Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.systinet.security.policy
Class UpdateablePolicy

java.lang.Object
  extended byjavax.security.auth.Policy
      extended byorg.systinet.security.policy.UpdateablePolicy
Direct Known Subclasses:
AcceptingUpdateablePolicy, Policy2UpdateablePolicy
public abstract class UpdateablePolicy
extends javax.security.auth.Policy

This is an abstract class for representing the updateable policy for Subject-based authorization. A subclass implementation of this class provides a means to specify a Subject-based updateable access control Policy. This class extends JAAS policy to enrich it with updateable behaviour. It is especially designed for use with WASP.

Since:
4.0

Field Summary
static java.lang.String WASP_POLICY_CHECKER
          key for policy checker (can be put into intialization map)
static java.lang.String WASP_POLICY_IMPL
          key for policy implementation (can be put into intialization map)
 
Constructor Summary
UpdateablePolicy(java.util.Map map)
          Constructor for invocation by subclass constructors.
 
Method Summary
abstract  boolean addPermission(java.security.CodeSource cs, java.security.Principal principal, java.security.Permission permission)
          Adds a single permission to specified principal.
abstract  void addPermissions(java.security.CodeSource cs, java.security.Principal principal, java.security.PermissionCollection collection)
          Adds collection of permissions to specified principal.
abstract  boolean addPermissionToRole(java.lang.String roleName, java.security.Permission permission)
          Adds permission to role.
 boolean createRole(java.lang.String roleName)
          Creates empty role.
 boolean deleteRole(java.lang.String roleName)
          Deletes role.
 void destroy()
          Releases allocated resources during Wasp destroy.
abstract  java.security.PermissionCollection getPermissions(javax.security.auth.Subject subject, java.security.CodeSource codesource)
          Retrieve the Permissions granted to the Principals associated with the specified CodeSource, always returns a collection containg AllPermissons .
abstract  PrincipalEntries getPrincipalEntries()
          Returns enumeration of all principal entries.
abstract  PrincipalEntries getPrincipalEntries(java.security.Permission perm)
          Returns enumeration of principal entries that are granted with specified atomic permission.
abstract  java.security.PermissionCollection getPrincipalPermissions(java.security.CodeSource cs, java.security.Principal principal)
          Returns permissions associated with the principal, also with permissions inheritted from roles.
abstract  java.security.PermissionCollection getPrincipalPermissions(java.security.CodeSource cs, java.security.Principal principal, boolean roleInheritted)
          Returns permissions associated with the principal, optionally without permissions inheritted from roles.
abstract  java.util.Iterator getRoleNames()
          Returns iterator of role names.
abstract  java.security.PermissionCollection getRolePermissions(java.lang.String roleName)
          Get permissions owned by role.
static UpdateablePolicy getUpdateablePolicy()
          Returns the installed UpdateablePolicy instance.
static UpdateablePolicy initSingleton(java.util.Map configurationParameters)
          Initializes singleton using given parameters.
abstract  boolean isRoleManager()
          It tests, whether this policy can manage roles or not.
abstract  boolean isUpdatable()
          It tests, whether this policy is really updateable or read-only.
abstract  void refresh()
          Refresh and reload the Policy.
abstract  boolean removePermission(java.security.CodeSource cs, java.security.Principal principal, java.security.Permission permission)
          Removes permission from specified principal.
abstract  boolean removePermissionFromRole(java.lang.String roleName, java.security.Permission permission)
          Removes permission from role.
static void setUpdateablePolicy(UpdateablePolicy policy)
          Sets the current UpdateablePolicy.
 
Methods inherited from class javax.security.auth.Policy
getPolicy, setPolicy
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

WASP_POLICY_IMPL

public static final java.lang.String WASP_POLICY_IMPL
key for policy implementation (can be put into intialization map)

See Also:
Constant Field Values

WASP_POLICY_CHECKER

public static final java.lang.String WASP_POLICY_CHECKER
key for policy checker (can be put into intialization map)

See Also:
Constant Field Values
Constructor Detail

UpdateablePolicy

public UpdateablePolicy(java.util.Map map)
Constructor for invocation by subclass constructors.

Parameters:
map - configuration parameters
Method Detail

getUpdateablePolicy

public static UpdateablePolicy getUpdateablePolicy()
Returns the installed UpdateablePolicy instance. This method can invoke checkPermission with the AuthPermission("getPolicy") permission to ensure that the invoker can get policy. The behaviour of access controll check can be modified by initialization properties put into the initSingleton method. By default, no access control checking is performed. If the singleton has not been set explicitelly through the initSingleton method, then it initialized with System properties.

Returns:
updateable policy instance, the test for read-only policy can be performed by invoking the isUpdateable method

initSingleton

public static final UpdateablePolicy initSingleton(java.util.Map configurationParameters)
                                            throws java.lang.SecurityException
Initializes singleton using given parameters.

Parameters:
configurationParameters - a Map of configuration parameters, it must contain the following parameter:
  • wasp.policy.impl - refers to full class name of the implementation class
optional parameters:
  • wasp.policy.checker - if it is set to (String)"java" Java access controller is used to control get/set policy methods; if it is set to (String)"wasp" WASPAccessController with subject obtained from received credentials is used, otherwise no access control check is neccessary.
  • aditional parameters are given to implementation class, the whole map
Returns:
updatateable policy initalized through reflection API
Throws:
java.lang.SecurityException - singleton is already set, or singleton cannot be initialized

setUpdateablePolicy

public static void setUpdateablePolicy(UpdateablePolicy policy)
Sets the current UpdateablePolicy. This method first calls AccessController.checkPermission with the AuthPermission("setPolicy") permission to ensure the caller has permission to set policy.

Parameters:
policy - updateable policy instance to set

isUpdatable

public abstract boolean isUpdatable()
It tests, whether this policy is really updateable or read-only.

Returns:
false if it is read-only, true if it is updatable (principal oriented methods are fully supported)

isRoleManager

public abstract boolean isRoleManager()
It tests, whether this policy can manage roles or not.

Returns:
false if it cannot manage roles, true if it can (role oriented methods are fully supported)

refresh

public abstract void refresh()
Refresh and reload the Policy. The refresh method commits also commits all changes made on pricipal and role entries, empty roles and pricipal entries can be deleteted by this method.

getPermissions

public abstract java.security.PermissionCollection getPermissions(javax.security.auth.Subject subject,
                                                                  java.security.CodeSource codesource)
Retrieve the Permissions granted to the Principals associated with the specified CodeSource, always returns a collection containg AllPermissons .

Parameters:
subject - the Subject whose associated Principals, in conjunction with the provided CodeSource, determines the Permissions returned by this method. This parameter may be null.
codesource - the code specified by its CodeSource that determines, in conjunction with the provided Subject, the Permissions returned by this method. This parameter may be null.
Returns:
the Collection of Permissions granted to all the Subject and code specified in the provided subject and cs parameters.

addPermissions

public abstract void addPermissions(java.security.CodeSource cs,
                                    java.security.Principal principal,
                                    java.security.PermissionCollection collection)
                             throws java.security.AccessControlException
Adds collection of permissions to specified principal.

Parameters:
cs - codesource for this
principal - principal permission (can be null)
collection - valid collection of permission to be added to a principal
Throws:
java.security.AccessControlException - access control rules disallows to perform requested operation

addPermission

public abstract boolean addPermission(java.security.CodeSource cs,
                                      java.security.Principal principal,
                                      java.security.Permission permission)
                               throws java.security.AccessControlException
Adds a single permission to specified principal.

Parameters:
cs - codesource for this permission (can be null)
principal - principal
permission - valid permission to add
Returns:
true if the permission was added, false if it cannot be added, because the principal already owns the permission.
Throws:
java.security.AccessControlException - access control rules disallows to perform requested operation

removePermission

public abstract boolean removePermission(java.security.CodeSource cs,
                                         java.security.Principal principal,
                                         java.security.Permission permission)
                                  throws java.security.AccessControlException
Removes permission from specified principal.

Parameters:
cs - codesource for this permission (can be null)
principal - principal
permission - the permission has to match exactly (tested through equals method) to one of the permissions already assigned to the principal.
Returns:
true if the permission was removed, false if it cannot be removed, because the principal does not own the permission.
Throws:
java.security.AccessControlException - access control rules disallows to perform requested operation

getPrincipalPermissions

public abstract java.security.PermissionCollection getPrincipalPermissions(java.security.CodeSource cs,
                                                                           java.security.Principal principal)
                                                                    throws java.security.AccessControlException
Returns permissions associated with the principal, also with permissions inheritted from roles.

Parameters:
cs - codesource for this permission (can be null)
principal - principal (can be null)
Returns:
principal collection associated only with the given principal
Throws:
java.security.AccessControlException - access control rules disallows to perform requested operation

getPrincipalPermissions

public abstract java.security.PermissionCollection getPrincipalPermissions(java.security.CodeSource cs,
                                                                           java.security.Principal principal,
                                                                           boolean roleInheritted)
                                                                    throws java.security.AccessControlException
Returns permissions associated with the principal, optionally without permissions inheritted from roles.

Parameters:
cs - codesource for this permission (can be null)
principal - principal (can be null)
roleInheritted - true means that the returned permissions also contain permissions inheritted principal's roles
Returns:
principal collection associated only with the given principal
Throws:
java.security.AccessControlException - access control rules disallows to perform requested operation

getPrincipalEntries

public abstract PrincipalEntries getPrincipalEntries()
                                              throws java.security.AccessControlException
Returns enumeration of all principal entries.

Returns:
enumeration of principal entries, each entry contains principal permissions (without those, which are inheritted from roles)
Throws:
java.security.AccessControlException - access control rules disallows to perform requested operation

getPrincipalEntries

public abstract PrincipalEntries getPrincipalEntries(java.security.Permission perm)
                                              throws java.security.AccessControlException
Returns enumeration of principal entries that are granted with specified atomic permission. The permission is atomic if both its name and actions are not composed values.

Parameters:
perm - permission act as filter for the constructed result
Returns:
enumeration of principal entries, each entry contains principal permissions (without those, which are inheritted from roles)
Throws:
java.security.AccessControlException - access control rules disallows to perform requested operation

getRoleNames

public abstract java.util.Iterator getRoleNames()
Returns iterator of role names.

Returns:
iterator of role names (string values)

addPermissionToRole

public abstract boolean addPermissionToRole(java.lang.String roleName,
                                            java.security.Permission permission)
                                     throws java.security.AccessControlException
Adds permission to role.

Parameters:
roleName - role name
permission - permission to add, can be null to cteate empty role entry
Returns:
true if the permission was added, false if it cannot be added
Throws:
java.security.AccessControlException - the caller is not authorized to invoke this method

createRole

public boolean createRole(java.lang.String roleName)
                   throws java.security.AccessControlException
Creates empty role.

Parameters:
roleName - role name
Returns:
true if the role was added, false if it cannot be added
Throws:
java.security.AccessControlException - the caller is not authorized to invoke this method

removePermissionFromRole

public abstract boolean removePermissionFromRole(java.lang.String roleName,
                                                 java.security.Permission permission)
                                          throws java.security.AccessControlException
Removes permission from role.

Parameters:
roleName - role name
permission - permission to remove (can be null to remove the role) , the permission has to match exactly (tested through equals method) to one of the permissions already assigned to the role.
Returns:
true, if the permission was removed; false if it cannot be added
Throws:
java.security.AccessControlException - the caller is not authorized to invoke this method

deleteRole

public boolean deleteRole(java.lang.String roleName)
                   throws java.security.AccessControlException
Deletes role.

Parameters:
roleName - role name
Returns:
true, if the role was removed; false if it cannot be removed
Throws:
java.security.AccessControlException - the caller is not authorized to invoke this method

getRolePermissions

public abstract java.security.PermissionCollection getRolePermissions(java.lang.String roleName)
                                                               throws java.security.AccessControlException
Get permissions owned by role.

Parameters:
roleName - role name
Returns:
permission collection containing enumeration of role permissions
Throws:
java.security.AccessControlException - the caller is not authorized to invoke this method

destroy

public void destroy()
Releases allocated resources during Wasp destroy. A custom implementation could override it in order to deallocate its resources.

Since:
4.7
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD