|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--javax.security.auth.Policy | +--com.sun.identity.policy.jaas.ISPolicy
This is an implementation of abstract class
javax.security.auth.Policy
for representing the system security
policy for a Java application environment. It provides a custom policy
implementation based on JAAS 1.0 and JDK 1.3.1. It makes policy evaluation
against the Access Manager Policy Service instead of the default file based
one: PolicyFile
It provides implementation of the abstract methods in Policy class.
In general the source location for the policy information utilized by the Policy object to make policy decisions is up to the Policy implementation. In the case of ISPolicy the source comes from the Access Manager's policy store, which is consulted to make the policy evaluation.
A Policy
object can be queried for the set of Permissions
granted to code running as a Principal
in the following manner:
policy = Policy.getPolicy(); PermissionCollection perms = policy.getPermissions(subject, MyCodeSource);The
Policy
object consults the local policy and returns the
appropriate PermissionCollection
object
com.sun.identity.policy.jaas.ISPermissionCollection
containing
the Permissions granted to the Principals associated with the provided
subject, and granted to the code specified by the provided
codeSource
.
The currently-installed Policy object can be obtained by
calling the getPolicy
method, and it can be
changed by a call to the setPolicy
method (by
code with permission to reset the Policy).
The refresh
method causes the policy
object to refresh/reload its current configuration.
CodeSource
,
PermissionCollection
Constructor Summary | |
ISPolicy()
Constructs an ISPolicy instance. |
Method Summary | |
java.security.PermissionCollection |
getPermissions(javax.security.auth.Subject subject,
java.security.CodeSource codesource)
Evaluates the global policy and returns a PermissionCollection object specifying the set of
permissions allowed for Principals associated with the specified code
source. |
void |
refresh()
Refreshes/reloads the policy configuration. |
Methods inherited from class javax.security.auth.Policy |
getPolicy, setPolicy |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public ISPolicy()
ISPolicy
instance.
Save the existing global policy , so that we can use that
for evaluating permissions we do not support through our custom policy
implementation like FilePermission
,
SecurityPermission
etc.Method Detail |
public java.security.PermissionCollection getPermissions(javax.security.auth.Subject subject, java.security.CodeSource codesource)
PermissionCollection
object specifying the set of
permissions allowed for Principals associated with the specified code
source. Here we always return the PermissionCollection
after
adding theISPermission
object into it, so that policy
determination is also based on Access Manager's policies.getPermissions
in class javax.security.auth.Policy
subject
- the Subject whose associated Principals, in conjunction
with the provided codesource
, determines the Permissions
returned by this method. This parameter may be null.codesource
- the CodeSource
associated with the caller.
This encapsulates the original location of the code (where the code
came from) and the public key(s) of its signer.This parameter may be
null.codesource
according to the policy.java.lang.SecurityException
- if the current thread does not
have permission to call getPermissions
on the policy object.public void refresh()
defaultPolicy
we saved in the
ISPolicy
constructor.refresh
in class javax.security.auth.Policy
java.lang.SecurityException
- if the current thread does not
have permission to refresh this Policy object.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |