Class SimplePolicyConfiguration
- java.lang.Object
-
- com.sun.enterprise.security.jacc.provider.SimplePolicyConfiguration
-
- All Implemented Interfaces:
jakarta.security.jacc.PolicyConfiguration
public class SimplePolicyConfiguration extends Object implements jakarta.security.jacc.PolicyConfiguration
The methods of this interface are used by containers to create policy statements in a Policy provider. An object that implements the PolicyConfiguration interface provides the policy statement configuration interface for a corresponding policy context within the corresponding Policy provider.- Author:
- monzillo
-
-
Field Summary
Fields Modifier and Type Field Description static int
DELETED_STATE
static int
INSERVICE_STATE
static int
OPEN_STATE
-
Constructor Summary
Constructors Modifier Constructor Description protected
SimplePolicyConfiguration(String contextID)
Creates a new instance of SimplePolicyConfiguration
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addToExcludedPolicy(Permission permission)
Used to add a single excluded policy statement to this PolicyConfiguration.void
addToExcludedPolicy(PermissionCollection permissions)
Used to add excluded policy statements to this PolicyConfiguration.void
addToRole(String roleName, Permission permission)
Used to add a single permission to a named role in this PolicyConfiguration.void
addToRole(String roleName, PermissionCollection permissions)
Used to add permissions to a named role in this PolicyConfiguration.void
addToUncheckedPolicy(Permission permission)
Used to add a single unchecked policy statement to this PolicyConfiguration.void
addToUncheckedPolicy(PermissionCollection permissions)
Used to add unchecked policy statements to this PolicyConfiguration.protected static void
checkSetPolicyPermission()
void
commit()
This method is used to set to "inService" the state of the policy context whose interface is this PolicyConfiguration Object.void
delete()
Causes all policy statements to be deleted from this PolicyConfiguration and sets its internal state such that calling any method, other than delete, getContextID, or inService on the PolicyConfiguration will be rejected and cause an UnsupportedOperationException to be thrown.String
getContextID()
This method returns this object's policy context identifier.static PermissionCollection
getPermissions(PermissionCollection basePerms, CodeSource codesource)
Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for code from the specified code source.static PermissionCollection
getPermissions(PermissionCollection basePerms, ProtectionDomain domain)
Evaluates the policy and returns a PermissionCollection object specifying the set of permissions allowed given the characteristics of the protection domain.protected static SimplePolicyConfiguration
getPolicyConfig(String pcid, boolean remove)
static int
implies(ProtectionDomain domain, Permission p)
Evaluates the policy to determine whether the permissions is granted to the ProtectionDomain.boolean
inService()
This method is used to determine if the policy context whose interface is this PolicyConfiguration Object is in the "inService" state.protected static boolean
inService(String pcid)
void
linkConfiguration(jakarta.security.jacc.PolicyConfiguration link)
Creates a relationship between this configuration and another such that they share the same principal-to-role mappings.void
removeExcludedPolicy()
Used to remove any excluded policy statements from this PolicyConfiguration.void
removeRole(String roleName)
Used to remove a role and all its permissions from this PolicyConfiguration.void
removeUncheckedPolicy()
Used to remove any unchecked policy statements from this PolicyConfiguration.
-
-
-
Field Detail
-
OPEN_STATE
public static final int OPEN_STATE
- See Also:
- Constant Field Values
-
INSERVICE_STATE
public static final int INSERVICE_STATE
- See Also:
- Constant Field Values
-
DELETED_STATE
public static final int DELETED_STATE
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
SimplePolicyConfiguration
protected SimplePolicyConfiguration(String contextID)
Creates a new instance of SimplePolicyConfiguration
-
-
Method Detail
-
getContextID
public String getContextID() throws jakarta.security.jacc.PolicyContextException
This method returns this object's policy context identifier.- Specified by:
getContextID
in interfacejakarta.security.jacc.PolicyConfiguration
- Returns:
- this object's policy context identifier.
- Throws:
SecurityException
- if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.jakarta.security.jacc.PolicyContextException
- if the implementation throws a checked exception that has not been accounted for by the getContextID method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.
-
addToRole
public void addToRole(String roleName, PermissionCollection permissions) throws jakarta.security.jacc.PolicyContextException
Used to add permissions to a named role in this PolicyConfiguration. If the named Role does not exist in the PolicyConfiguration, it is created as a result of the call to this function.It is the job of the Policy provider to ensure that all the permissions added to a role are granted to principals "mapped to the role".
- Specified by:
addToRole
in interfacejakarta.security.jacc.PolicyConfiguration
- Parameters:
roleName
- the name of the Role to which the permissions are to be added.permissions
- the collection of permissions to be added to the role. The collection may be either a homogenous or heterogenous collection.- Throws:
SecurityException
- if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.UnsupportedOperationException
- if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.jakarta.security.jacc.PolicyContextException
- if the implementation throws a checked exception that has not been accounted for by the addToRole method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.
-
addToRole
public void addToRole(String roleName, Permission permission) throws jakarta.security.jacc.PolicyContextException
Used to add a single permission to a named role in this PolicyConfiguration. If the named Role does not exist in the PolicyConfiguration, it is created as a result of the call to this function.It is the job of the Policy provider to ensure that all the permissions added to a role are granted to principals "mapped to the role".
- Specified by:
addToRole
in interfacejakarta.security.jacc.PolicyConfiguration
- Parameters:
roleName
- the name of the Role to which the permission is to be added.permission
- the permission to be added to the role.- Throws:
SecurityException
- if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.UnsupportedOperationException
- if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.jakarta.security.jacc.PolicyContextException
- if the implementation throws a checked exception that has not been accounted for by the addToRole method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.
-
addToUncheckedPolicy
public void addToUncheckedPolicy(PermissionCollection permissions) throws jakarta.security.jacc.PolicyContextException
Used to add unchecked policy statements to this PolicyConfiguration.- Specified by:
addToUncheckedPolicy
in interfacejakarta.security.jacc.PolicyConfiguration
- Parameters:
permissions
- the collection of permissions to be added as unchecked policy statements. The collection may be either a homogenous or heterogenous collection.- Throws:
SecurityException
- if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.UnsupportedOperationException
- if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.jakarta.security.jacc.PolicyContextException
- if the implementation throws a checked exception that has not been accounted for by the addToUncheckedPolicy method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.
-
addToUncheckedPolicy
public void addToUncheckedPolicy(Permission permission) throws jakarta.security.jacc.PolicyContextException
Used to add a single unchecked policy statement to this PolicyConfiguration.- Specified by:
addToUncheckedPolicy
in interfacejakarta.security.jacc.PolicyConfiguration
- Parameters:
permission
- the permission to be added to the unchecked policy statements.- Throws:
SecurityException
- if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.UnsupportedOperationException
- if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.jakarta.security.jacc.PolicyContextException
- if the implementation throws a checked exception that has not been accounted for by the addToUncheckedPolicy method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.
-
addToExcludedPolicy
public void addToExcludedPolicy(PermissionCollection permissions) throws jakarta.security.jacc.PolicyContextException
Used to add excluded policy statements to this PolicyConfiguration.- Specified by:
addToExcludedPolicy
in interfacejakarta.security.jacc.PolicyConfiguration
- Parameters:
permissions
- the collection of permissions to be added to the excluded policy statements. The collection may be either a homogenous or heterogenous collection.- Throws:
SecurityException
- if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.UnsupportedOperationException
- if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.jakarta.security.jacc.PolicyContextException
- if the implementation throws a checked exception that has not been accounted for by the addToExcludedPolicy method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.
-
addToExcludedPolicy
public void addToExcludedPolicy(Permission permission) throws jakarta.security.jacc.PolicyContextException
Used to add a single excluded policy statement to this PolicyConfiguration.- Specified by:
addToExcludedPolicy
in interfacejakarta.security.jacc.PolicyConfiguration
- Parameters:
permission
- the permission to be added to the excluded policy statements.- Throws:
SecurityException
- if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.UnsupportedOperationException
- if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.jakarta.security.jacc.PolicyContextException
- if the implementation throws a checked exception that has not been accounted for by the addToExcludedPolicy method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.
-
removeRole
public void removeRole(String roleName) throws jakarta.security.jacc.PolicyContextException
Used to remove a role and all its permissions from this PolicyConfiguration.- Specified by:
removeRole
in interfacejakarta.security.jacc.PolicyConfiguration
- Parameters:
roleName
- the name of the Role to remove from this PolicyConfiguration.- Throws:
SecurityException
- if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.UnsupportedOperationException
- if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.jakarta.security.jacc.PolicyContextException
- if the implementation throws a checked exception that has not been accounted for by the removeRole method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.
-
removeUncheckedPolicy
public void removeUncheckedPolicy() throws jakarta.security.jacc.PolicyContextException
Used to remove any unchecked policy statements from this PolicyConfiguration.- Specified by:
removeUncheckedPolicy
in interfacejakarta.security.jacc.PolicyConfiguration
- Throws:
SecurityException
- if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.UnsupportedOperationException
- if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.jakarta.security.jacc.PolicyContextException
- if the implementation throws a checked exception that has not been accounted for by the removeUncheckedPolicy method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.
-
removeExcludedPolicy
public void removeExcludedPolicy() throws jakarta.security.jacc.PolicyContextException
Used to remove any excluded policy statements from this PolicyConfiguration.- Specified by:
removeExcludedPolicy
in interfacejakarta.security.jacc.PolicyConfiguration
- Throws:
SecurityException
- if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.UnsupportedOperationException
- if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.jakarta.security.jacc.PolicyContextException
- if the implementation throws a checked exception that has not been accounted for by the removeExcludedPolicy method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.
-
linkConfiguration
public void linkConfiguration(jakarta.security.jacc.PolicyConfiguration link) throws jakarta.security.jacc.PolicyContextException
Creates a relationship between this configuration and another such that they share the same principal-to-role mappings. PolicyConfigurations are linked to apply a common principal-to-role mapping to multiple seperately manageable PolicyConfigurations, as is required when an application is composed of multiple modules.Note that the policy statements which comprise a role, or comprise the excluded or unchecked policy collections in a PolicyConfiguration are unaffected by the configuration being linked to another.
- Specified by:
linkConfiguration
in interfacejakarta.security.jacc.PolicyConfiguration
- Parameters:
link
- a reference to a different PolicyConfiguration than this PolicyConfiguration.The relationship formed by this method is symetric, transitive and idempotent. If the argument PolicyConfiguration does not have a different Policy context identifier than this PolicyConfiguration no relationship is formed, and an exception, as described below, is thrown.
- Throws:
SecurityException
- if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.UnsupportedOperationException
- if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.IllegalArgumentException
- if called with an argument PolicyConfiguration whose Policy context is equivalent to that of this PolicyConfiguration.jakarta.security.jacc.PolicyContextException
- if the implementation throws a checked exception that has not been accounted for by the linkConfiguration method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.
-
delete
public void delete() throws jakarta.security.jacc.PolicyContextException
Causes all policy statements to be deleted from this PolicyConfiguration and sets its internal state such that calling any method, other than delete, getContextID, or inService on the PolicyConfiguration will be rejected and cause an UnsupportedOperationException to be thrown.This operation has no affect on any linked PolicyConfigurations other than removing any links involving the deleted PolicyConfiguration.
- Specified by:
delete
in interfacejakarta.security.jacc.PolicyConfiguration
- Throws:
SecurityException
- if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.jakarta.security.jacc.PolicyContextException
- if the implementation throws a checked exception that has not been accounted for by the delete method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.
-
commit
public void commit() throws jakarta.security.jacc.PolicyContextException
This method is used to set to "inService" the state of the policy context whose interface is this PolicyConfiguration Object. Only those policy contexts whose state is "inService" will be included in the policy contexts processed by the Policy.refresh method. A policy context whose state is "inService" may be returned to the "owpen" state by calling the getPolicyConfiguration method of the PolicyConfiguration factory with the policy context identifier of the policy context.When the state of a policy context is "inService", calling any method other than commit, delete, getContextID, or inService on its PolicyConfiguration Object will cause an UnsupportedOperationException to be thrown.
- Specified by:
commit
in interfacejakarta.security.jacc.PolicyConfiguration
- Throws:
SecurityException
- if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.UnsupportedOperationException
- if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" when this method is called.jakarta.security.jacc.PolicyContextException
- if the implementation throws a checked exception that has not been accounted for by the commit method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.
-
inService
public boolean inService() throws jakarta.security.jacc.PolicyContextException
This method is used to determine if the policy context whose interface is this PolicyConfiguration Object is in the "inService" state.- Specified by:
inService
in interfacejakarta.security.jacc.PolicyConfiguration
- Returns:
- true if the state of the associated policy context is "inService"; false otherwise.
- Throws:
SecurityException
- if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.jakarta.security.jacc.PolicyContextException
- if the implementation throws a checked exception that has not been accounted for by the inService method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.
-
getPolicyConfig
protected static SimplePolicyConfiguration getPolicyConfig(String pcid, boolean remove) throws jakarta.security.jacc.PolicyContextException
- Throws:
jakarta.security.jacc.PolicyContextException
-
inService
protected static boolean inService(String pcid) throws jakarta.security.jacc.PolicyContextException
- Throws:
jakarta.security.jacc.PolicyContextException
-
checkSetPolicyPermission
protected static void checkSetPolicyPermission()
-
getPermissions
public static PermissionCollection getPermissions(PermissionCollection basePerms, CodeSource codesource) throws jakarta.security.jacc.PolicyContextException
Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for code from the specified code source.- Parameters:
codeSource
- the CodeSource associated with the caller. This encapsulates the original location of the code (where the code came from) and the public key(s) of its signer.- Returns:
- the set of permissions allowed for code from codesource according to the policy.The returned set of permissions must be a new mutable instance and it must support heterogeneous Permission types.
- Throws:
jakarta.security.jacc.PolicyContextException
-
getPermissions
public static PermissionCollection getPermissions(PermissionCollection basePerms, ProtectionDomain domain) throws jakarta.security.jacc.PolicyContextException
Evaluates the policy and returns a PermissionCollection object specifying the set of permissions allowed given the characteristics of the protection domain.- Parameters:
domain
- the ProtectionDomain associated with the caller.- Returns:
- the set of permissions allowed for the domain according to the policy.The returned set of permissions must be a new mutable instance and it must support heterogeneous Permission types.
- Throws:
jakarta.security.jacc.PolicyContextException
- Since:
- 1.4
- See Also:
ProtectionDomain
,SecureClassLoader
-
implies
public static int implies(ProtectionDomain domain, Permission p) throws jakarta.security.jacc.PolicyContextException
Evaluates the policy to determine whether the permissions is granted to the ProtectionDomain.- Parameters:
domain
- the ProtectionDomain to testpermission
- the Permission object to be tested for implication.- Returns:
- integer -1 if excluded, 0 if not implied, 1 if implied granted to this ProtectionDomain.
- Throws:
jakarta.security.jacc.PolicyContextException
-
-