associated with this ISPermission .

Returns:

String representing the name of the resource for this object.

getEnvParams

public java.util.Map getEnvParams()

returns environment parameters and their values associated with this ISPermission.

Returns:

Map representing the environment parameters of this object. The Map consists of attribute value pairs.

getActions

public java.lang.String getActions()

returns a comma separated list of actions associated with this ISPermission.

Returns:

a comma separated String representing the name of the action for this object. For example for:

 ISPermission isp = new ISPermission("iPlanetAMWebAgentService, 
     "http://www.sun.com:80", "GET, POST");
 getActions() would return "GET,POST"
 

getSubject

public javax.security.auth.Subject getSubject()

returns the Subjectassociated with this ISPermission .

Returns:

javax.security.auth.Subject representing the subject of this permission.

getCodeSource

public java.security.CodeSource getCodeSource()

returns the CodeSourceassociated with this ISPermission.

Returns:

java.security.CodeSource representing the codesource of this permission.

equals

public boolean equals(java.lang.Object obj)

Returns true if two ISPermission objects for equality.

Parameters:

obj - ISPermission object.

Returns:

true if subject, codesource, service name, resource name actions and environment parameters of both objects are equal.

hashCode

public int hashCode()

Returns the hash code value for this Permission object.

The required hashCode behavior for Permission Objects is the following:

• Whenever it is invoked on the same Permission object more than once during an execution of a Java application, the hashCode method must consistently return the same integer. This integer need not remain consistent from one execution of an application to another execution of the same application.

• If two Permission objects are equal according to the equals method, then calling the hashCode method on each of the two Permission objects must produce the same integer result.

Returns:

a hash code value for this object.

implies

public boolean implies(java.security.Permission perm)

Checks if the specified permission's actions are "implied by" this object's actions.

The implies method is used by the AccessController to determine whether or not a requested permission is implied by another permission that is known to be valid in the current execution context.

Parameters:

perm - the permission to check against.

Returns:

true if the specified permission is implied by this object, false if not. The check is made against the Access Manager's policy service to determine this evaluation.

newPermissionCollection

public java.security.PermissionCollection newPermissionCollection()

Returns a java.security.PermissionCollection to store this kind of Permission.

Returns:

an instance of ISPermissionCollection

toString

public java.lang.String toString()

Returns a string describing this Permission.

Returns:

String containing information about this Permission.