|
Oracle Fusion Middleware Java API Reference for Oracle Platform Security Services 11g Release 1 (11.1.1) E14650-04 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
oracle.security.jps.util.JpsAuth
public final class JpsAuth
An Authorization related utility class
Nested Class Summary | |
---|---|
static interface |
JpsAuth.Authorizer |
Constructor Summary | |
---|---|
JpsAuth() |
Method Summary | |
---|---|
static java.util.Set<ResourceActionsEntry> |
checkBulkAuthorization(javax.security.auth.Subject subject, java.util.Set<ResourceActionsEntry> requestedResources) Determines whether the subject has access one or more Resource Actions. |
static void |
checkPermission(java.security.Permission perm) Utility method to perform checkPermission. |
static java.util.Set<ResourceActionsEntry> |
getGrantedResources(javax.security.auth.Subject subject, boolean isAuthorized) Returns resource-actions that have been granted to a Subject. |
static JpsAuth.Authorizer |
getSystemAuthorizer() Returns the system-level Authorizer |
static boolean |
hasPermission(javax.security.auth.Subject subject, java.security.Permission perm) |
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public JpsAuth()
Method Detail |
---|
public static JpsAuth.Authorizer getSystemAuthorizer()
public static void checkPermission(java.security.Permission perm) throws java.security.AccessControlException
SecurityManager
is set, call SecurityManager.checkPermission
AccessController.checkPermission
perm
- permission to be checkedjava.security.AccessControlException
- if the specified permission is not permitted, based on the current security policy.public static boolean hasPermission(javax.security.auth.Subject subject, java.security.Permission perm)
public static java.util.Set<ResourceActionsEntry> getGrantedResources(javax.security.auth.Subject subject, boolean isAuthorized) throws JpsRuntimeException
Set
of ResourceActionsEntry
.<p/> Please note that only permissions associated with resource types (directly or indirectly through permission sets) will be returned by this method.This method is only for LDAP policystore.If the subject is given java.security.AllPermission permission, then the returned resource actions entry will contain "<all actions>" action and "<all permissions>" resource where the resource type is "AllPermission".<p/>subject
- The Subject instance. This Subject instance can contain user identity, enterprise roles, or application roles. This method will not compute application roles for the given subject. The subject must be read-only.isAuthorized
- A boolean flag to indicate if it also needs to perform checkPermission
for the subject on all the granted resources. Set to true to perform a checkPermission for the subject on the resource actions entries. If set to false, no checkPermission is performed. Please note that in certain cases, a subject is granted for a permission does not necessary mean that the subject is authorized. An example would be, say, we have a custom permission which implements its own implies
method, and it adds one more condition to return imply true only if the access time is between 9 AM and 5 PM. In this case, a subject is granted the permission, but will only be authorized during 9 AM and 5 PM. If authorize is set to false, we will not evaluate the permissions and just return the entire set of permissions in ResourceActionsEntry.JpsRuntimeException
- If the policy provider does not implement getGrantedResources
.public static java.util.Set<ResourceActionsEntry> checkBulkAuthorization(javax.security.auth.Subject subject, java.util.Set<ResourceActionsEntry> requestedResources) throws PolicyStoreException
Following example illustrates how to invoke this method
import oracle.security.jps.*; import oracle.security.jps.util.*; import oracle.security.jps.service.policystore.*; import oracle.security.jps.service.policystore.info.*; import oracle.security.jps.service.policystore.info.common.*; import oracle.security.jps.service.policystore.info.resource.*; import oracle.security.jps.service.policystore.search.*; import java.util.*; import java.security.*; import javax.security.auth.*; ... PolicyStore ps; // the current PolicyStore // Construct the requested Resource-Actions Set<ResourceActionsEntry> requestedResources = new HashSet<ResourceActionsEntry>(); ResourceActionsEntry aResourceActionsEntry; Set<String> allowedActions; // actions for this resource allowedActions = new HashSet<String>(); allowedActions.add("read"); allowedActions.add("write"); // Build one resource-actions // Assuming FILE is a pre-existing resource type defined in the application 'application_1' aResourceActionsEntry = InfoFactory.newResourceActionsEntry("FILE", "/tmp", allowedActions, "application_1"); // and add it to the request requestedResources.add ( aResourceActionsEntry ); // build one more resource-actions allowedActions = new HashSet<String>(); allowedActions.add("connect"); // Assuming SOCKET is a pre-existing resource type defined in the application 'application2' aResourceActionsEntry = InfoFactory.newResourceActionsEntry("SOCKET", "somehost:9999", allowedActions, "application_2"); requestedResources.add ( aResourceActionsEntry ); // Create a Subject (not shown here) Subject jdoe; Set<ResourceActionsEntry> allowedResources; // Return result has the allowed resource-actions allowedResources = ps.checkBulkAuthorization(jdoe, requestedResources);
subject
- the Subject to authorizerequestedResources
- a Set of resource actions the caller is requesting access to.ResourceActionsEntry
correspond to action1 AND action2 ... AND action_n.requestedResources
. Resource Actions the caller cannot access are not included in the return result.
If the Subject is not authorized to all the resoure-actions, an empty Set is returned.
PolicyStoreException
- if an error occurs while evaluating the request.InfoFactory.newResourceActionsEntry(String,String,Set,String)
|
Oracle Fusion Middleware Java API Reference for Oracle Platform Security Services 11g Release 1 (11.1.1) E14650-04 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |