|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--java.security.Permission | +--com.sun.identity.policy.jaas.ISPermission
This class provides the support for JAAS Authorization service
Its a new JAAS Permission
which extends the
Permission
class. This is the only
API which gets used by an application/container to evaluate policy against
the Access Manager Policy framework. This class provides implementations
of all the required abstract methods of java.security.Permission, in a
way that the policy evaluation is made against the Access Manager's
Policy service.
For example, one would use this class as follows to evaluate policy permissions:
ISPermission perm = new ISPermission("iPlanetAMWebAgentService", "http://www.sun.com:80","GET"); AccessController.checkPermission(perm);If Access Manager has the policy service
iPlanetAMWebAgentService
which has a Rule
defined
for resource http://www.sun.com:80
with action "GET" with allow privilege, this call will return quietly, if
such a policy is not found then access is denied and Exception thrown
accordingly. Also these ISPermission
co-exist with the
permissions specified in the JDK policy store ( by default file
com.sun.security.auth.PolicyFile
or defined on the command line using
the -D option.
Permission
,
Subject
,
, Serialized FormConstructor Summary | |
ISPermission(java.lang.String serviceName,
java.lang.String resourceName,
java.lang.String actions)
Constructs an ISPermission instance, with the specified
service name, resource name and action name. |
|
ISPermission(java.lang.String serviceName,
java.lang.String resourceName,
java.lang.String actions,
java.util.Map envParams)
Constructs an ISPermission instance, with the specified
service name, resource name and action name. |
|
ISPermission(javax.security.auth.Subject subject,
java.security.CodeSource codesource)
Constructs an ISPermission instance, with the specified
Subject and the CodeSource . |
Method Summary | |
boolean |
equals(java.lang.Object obj)
Returns true if two ISPermission objects for equality. |
java.lang.String |
getActions()
returns a comma separated list of actions associated with this ISPermission . |
java.security.CodeSource |
getCodeSource()
returns the CodeSource associated with this
ISPermission . |
java.util.Map |
getEnvParams()
returns environment parameters and their values associated with this ISPermission . |
java.lang.String |
getResourceName()
returns the name of the resource associated with this ISPermission
. |
java.lang.String |
getServiceName()
returns the name of the service associated with this ISPermission
. |
javax.security.auth.Subject |
getSubject()
returns the Subject associated with this ISPermission
. |
int |
hashCode()
Returns the hash code value for this Permission object. |
boolean |
implies(java.security.Permission perm)
Checks if the specified permission's actions are "implied by" this object's actions. |
java.security.PermissionCollection |
newPermissionCollection()
Returns a java.security.PermissionCollection to store this
kind of Permission. |
java.lang.String |
toString()
Returns a string describing this Permission. |
Methods inherited from class java.security.Permission |
checkGuard, getName |
Methods inherited from class java.lang.Object |
getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail |
public ISPermission(javax.security.auth.Subject subject, java.security.CodeSource codesource)
ISPermission
instance, with the specified
Subject
and the CodeSource
.subject
- Subject
for which this
ISPermission
is being created.codesource
- CodeSource
for which this permission is
being created.public ISPermission(java.lang.String serviceName, java.lang.String resourceName, java.lang.String actions)
ISPermission
instance, with the specified
service name, resource name and action name.serviceName
- name of service for which this
ISPermission
is being created. This name needs to be
one of the loaded services in the access manager's policy
service. example: iPlanetAMWegAgentService
resourceName
- name of the resource for which this
ISPermission
is being defined.actions
- name of the action that needs to be checked for. It
may be a String
like "GET", "POST" in case of service name
iPlanetAMWebAgentService
.public ISPermission(java.lang.String serviceName, java.lang.String resourceName, java.lang.String actions, java.util.Map envParams)
ISPermission
instance, with the specified
service name, resource name and action name.serviceName
- name of service for which this
ISPermission
is being created. This name needs to be
one of the loaded policy services in the access manager. example:
iPlanetAMWegAgentService
resourceName
- name of the resource for which this
ISPermission
is being defined.actions
- name of the action that needs to be checked for. It
may be a String
like "GET", "POST" in case of service name
iPlanetAMWebAgentService
.envParams
- a java.util.Map
of environment parameters
which are used by the
com.sun.identity.policy.client.PolicyEvaluator
to evaluate the com.sun.identity.policy.Conditions
associated with the policy. This is a Map of attribute-value pairs
representing the environment under which the policy needs to be
evaluated.Method Detail |
public java.lang.String getServiceName()
ISPermission
.String
representing the name of the service for this
object.public java.lang.String getResourceName()
ISPermission
.String
representing the name of the resource for
this object.public java.util.Map getEnvParams()
ISPermission
.Map
representing the environment parameters of
this object. The Map
consists of attribute value pairs.public java.lang.String getActions()
ISPermission
.getActions
in class java.security.Permission
String
representing the name
of the action for this object. For example for:
ISPermission isp = new ISPermission("iPlanetAMWebAgentService, "http://www.sun.com:80", "GET, POST"); getActions() would return "GET,POST"
public javax.security.auth.Subject getSubject()
Subject
associated with this ISPermission
.javax.security.auth.Subject
representing the
subject of this permission.public java.security.CodeSource getCodeSource()
CodeSource
associated with this
ISPermission
.java.security.CodeSource
representing the
codesource
of this permission.public boolean equals(java.lang.Object obj)
ISPermission
objects for equality.equals
in class java.security.Permission
obj
- ISPermission
object.codesource
, service name, resource
name actions and environment parameters of both objects are equal.public int hashCode()
The required hashCode
behavior for Permission Objects is
the following:
hashCode
method
must consistently return the same integer. This integer need not
remain consistent from one execution of an application to another
execution of the same application.
equals
method, then calling the hashCode
method on each of the
two Permission objects must produce the same integer result.
hashCode
in class java.security.Permission
public boolean implies(java.security.Permission perm)
The implies
method is used by the
AccessController
to determine whether or not a requested
permission is implied by another permission that is known to be valid
in the current execution context.
implies
in class java.security.Permission
perm
- the permission to check against.public java.security.PermissionCollection newPermissionCollection()
java.security.PermissionCollection
to store this
kind of Permission.newPermissionCollection
in class java.security.Permission
ISPermissionCollection
public java.lang.String toString()
toString
in class java.security.Permission
String
containing information about this Permission.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |