Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.sun.identity.policy.jaas
Class ISPolicy

java.lang.Object
  extended by java.security.Policy
      extended by com.sun.identity.policy.jaas.ISPolicy

public class ISPolicy
extends Policy

This is an implementation of abstract class java.security.Policy for representing the system security policy for a Java application environment. It provides a custom policy implementation based on JAAS and JDK 1.5 and above.It makes policy evaluation against the OpenSSO Policy Service instead of the default file based one.

It provides implementation of the abstract methods in Policy class.

In general the source location for the policy information utilized by the Policy object to make policy decisions is up to the Policy implementation. In the case of ISPolicy the source comes from the OpenSSO's policy store, which is consulted to make the policy evaluation.

A Policy object can be queried for the set of Permissions granted to set of classes running as a Principal in the following manner: 

   policy = Policy.getPolicy();
   PermissionCollection perms = policy.getPermissions(ProtectionDomain);
The Policy object consults the local policy and returns the appropriate PermissionCollection object ISPermissionCollection containing the Permissions granted to the Principals and granted to the set of classes specified by the provided protectionDomain.

The currently-installed Policy object can be obtained by calling the getPolicy method, and it can be changed by a call to the setPolicy method (by code with permission to reset the Policy).

The refresh method causes the policy object to refresh/reload its current configuration.

See Also:
ProtectionDomain, PermissionCollection

Constructor Summary
ISPolicy()
          Constructs an ISPolicy instance.
 
Method Summary
 PermissionCollection getPermissions(CodeSource codesource)
          Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for Principals associated with the specified code source.
 PermissionCollection getPermissions(ProtectionDomain protectionDomain)
          Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for Principals associated with the enclosed set of classes.
 void refresh()
          Refreshes/reloads the policy configuration.
 

Constructor Detail

ISPolicy

public ISPolicy()
Constructs an ISPolicy instance. Save the existing global policy , so that we can use that for evaluating permissions we do not support through our custom policy implementation like FilePermission, SecurityPermission etc.

Method Detail

getPermissions

public PermissionCollection getPermissions(ProtectionDomain protectionDomain)
Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for Principals associated with the enclosed set of classes. Here we always return the PermissionCollection after adding theISPermission object into it, so that policy determination is also based on OpenSSO's policies.

Overrides:
getPermissions in class Policy
Parameters:
protectionDomain - the protection domain which encapsulates the characteristics of a domain, which encloses the set of classes whose instances are granted the permissions when being executed on behalf of the given set of Principals.
Returns:
the Collection of permissions allowed for the protection domain according to the policy.
Throws:
SecurityException - if the current thread does not have permission to call getPermissions on the policy object.

getPermissions

public PermissionCollection getPermissions(CodeSource codesource)
Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for Principals associated with the specified code source. Here we always return the PermissionCollection after adding theISPermission object into it, so that policy determination is also based on OpenSSO's policies.

Specified by:
getPermissions in class Policy
Parameters:
codesource - the CodeSource associated with the caller. This encapsulates the original location of the code (where the code came from) and the public key(s) of its signer.This parameter may be null.
Returns:
the Collection of permissions allowed for the code from codesource according to the policy.
Throws:
SecurityException - if the current thread does not have permission to call getPermissions on the policy object.

refresh

public void refresh()
Refreshes/reloads the policy configuration. The behavior of this method depends on the implementation. In this implementation we will call refresh on the defaultPolicy we saved in the ISPolicy constructor.

Specified by:
refresh in class Policy
Throws:
SecurityException - if the current thread does not have permission to refresh this Policy object.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD