API Overview API Index Package Overview Direct link to this page
JDK 1.6
  javax.security.auth. Policy View Javadoc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298

/*
 * @(#)Policy.java	1.52 05/11/17
 *
 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
 * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
 */
 
package javax.security.auth;

/**
 * <p> This is an abstract class for representing the system policy for
 * Subject-based authorization.  A subclass implementation
 * of this class provides a means to specify a Subject-based
 * access control <code>Policy</code>.
 *
 * <p> A <code>Policy</code> object can be queried for the set of
 * Permissions granted to code running as a 
 * <code>Principal</code> in the following manner:
 *
 * <pre>
 *	policy = Policy.getPolicy();
 *	PermissionCollection perms = policy.getPermissions(subject,
 *							codeSource);
 * </pre>
 *
 * The <code>Policy</code> object consults the local policy and returns
 * and appropriate <code>Permissions</code> object with the
 * Permissions granted to the Principals associated with the
 * provided <i>subject</i>, and granted to the code specified
 * by the provided <i>codeSource</i>.
 *
 * <p> A <code>Policy</code> contains the following information.
 * Note that this example only represents the syntax for the default
 * <code>Policy</code> implementation. Subclass implementations of this class
 * may implement alternative syntaxes and may retrieve the
 * <code>Policy</code> from any source such as files, databases,
 * or servers.
 *
 * <p> Each entry in the <code>Policy</code> is represented as
 * a <b><i>grant</i></b> entry.  Each <b><i>grant</i></b> entry
 * specifies a codebase, code signers, and Principals triplet,
 * as well as the Permissions granted to that triplet.
 *
 * <pre>
 *	grant CodeBase ["URL"], Signedby ["signers"],
 *	      Principal [Principal_Class] "Principal_Name" {
 *	    Permission Permission_Class ["Target_Name"]
 *					[, "Permission_Actions"]
 *					[, signedBy "SignerName"];
 *	};
 * </pre>
 *
 * The CodeBase and Signedby components of the triplet name/value pairs
 * are optional.  If they are not present, then any any codebase will match,
 * and any signer (including unsigned code) will match.
 * For Example,
 *
 * <pre>
 *	grant CodeBase "foo.com", Signedby "foo",
 *	      Principal com.sun.security.auth.SolarisPrincipal "duke" {
 *	    permission java.io.FilePermission "/home/duke", "read, write";
 *	};
 * </pre>
 *
 * This <b><i>grant</i></b> entry specifies that code from "foo.com",
 * signed by "foo', and running as a <code>SolarisPrincipal</code> with the
 * name, duke, has one <code>Permission</code>.  This <code>Permission</code>
 * permits the executing code to read and write files in the directory,
 * "/home/duke".
 *
 * <p> To "run" as a particular <code>Principal</code>,
 * code invokes the <code>Subject.doAs(subject, ...)</code> method.
 * After invoking that method, the code runs as all the Principals
 * associated with the specified <code>Subject</code>.
 * Note that this <code>Policy</code> (and the Permissions
 * granted in this <code>Policy</code>) only become effective
 * after the call to <code>Subject.doAs</code> has occurred.
 *
 * <p> Multiple Principals may be listed within one <b><i>grant</i></b> entry.
 * All the Principals in the grant entry must be associated with
 * the <code>Subject</code> provided to <code>Subject.doAs</code>
 * for that <code>Subject</code> to be granted the specified Permissions.
 *
 * <pre>
 *	grant Principal com.sun.security.auth.SolarisPrincipal "duke",
 *	      Principal com.sun.security.auth.SolarisNumericUserPrincipal "0" {
 *	    permission java.io.FilePermission "/home/duke", "read, write";
 *	    permission java.net.SocketPermission "duke.com", "connect";
 *	};
 * </pre>
 *
 * This entry grants any code running as both "duke" and "0"
 * permission to read and write files in duke's home directory,
 * as well as permission to make socket connections to "duke.com".
 * 
 * <p> Note that non Principal-based grant entries are not permitted
 * in this <code>Policy</code>.  Therefore, grant entries such as:
 *
 * <pre>
 *	grant CodeBase "foo.com", Signedby "foo" {
 *	    permission java.io.FilePermission "/tmp/scratch", "read, write";
 *	};
 * </pre>
 *
 * are rejected.  Such permission must be listed in the
 * <code>java.security.Policy</code>.
 *
 * <p> The default <code>Policy</code> implementation can be changed by
 * setting the value of the "auth.policy.provider" security property
 * (in the Java security properties file) to the fully qualified name of
 * the desired <code>Policy</code> implementation class.
 * The Java security properties file is located in the file named
 * &lt;JAVA_HOME&gt;/lib/security/java.security.
 * &lt;JAVA_HOME&gt; refers to the value of the java.home system property,
 * and specifies the directory where the JRE is installed.
 *
 * @deprecated	as of JDK version 1.4 -- Replaced by java.security.Policy.
 *		java.security.Policy has a method:
 * <pre>
 * 	public PermissionCollection getPermissions
 *  	    (java.security.ProtectionDomain pd)
 * 
 * </pre>
 * and ProtectionDomain has a constructor:
 * <pre>
 *	public ProtectionDomain
 *	    (CodeSource cs,
 *	     PermissionCollection permissions,
 *	     ClassLoader loader,
 *	     Principal[] principals)
 * </pre>
 *
 * These two APIs provide callers the means to query the
 * Policy for Principal-based Permission entries.
 *
 *
 * @version 1.52, 11/17/05
 */
@Deprecated
public abstract class Policy {

    private static Policy policy;
    private static ClassLoader contextClassLoader;

    static {
	contextClassLoader =
		(ClassLoader)java.security.AccessController.doPrivileged
                (new java.security.PrivilegedAction() {
                public Object run() {
                    return Thread.currentThread().getContextClassLoader();
                }
        });
    };

    /**
     * Sole constructor.  (For invocation by subclass constructors, typically
     * implicit.)
     */
    protected Policy() { }

    /**
     * Returns the installed Policy object.
     * This method first calls
     * <code>SecurityManager.checkPermission</code> with the
     * <code>AuthPermission("getPolicy")</code> permission
     * to ensure the caller has permission to get the Policy object.
     *
     * <p>
     *
     * @return the installed Policy.  The return value cannot be
     *		<code>null</code>.
     *
     * @exception java.lang.SecurityException if the current thread does not
     *	    have permission to get the Policy object.
     *
     * @see #setPolicy
     */
    public static Policy getPolicy() {
	java.lang.SecurityManager sm = System.getSecurityManager();
	if (sm != null) sm.checkPermission(new AuthPermission("getPolicy"));
	return getPolicyNoCheck();
    }

    /**
     * Returns the installed Policy object, skipping the security check.
     *
     * @return the installed Policy.
     *
     */
    static Policy getPolicyNoCheck() {
	if (policy == null) {
 
	    synchronized(Policy.class) {
 
		if (policy == null) {
		    String policy_class = null;
		    policy_class = (String)
			java.security.AccessController.doPrivileged
			(new java.security.PrivilegedAction() {
			public Object run() {
			    return java.security.Security.getProperty
				("auth.policy.provider");
			}
		    });
		    if (policy_class == null) {
			policy_class = "com.sun.security.auth.PolicyFile";
		    }
 
		    try {
			final String finalClass = policy_class;
			policy = (Policy)
			    java.security.AccessController.doPrivileged
			    (new java.security.PrivilegedExceptionAction() {
			    public Object run() throws ClassNotFoundException,
						InstantiationException,
						IllegalAccessException {
				return Class.forName
					(finalClass,
					true,
					contextClassLoader).newInstance();
			    }
			});
		    } catch (Exception e) {
			throw new SecurityException
				(sun.security.util.ResourcesMgr.getString
				("unable to instantiate Subject-based policy"));
		    }
		}
	    }
	}
	return policy;
    }


    /**
     * Sets the system-wide Policy object. This method first calls
     * <code>SecurityManager.checkPermission</code> with the
     * <code>AuthPermission("setPolicy")</code>
     * permission to ensure the caller has permission to set the Policy.
     *
     * <p>
     *
     * @param policy the new system Policy object.
     *
     * @exception java.lang.SecurityException if the current thread does not
     *		have permission to set the Policy.
     *
     * @see #getPolicy
     */
    public static void setPolicy(Policy policy) {
	java.lang.SecurityManager sm = System.getSecurityManager();
	if (sm != null) sm.checkPermission(new AuthPermission("setPolicy"));
	Policy.policy = policy;
    }

    /**
     * Retrieve the Permissions granted to the Principals associated with
     * the specified <code>CodeSource</code>.
     *
     * <p>
     *
     * @param subject the <code>Subject</code>
     *			whose associated Principals,
     *			in conjunction with the provided
     *			<code>CodeSource</code>, determines the Permissions
     *			returned by this method.  This parameter
     *			may be <code>null</code>. <p>
     *
     * @param cs the code specified by its <code>CodeSource</code>
     *			that determines, in conjunction with the provided
     *			<code>Subject</code>, the Permissions
     *			returned by this method.  This parameter may be
     *			<code>null</code>.
     *
     * @return the Collection of Permissions granted to all the
     *			<code>Subject</code> and code specified in
     *			the provided <i>subject</i> and <i>cs</i>
     *			parameters.
     */
    public abstract java.security.PermissionCollection getPermissions
					(Subject subject,
					java.security.CodeSource cs);

    /**
     * Refresh and reload the Policy.
     *
     * <p>This method causes this object to refresh/reload its current
     * Policy. This is implementation-dependent.
     * For example, if the Policy object is stored in
     * a file, calling <code>refresh</code> will cause the file to be re-read.
     *
     * <p>
     *
     * @exception SecurityException if the caller does not have permission
     *				to refresh the Policy.
     */
    public abstract void refresh();
}

Generated By: JavaOnTracks Doclet 0.1.4     ©Thibaut Colar