oracle.security.jps.service.policystore

Interface PolicyStore

All Superinterfaces:

JavaPolicy, JpsPersistable, OpssServiceInstance, PolicyMgmt, ServiceInstance

public interface PolicyStore
extends OpssServiceInstance, JavaPolicy, PolicyMgmt

PolicyStore is the top-level scope concept. In a PolicyStore, users can create one or more Applications.

Nested Class Summary

Nested classes/interfaces inherited from interface oracle.security.opss.service.OpssServiceInstance

OpssServiceInstance.State

Nested classes/interfaces inherited from interface oracle.security.jps.service.JpsPersistable

JpsPersistable.Mode

Method Summary

Methods

Modifier and Type	Method and Description
java.util.Set<ResourceActionsEntry>	checkBulkAuthorization(javax.security.auth.Subject subject, java.util.Set<ResourceActionsEntry> requestedResources) Determines whether the subject has access one or more Resource Actions.
ApplicationPolicy	createApplicationPolicy(java.lang.String appId) Creates an application policy given the application name - appid.
ApplicationPolicy	createApplicationPolicy(java.lang.String appId, java.lang.String displayName, java.lang.String description, ApplicationPolicy.DATA_SECURITY_TYPE type) Creates an application policy given the application name - appid, display name displayName and description description and type type
void	deleteApplicationPolicy(java.lang.String appId) Delete an application policy given the application name - appid.
java.util.Map<java.lang.String,ApplicationPolicy>	getApplicationPolicies() Deprecated. Use getApplicationPolicy(String appId) Returns a map of applications and their policies managed by this PolicyStore This may in turn be queried for application roles, and policies provisioned for a given application
ApplicationPolicy	getApplicationPolicy(java.lang.String appId) Returns a application policy for the given application by this PolicyStore
java.util.List<AppRoleEntry>	getAppRoles(StoreAppRoleSearchQuery query) Search ApplicationRoles across one or more Applications based upon user specified criteria (query) Caller should have PolicyStoreAccessPermission("context=APPLICATION,name=Queried Applicaiton's stripe Id" , "getApplicationPolicy") permission to search for roles. If the caller does not supply an application name (or supplies a partial application name with some MATCHER other than EXACT) then they should have PolicyStoreAccessPermission("context=APPLICATION, name=*" , "getApplicationPolicy") to search for app roles.
java.util.List<java.lang.String>	getConfiguredApplications() Deprecated.
PDPInfoViewer	getPDPInfoViewer() Gets an instance of PDP instances viewer
PolicyStoreType	getPolicyStoreType() Returns the underlying Policy Storage mechanism (XML, LDAP, etc).
RASConfigurationBindingManager	getRASConfigurationBindingManager() Gets an instance of RAS Configuration Binding Manager
RASConfigurationManager	getRASConfigurationManager() Gets an instance of RAS Configuration Manager
JavaPolicy	getSystemPolicy() Returns the "system" or "non-app-specific" or "global" policy
void	modifyApplicationPolicy(ApplicationPolicy app) Modify an application policy in the persistence store.

Methods inherited from interface oracle.security.opss.service.OpssServiceInstance

getState

Methods inherited from interface oracle.security.jps.service.ServiceInstance

accept, getName, getServiceProvider

Methods inherited from interface oracle.security.jps.service.JpsPersistable

persist, refresh

Methods inherited from interface oracle.security.jps.jaas.JavaPolicy

getPermissions, getPermissions, getPermissions, getPermissions, getPermissions, hasPermission, implies, refresh

Methods inherited from interface oracle.security.jps.service.policystore.PolicyMgmt

getGrantEntries, grant, grant, modifyGrant, revoke, revoke

Method Detail

getApplicationPolicies

java.util.Map<java.lang.String,ApplicationPolicy> getApplicationPolicies()
                                                                         throws PolicyStoreException

Deprecated. Use getApplicationPolicy(String appId) Returns a map of applications and their policies managed by this PolicyStore This may in turn be queried for application roles, and policies provisioned for a given application

Representation of a Jps Policy Repository 1) Used in runtime as the Policy Engine for standard Java Security calls 2) Used to provision policies and application roles 3) Plugs into the Jps Service framework as a Service

Returns:

the app-specific policies managed by this PolicyStore

Throws:

PolicyStoreException - - if there is an error during this policy operation

getConfiguredApplications

java.util.List<java.lang.String> getConfiguredApplications()
                                                           throws PolicyStoreException

Deprecated.

This APIs returns the list of applications present in the policy store.

Caller should have PolicyStoreAccessPermission("context=SYSTEM,name=*", "getConfiguredApplications") permission to be able to invoke this method.

Returns:

array of applications present in the policy store

Throws:

PolicyStoreException

java.security.AccessControlException - if the caller does not have the PolicyStoreAccessPermission("context=SYSTEM,name=*" , "getConfiguredApplications").

getApplicationPolicy

ApplicationPolicy getApplicationPolicy(java.lang.String appId)
                                       throws InvalidArgumentException,
                                              PolicyObjectNotFoundException,
                                              PolicyStoreException

Returns a application policy for the given application by this PolicyStore

Caller should have view privileges to the application.

Parameters:

appId - name of the application

Returns:

ApplicationPolicy the app-specific policy managed by this PolicyStore

Throws:

PolicyStoreException - if there is an error during this policy operation

InvalidArgumentException - if application name is null or empty.

PolicyObjectNotFoundException - if application policy for the given application does not exist.

getSystemPolicy

JavaPolicy getSystemPolicy()
                           throws PolicyStoreException

Returns the "system" or "non-app-specific" or "global" policy

Returns:

the "system" or "non-app-specific" policy

Throws:

PolicyStoreException - - if there is an error during this operation

createApplicationPolicy

ApplicationPolicy createApplicationPolicy(java.lang.String appId)
                                          throws InvalidArgumentException,
                                                 PolicyObjectAlreadyExistsException,
                                                 PolicyStoreException

Creates an application policy given the application name - appid.

Parameters:

appId -

Returns:

ApplicationPolicy - the created policy

Throws:

PolicyObjectAlreadyExistsException - if this application policy already exists

PolicyStoreException - if there is an error during creation of the policy

InvalidArgumentException - if application name is null or empty.

java.security.AccessControlException - if the caller does not have the PolicyStoreAccessPermission("context=APPLICATION,name=Applicaiton's stripe Id" , "createApplicationPolicy").

deleteApplicationPolicy

void deleteApplicationPolicy(java.lang.String appId)
                             throws InvalidArgumentException,
                                    PolicyObjectNotFoundException,
                                    PolicyStoreException

Delete an application policy given the application name - appid.

Parameters:

appId -

Throws:

PolicyObjectNotFoundException - if this application policy does not exist

PolicyStoreException - if there is an error during deletion of the policy

InvalidArgumentException - if application name is null or empty.

java.security.AccessControlException - if the caller does not have the PolicyStoreAccessPermission("context=APPLICATION,name=Applicaiton's stripe Id" , "deleteApplicationPolicy").

getPolicyStoreType

PolicyStoreType getPolicyStoreType()

Returns the underlying Policy Storage mechanism (XML, LDAP, etc).

Returns:

PolicyStoreType - underlying policy storage mechanism.

checkBulkAuthorization

java.util.Set<ResourceActionsEntry> checkBulkAuthorization(javax.security.auth.Subject subject,
                                                         java.util.Set<ResourceActionsEntry> requestedResources)
                                                           throws PolicyStoreException

Determines whether the subject has access one or more Resource Actions.

Following example illustrates how to invoke this method

    
     import oracle.security.jps.*;
     import oracle.security.jps.util.*;
     import oracle.security.jps.service.policystore.*;
     import oracle.security.jps.service.policystore.info.*;
     import oracle.security.jps.service.policystore.info.common.*;
     import oracle.security.jps.service.policystore.info.resource.*;
     import oracle.security.jps.service.policystore.search.*;
     import java.util.*;
     import java.security.*;
     import javax.security.auth.*;
    
     ...

     PolicyStore ps;  // the current PolicyStore

      // Construct the requested Resource-Actions
     Set<ResourceActionsEntry> requestedResources = new HashSet<ResourceActionsEntry>();
     ResourceActionsEntry aResourceActionsEntry;
     Set<String> allowedActions;
        
     // actions for this resource 
     allowedActions = new HashSet<String>();
     allowedActions.add("read");
     allowedActions.add("write");
 
 
     // Build one resource-actions
     // Assuming FILE is a pre-existing resource type defined in the application 'application_1'
     aResourceActionsEntry = InfoFactory.newResourceActionsEntry("FILE", "/tmp", allowedActions, "application_1");
 
     // and add it to the request
     requestedResources.add ( aResourceActionsEntry );
 
     // build one more resource-actions 
     allowedActions = new HashSet<String>();
     allowedActions.add("connect");
     // Assuming SOCKET is a pre-existing resource type defined in the application 'application2'
     aResourceActionsEntry = InfoFactory.newResourceActionsEntry("SOCKET", "somehost:9999", allowedActions, "application_2");
     requestedResources.add ( aResourceActionsEntry );

     // Create a Subject (not shown here)
     Subject jdoe;
     Set<ResourceActionsEntry> allowedResources; 
 
     // Return result has the allowed resource-actions
     allowedResources = ps.checkBulkAuthorization(jdoe, requestedResources);
  

Parameters:

subject - the Subject to authorize

requestedResources - a Set of resource actions the caller is requesting access to.
NOTE: Multiple actions in the ResourceActionsEntry correspond to action1 AND action2 ... AND action_n.

Returns:

the set of resource actions the caller is authorized to access from the supplied requestedResources. Resource Actions the caller cannot access are not included in the return result.

If the Subject is not authorized to all the resoure-actions, an empty Set is returned.

If the applicalication associated with the ResourceActionEntry set does not exist, a DENY result is returned.

Throws:

PolicyStoreException - if an error occurs while evaluating the request.

See Also:

InfoFactory.newResourceActionsEntry(String,String,Set,String)

getAppRoles

java.util.List<AppRoleEntry> getAppRoles(StoreAppRoleSearchQuery query)
                                         throws PolicyStoreException

Search ApplicationRoles across one or more Applications based upon user specified criteria (query)
Caller should have PolicyStoreAccessPermission("context=APPLICATION,name=Queried Applicaiton's stripe Id" , "getApplicationPolicy") permission to search for roles.
If the caller does not supply an application name (or supplies a partial application name with some MATCHER other than EXACT) then they should have PolicyStoreAccessPermission("context=APPLICATION, name=*" , "getApplicationPolicy") to search for app roles. Otherwise the method will throw a SecurityException or AccessControlException.
The returned app role entries have their name, display name, description and other operational attributes instantiated.
Approle members or inherited approle members are not instantiated, and must be searched for separately.
Note: when building complex query, if more than one subquery has search property as APPLICATION_NAME,
then the queries SHOULD NOT be AND'ed in the complex query If more than one app role is found, the returned
list is sorted according to the ascending order of display name attribute of app roles.

Parameters:

query - Cross application AppRole search criteria.

Returns:

list of AppRoleEntry objects (possibly empty).

Throws:

PolicyStoreException - if an error occurs while querying.

java.security.AccessControlException - if the caller does not have sufficient privileges for querying applications.

modifyApplicationPolicy

void modifyApplicationPolicy(ApplicationPolicy app)
                             throws InvalidArgumentException,
                                    PolicyObjectNotFoundException,
                                    PolicyStoreException

Modify an application policy in the persistence store.

Parameters:

app - ApplicationPolicy object.

Throws:

InvalidArgumentException - an invalid parameter was supplied

PolicyObjectNotFoundException - application policy not found in the peristence store.

PolicyStoreException - if an error occurs while persisting the changes.

java.security.AccessControlException - if the caller does not have the PolicyStoreAccessPermission("context=APPLICATION,name=Applicaiton's stripe Id" , "createApplicationPolicy").

getRASConfigurationManager

RASConfigurationManager getRASConfigurationManager()

Gets an instance of RAS Configuration Manager

Returns:

Throws:

java.lang.RuntimeException - if the policy store is not properly initialized.

getRASConfigurationBindingManager

RASConfigurationBindingManager getRASConfigurationBindingManager()

Gets an instance of RAS Configuration Binding Manager

Returns:

Throws:

java.lang.RuntimeException - if the policy store is not properly initialized.

getPDPInfoViewer

PDPInfoViewer getPDPInfoViewer()

Gets an instance of PDP instances viewer

Returns:

createApplicationPolicy

ApplicationPolicy createApplicationPolicy(java.lang.String appId,
                                        java.lang.String displayName,
                                        java.lang.String description,
                                        ApplicationPolicy.DATA_SECURITY_TYPE type)
                                          throws InvalidArgumentException,
                                                 PolicyObjectAlreadyExistsException,
                                                 PolicyStoreException

Creates an application policy given the application name - appid, display name displayName and description description and type type

Parameters:

appId -

displayName -

description -

type -

Returns:

ApplicationPolicy - the created policy

Throws:

PolicyObjectAlreadyExistsException - if this application policy already exists

PolicyStoreException - if there is an error during creation of the policy

InvalidArgumentException - if application name is null or empty.

java.security.AccessControlException - if the caller does not have the PolicyStoreAccessPermission("context=APPLICATION,name=Applicaiton's stripe Id" , "createApplicationPolicy").