|
Oracle Fusion Middleware Management Java API Reference for Oracle Entitlements Server 11g Release 1 (11.1.1) E22649-02 ESAPI |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface PolicyMgmt
This interface defines policy provisioning APIs
Method Summary | |
---|---|
java.util.List<GrantEntry> |
getGrantEntries() Get all the grants defined in this scope (system or application). |
void |
grant(java.util.List<PrincipalEntry> principalEntries, CodeSourceEntry csEntry, java.util.List<PermissionEntry> permissionEntries) Grant a set of permissions to this group of principals and code source, or otherwise collectively known as the grantee. |
void |
grant(java.security.Principal[] principals, java.security.CodeSource cs, java.security.Permission[] perms) Grant a set of permissions to this group of principals and code source, or otherwise collectively known as the grantee. |
void |
modifyGrant(java.util.List<PrincipalEntry> principalEntries, CodeSourceEntry csEntry, PermissionEntry oldpermissionEntry, PermissionEntry newPermissionEntry) Modifies a grant by replacing the permission in an existing grant with a given permission if not already present. |
void |
revoke(java.util.List<PrincipalEntry> principalEntries, CodeSourceEntry csEntry, java.util.List<PermissionEntry> permissionEntries) Revoke a grant of permissions from this set of principals and codesource combination |
void |
revoke(java.security.Principal[] principals, java.security.CodeSource cs, java.security.Permission[] perms) Revoke a grant of permissions from this set of principals and codesource combination. |
Method Detail |
---|
void grant(java.security.Principal[] principals, java.security.CodeSource cs, java.security.Permission[] perms) throws PolicyObjectAlreadyExistsException, PolicyStoreException
Permissions created with valid resource types will be validated for matcher class and allowed actions against their resource type. Validations will not be done for invalid (non-existent) resource types.
Based on the algorithm in JpsAuth
this checks for PolicyStoreAccessPermission( "context=APPLICATION,name=application stripe" , "grant"). OR for PolicyStoreAccessPermission
("context=SYSTEM", "grant" This may result in an AccessControlException or SecurityException
principals
- the set of principals to grant the permission(s) forcs
- the code sourceperms
- the set of permissionsPolicyObjectAlreadyExistsException
- if the grantee is already granted the requested permissions.PolicyStoreException
- if an error occured during this grant operation
Cause | Explanation |
Permission Class validation fails (if resource type is defined in the policy store) | Permission class of Permission differs from the matcher class of the resource type. (see ResourceTypeEntry.getResourceMatcherClassName() ) |
Action validation fails (if resource type is defined in the policy store) | Action of the Permission is not a subset of actions for the given Resource Type. (see ResourceTypeEntry.getActions() ) |
java.lang.NullPointerException
- if permissions is empty, or if a principal in the principals array is empty.PolicyObjectAlreadyExistsException
- if all the permissions are granted to the grantee. If any one permission is not granted previously, then the permission is now granted.void grant(java.util.List<PrincipalEntry> principalEntries, CodeSourceEntry csEntry, java.util.List<PermissionEntry> permissionEntries) throws PolicyObjectAlreadyExistsException, PolicyStoreException
Use this method only the if the grantee or PermissionEntries cannot be instantiated. Sometimes, the class
that implements the principal, or the permission
may not be available in the classloader. In such situations, this method can be used to perform a grant
.
This method searches for an existing grantee by comparing the corresponding string values of the grantee, which are the principal classname, principal name and the code source URL. Therefore, the grantee search is not exact and may not be entirely accurate since the Principal
objects are not compared.
Similarly, when the permissions
are granted, the check for duplicate permissions is performed by string comparisons of the permission attributes - namely the permission classname, permissions name and the permission action. Also since the Permission
object is not created, it is not possible to verify if the PermissionEntry
is valid or not.
Permissions created with valid resource types will be validated for matcher class and allowed actions against their resource type. Validations will not be done for invalid (non-existent) resource types.
The caller is responsible for the grantee and permissions values supplied as parameters in this method.Based on the algorithm in JpsAuth
this checks for PolicyStoreAccessPermission( "context=APPLICATION,name=application stripe" , "grant"). OR for PolicyStoreAccessPermission
("context=SYSTEM", "grant" This may result in an AccessControlException or SecurityException
principalEntries
- principal entries that constitute the granteecsEntry
- codesource entry that constitute the granteepermissionEntries
- permissions to grant.PolicyObjectAlreadyExistsException
- - if the grantee is already granted the requested permissions.PolicyStoreException
- if an error occured during this grant operation.
Cause | Explanation |
Permission Class validation fails (if resource type exists in policy store) | Permission class of Permission differs from the matcher class of the Resource type. (see ResourceTypeEntry.getResourceMatcherClassName() ) |
Action validation fails (if resource type exists in policy store) | Action of the Permission is not a subset of actions for the given Resource Type. (see ResourceTypeEntry.getActions() ) |
java.lang.NullPointerException
- if permissions is empty, or if a principal in the principals array is empty.PolicyObjectAlreadyExistsException
- if all the permissions are granted to the grantee. If any one permission is not granted previously, then the permission is now granted.void revoke(java.security.Principal[] principals, java.security.CodeSource cs, java.security.Permission[] perms) throws PolicyObjectNotFoundException, PolicyStoreException
Based on the algorithm in JpsAuth
this checks for PolicyStoreAccessPermission( "context=APPLICATION,name=application stripe" , "revoke"). OR for PolicyStoreAccessPermission
("context=SYSTEM", "revoke" This may result in an AccessControlException or SecurityException
Permissions created with valid resource types will be validated for matcher class and allowed actions against their resource type. Validations will not be done for invalid (non-existent) resource types.
principals
- - the set of principals to revoke the permission(s) fromcs
- - the code sourceperms
- - the set of permissionsPolicyObjectNotFoundException
- - if this object is not foundPolicyStoreException
- - if an error occured during this revoke operation
Cause | Explanation |
Permission Class validation fails (if resource type is defined in the policy store) | Permission class of Permission differs from the matcher class of the Resource type. (see ResourceTypeEntry.getResourceMatcherClassName() ) |
Action validation fails (if resource type is defined in the policy store) | Action of the Permission is not a subset of actions for the given Resource Type (see ResourceTypeEntry.getActions() ) |
java.lang.NullPointerException
- if permissions is empty, or if a principal in the principals array is empty.void revoke(java.util.List<PrincipalEntry> principalEntries, CodeSourceEntry csEntry, java.util.List<PermissionEntry> permissionEntries) throws PolicyObjectNotFoundException, PolicyStoreException
Use this method only the if the grantee or PermissionEntries cannot be instantiated. Sometimes, the class
that implements the principal, or the permission
may not be available in the classloader. In such situations, this method can be used to perform a grant
.
This method searches for an existing grantee by comparing the corresponding string values of the grantee, which are the principal classname, principal name and the code source URL. Therefore, the grantee search is not exact and may not be entirely accurate since the Principal
objects are not compared.
Similarly, when the permissions
are revoked, the check for an existing permissions is performed by string comparisons of the permission attributes - namely the permission classname, permissions name and the permission action. Also since the Permission
object is not created, it is not possible to verify if the PermissionEntry
is valid or not.
Permissions created with valid resource types will be validated for matcher class and allowed actions against their resource type. Validations will not be done for invalid (non-existent) resource types.
The caller is responsible for the grantee and permissions values supplied as parameters in this method.Based on the algorithm in JpsAuth
this checks for PolicyStoreAccessPermission( "context=APPLICATION,name=application stripe" , "revoke"). OR for PolicyStoreAccessPermission
("context=SYSTEM", "revoke" This may result in an AccessControlException or SecurityException
principalEntries
- principal entries that constitute the granteecsEntry
- codesource entry that constitute the granteepermissionEntries
- permissions to grant.PolicyObjectNotFoundException
- if the grantee or permissions are not found.PolicyStoreException
- if an error occured during this revoke operation.
Cause | Explanation |
Permission Class validation fails (if resource type is defined in the policy store) | Permission class of Permission differs from the matcher class of the Resource type. (see ResourceTypeEntry.getResourceMatcherClassName() ) |
Action validation fails (if resource type is defined in the policy store) | Action of the Permission is not a subset of actions for the given Resource Type (see ResourceTypeEntry.getActions() ) |
java.lang.NullPointerException
- if permissions is empty, or if a principal in the principals array is empty.java.util.List<GrantEntry> getGrantEntries() throws PolicyStoreException
PolicyStoreException
- if an error occured during this operationvoid modifyGrant(java.util.List<PrincipalEntry> principalEntries, CodeSourceEntry csEntry, PermissionEntry oldpermissionEntry, PermissionEntry newPermissionEntry) throws PolicyObjectNotFoundException, PolicyStoreException
PolicyStoreAccessPermission
("context=SYSTEM", "revoke" AND for PolicyStoreAccessPermission( "context=APPLICATION,name=application stripe" , "grant"). OR for PolicyStoreAccessPermission
("context=SYSTEM", "grant" This may result in an AccessControlException or SecurityExceptionprincipalEntries
- List of principal entries that defines the grantcsEntry
- codesource entry that defines the grantoldpermissionEntry
- old permission entry to be replacednewPermissionEntry
- new permission entry to be put inPolicyObjectNotFoundException
- thrown if the grant or old permission is not foundPolicyStoreException
- internal policy store errorjava.lang.IllegalArgumentException
- if principalEntries list is empty or oldpermissionEntry or newPermissionEntry is null.
|
Oracle Fusion Middleware Management Java API Reference for Oracle Entitlements Server 11g Release 1 (11.1.1) E22649-02 ESAPI |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |