|
Oracle Fusion Middleware Java API Reference for Oracle Platform Security Services 11g Release 1 (11.1.1) E14650-03 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface PolicyStore
Nested Class Summary |
---|
Nested classes/interfaces inherited from interface oracle.security.jps.service.JpsPersistable |
---|
JpsPersistable.Mode |
Method Summary | |
---|---|
java.util.Set |
checkBulkAuthorization(javax.security.auth.Subject subject, java.util.Set requestedResources) Determines whether the subject has access one or more Resource Actions. |
ApplicationPolicy |
createApplicationPolicy(java.lang.String appId) Creates an application policy given the application name - appid . |
void |
deleteApplicationPolicy(java.lang.String appId) Delete an application policy given the application name - appid . |
java.util.Map |
getApplicationPolicies() Deprecated. Use getApplicationPolicy(String appId) Returns a map of applications and their policies managed by this PolicyStore This may in turn be queried for application roles, and policies provisioned for a given application |
ApplicationPolicy |
getApplicationPolicy(java.lang.String appId) Returns a application policy for the given application by this PolicyStore This may in turn be queried for application roles, and policies provisioned for a given application |
java.util.List |
getAppRoles(StoreAppRoleSearchQuery query) Search ApplicationRoles across one or more Applications based upon user specified criteria (query) Caller should have PolicyStoreAccessPermission ("context=APPLICATION,name=Queried Applicaiton's stripe Id" , "getApplicationPolicy") permission to search for roles.If the caller does not supply an application name (or supplies a partial application name with some MATCHER other than EXACT) then they should have PolicyStoreAccessPermission ("context=APPLICATION, name=*" , "getApplicationPolicy") to search for app roles. |
java.util.List |
getConfiguredApplications() This APIs returns the list of applications present in the policy store. |
PolicyStoreType |
getPolicyStoreType() Returns the underlying Policy Storage mechanism (XML, LDAP, etc). |
JavaPolicy |
getSystemPolicy() Returns the "system" or "non-app-specific" or "global" policy |
void |
modifyApplicationPolicy(ApplicationPolicy app) Modify an application policy in the persistence store. |
Methods inherited from interface oracle.security.jps.service.ServiceInstance |
---|
accept, getName, getServiceProvider |
Methods inherited from interface oracle.security.jps.service.JpsPersistable |
---|
persist, refresh |
Methods inherited from interface oracle.security.jps.jaas.JavaPolicy |
---|
getPermissions, getPermissions, getPermissions, getPermissions, getPermissions, hasPermission, implies, refresh |
Methods inherited from interface oracle.security.jps.service.policystore.PolicyMgmt |
---|
getGrantEntries, grant, grant, modifyGrant, revoke, revoke |
Method Detail |
---|
@Deprecated
java.util.Map getApplicationPolicies()
throws PolicyStoreException
getApplicationPolicy(String appId)
Returns a map of applications and their policies managed by this PolicyStore This may in turn be queried for application roles, and policies provisioned for a given applicationPolicyStore
PolicyStoreException
- - if there is an error during this policy operationjava.util.List getConfiguredApplications() throws PolicyStoreException
PolicyStoreException
ApplicationPolicy getApplicationPolicy(java.lang.String appId) throws PolicyObjectNotFoundException, PolicyStoreException
Based on the algorithm in JpsAuth
this checks for PolicyStoreAccessPermission
("context=APPLICATION,name=Application's stripe id" , "getApplicationPolicy"). This permission allows one to "read" from an application Policy. Further permissions are required to alter/ write to the ApplicationPolicy
. This may result in an AccessControlException or SecurityException
appId
- name of the applicationPolicyStore
PolicyObjectNotFoundException
- requested policy object does not existPolicyStoreException
- if there is an error during this policy operationjava.lang.NullPointerException
- if application name is empty.JavaPolicy getSystemPolicy() throws PolicyStoreException
Based on the algorithm in JpsAuth
this checks for PolicyStoreAccessPermission
("context=SYSTEM" , "getSystemPolicy"). This may result in an AccessControlException or SecurityException
PolicyStoreException
- - if there is an error during this operationApplicationPolicy createApplicationPolicy(java.lang.String appId) throws PolicyObjectAlreadyExistsException, PolicyStoreException
appid
.
If neccessary, create an application policy and return to caller. Based on the algorithm in JpsAuth
this checks for PolicyStoreAccessPermission
("context=APPLICATION,name=Applicaiton's stripe Id" , "createApplicationPolicy"). This may result in an AccessControlException or SecurityException
appId
-PolicyObjectAlreadyExistsException
- if this application policy already existsPolicyStoreException
- if there is an error during creation of the policyjava.lang.IllegalArgumentException
- if application name is empty.void deleteApplicationPolicy(java.lang.String appId) throws PolicyObjectNotFoundException, PolicyStoreException
appid
.
Based on the algorithm in JpsAuth
this checks for PolicyStoreAccessPermission
("context=APPLICATION,name=Application's stripe Id" , "deleteApplicationPolicy"). This may result in an AccessControlException or SecurityException
appId
-PolicyObjectNotFoundException
- if this application policy does not existPolicyStoreException
- if there is an error during deletion of the policyjava.lang.NullPointerException
- if application name is empty.PolicyStoreType getPolicyStoreType()
java.util.Set checkBulkAuthorization(javax.security.auth.Subject subject, java.util.Set requestedResources) throws PolicyStoreException
Following example illustrates how to invoke this method
import oracle.security.jps.*; import oracle.security.jps.util.*; import oracle.security.jps.service.policystore.*; import oracle.security.jps.service.policystore.info.*; import oracle.security.jps.service.policystore.info.common.*; import oracle.security.jps.service.policystore.info.resource.*; import oracle.security.jps.service.policystore.search.*; import java.util.*; import java.security.*; import javax.security.auth.*; ... PolicyStore ps; // the current PolicyStore // Construct the requested Resource-Actions Set<ResourceActionsEntry> requestedResources = new HashSet<ResourceActionsEntry>(); ResourceActionsEntry aResourceActionsEntry; Set<String> allowedActions; // actions for this resource allowedActions = new HashSet<String>(); allowedActions.add("read"); allowedActions.add("write"); // Build one resource-actions // Assuming FILE is a pre-existing resource type defined in the application 'application_1' aResourceActionsEntry = InfoFactory.newResourceActionsEntry("FILE", "/tmp", allowedActions, "application_1"); // and add it to the request requestedResources.add ( aResourceActionsEntry ); // build one more resource-actions allowedActions = new HashSet<String>(); allowedActions.add("connect"); // Assuming SOCKET is a pre-existing resource type defined in the application 'application2' aResourceActionsEntry = InfoFactory.newResourceActionsEntry("SOCKET", "somehost:9999", allowedActions, "application_2"); requestedResources.add ( aResourceActionsEntry ); // Create a Subject (not shown here) Subject jdoe; Set<ResourceActionsEntry> allowedResources; // Return result has the allowed resource-actions allowedResources = ps.checkBulkAuthorization(jdoe, requestedResources);
subject
- the Subject to authorizerequestedResources
- a Set of resource actions the caller is requesting access to.ResourceActionsEntry
correspond to action1 AND action2 ... AND action_n.requestedResources
. Resource Actions the caller cannot access are not included in the return result.
If the Subject is not authorized to all the resoure-actions, an empty Set is returned.
PolicyStoreException
- if an error occurs while evaluating the request.InfoFactory.newResourceActionsEntry(String,String,Set,String)
java.util.List getAppRoles(StoreAppRoleSearchQuery query) throws PolicyStoreException
PolicyStoreAccessPermission
("context=APPLICATION,name=Queried Applicaiton's stripe Id" , "getApplicationPolicy") permission to search for roles.PolicyStoreAccessPermission
("context=APPLICATION, name=*" , "getApplicationPolicy") to search for app roles. Otherwise the method will throw a SecurityException
or AccessControlException
.query
- Cross application AppRole search criteria.PolicyStoreException
- if an error occurs while querying.java.security.AccessControlException
- if the caller does not have sufficient privileges for querying applications.void modifyApplicationPolicy(ApplicationPolicy app) throws InvalidArgumentException, PolicyObjectNotFoundException, PolicyStoreException
app
- ApplicationPolicy object.InvalidArgumentException
- an invalid parameter was suppliedPolicyObjectNotFoundException
- application policy not found in the peristence store.PolicyStoreException
- if an error occurs while persisting the changes.java.security.AccessControlException
- if the caller does not have the PolicyStoreAccessPermission
("context=APPLICATION,name=Applicaiton's stripe Id" , "createApplicationPolicy").
|
Oracle Fusion Middleware Java API Reference for Oracle Platform Security Services 11g Release 1 (11.1.1) E14650-03 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |