/* * @(#)Policy.java 1.50 04/05/18 * * Copyright 2004 Sun Microsystems, Inc. All rights reserved. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package javax.security.auth; /** *
This is an abstract class for representing the system policy for
* Subject-based authorization. A subclass implementation
* of this class provides a means to specify a Subject-based
* access control Policy
.
*
*
A Policy
object can be queried for the set of
* Permissions granted to code running as a
* Principal
in the following manner:
*
*
* policy = Policy.getPolicy(); * PermissionCollection perms = policy.getPermissions(subject, * codeSource); ** * The
Policy
object consults the local policy and returns
* and appropriate Permissions
object with the
* Permissions granted to the Principals associated with the
* provided subject, and granted to the code specified
* by the provided codeSource.
*
* A Policy
contains the following information.
* Note that this example only represents the syntax for the default
* Policy
implementation. Subclass implementations of this class
* may implement alternative syntaxes and may retrieve the
* Policy
from any source such as files, databases,
* or servers.
*
*
Each entry in the Policy
is represented as
* a grant entry. Each grant entry
* specifies a codebase, code signers, and Principals triplet,
* as well as the Permissions granted to that triplet.
*
*
* grant CodeBase ["URL"], Signedby ["signers"], * Principal [Principal_Class] "Principal_Name" { * Permission Permission_Class ["Target_Name"] * [, "Permission_Actions"] * [, signedBy "SignerName"]; * }; ** * The CodeBase and Signedby components of the triplet name/value pairs * are optional. If they are not present, then any any codebase will match, * and any signer (including unsigned code) will match. * For Example, * *
* grant CodeBase "foo.com", Signedby "foo", * Principal com.sun.security.auth.SolarisPrincipal "duke" { * permission java.io.FilePermission "/home/duke", "read, write"; * }; ** * This grant entry specifies that code from "foo.com", * signed by "foo', and running as a
SolarisPrincipal
with the
* name, duke, has one Permission
. This Permission
* permits the executing code to read and write files in the directory,
* "/home/duke".
*
* To "run" as a particular Principal
,
* code invokes the Subject.doAs(subject, ...)
method.
* After invoking that method, the code runs as all the Principals
* associated with the specified Subject
.
* Note that this Policy
(and the Permissions
* granted in this Policy
) only become effective
* after the call to Subject.doAs
has occurred.
*
*
Multiple Principals may be listed within one grant entry.
* All the Principals in the grant entry must be associated with
* the Subject
provided to Subject.doAs
* for that Subject
to be granted the specified Permissions.
*
*
* grant Principal com.sun.security.auth.SolarisPrincipal "duke", * Principal com.sun.security.auth.SolarisNumericUserPrincipal "0" { * permission java.io.FilePermission "/home/duke", "read, write"; * permission java.net.SocketPermission "duke.com", "connect"; * }; ** * This entry grants any code running as both "duke" and "0" * permission to read and write files in duke's home directory, * as well as permission to make socket connections to "duke.com". * *
Note that non Principal-based grant entries are not permitted
* in this Policy
. Therefore, grant entries such as:
*
*
* grant CodeBase "foo.com", Signedby "foo" { * permission java.io.FilePermission "/tmp/scratch", "read, write"; * }; ** * are rejected. Such permission must be listed in the *
java.security.Policy
.
*
* The default Policy
implementation can be changed by
* setting the value of the "auth.policy.provider" security property
* (in the Java security properties file) to the fully qualified name of
* the desired Policy
implementation class.
* The Java security properties file is located in the file named
* <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME>
* refers to the directory where the JDK was installed.
*
* @deprecated as of JDK version 1.4 -- Replaced by java.security.Policy.
* java.security.Policy has a method:
*
* public PermissionCollection getPermissions * (java.security.ProtectionDomain pd) * ** and ProtectionDomain has a constructor: *
* public ProtectionDomain * (CodeSource cs, * PermissionCollection permissions, * ClassLoader loader, * Principal[] principals) ** * These two APIs provide callers the means to query the * Policy for Principal-based Permission entries. * * * @version 1.50, 05/18/04 */ @Deprecated public abstract class Policy { private static Policy policy; private static ClassLoader contextClassLoader; static { contextClassLoader = (ClassLoader)java.security.AccessController.doPrivileged (new java.security.PrivilegedAction() { public Object run() { return Thread.currentThread().getContextClassLoader(); } }); }; /** * Sole constructor. (For invocation by subclass constructors, typically * implicit.) */ protected Policy() { } /** * Returns the installed Policy object. * This method first calls *
SecurityManager.checkPermission
with the
* AuthPermission("getPolicy")
permission
* to ensure the caller has permission to get the Policy object.
*
*
*
* @return the installed Policy. The return value cannot be
* null
.
*
* @exception java.lang.SecurityException if the current thread does not
* have permission to get the Policy object.
*
* @see #setPolicy
*/
public static Policy getPolicy() {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(new AuthPermission("getPolicy"));
return getPolicyNoCheck();
}
/**
* Returns the installed Policy object, skipping the security check.
*
* @return the installed Policy.
*
*/
static Policy getPolicyNoCheck() {
if (policy == null) {
synchronized(Policy.class) {
if (policy == null) {
String policy_class = null;
policy_class = (String)
java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction() {
public Object run() {
return java.security.Security.getProperty
("auth.policy.provider");
}
});
if (policy_class == null) {
policy_class = "com.sun.security.auth.PolicyFile";
}
try {
final String finalClass = policy_class;
policy = (Policy)
java.security.AccessController.doPrivileged
(new java.security.PrivilegedExceptionAction() {
public Object run() throws ClassNotFoundException,
InstantiationException,
IllegalAccessException {
return Class.forName
(finalClass,
true,
contextClassLoader).newInstance();
}
});
} catch (Exception e) {
throw new SecurityException
(sun.security.util.ResourcesMgr.getString
("unable to instantiate Subject-based policy"));
}
}
}
}
return policy;
}
/**
* Sets the system-wide Policy object. This method first calls
* SecurityManager.checkPermission
with the
* AuthPermission("setPolicy")
* permission to ensure the caller has permission to set the Policy.
*
*
*
* @param policy the new system Policy object.
*
* @exception java.lang.SecurityException if the current thread does not
* have permission to set the Policy.
*
* @see #getPolicy
*/
public static void setPolicy(Policy policy) {
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) sm.checkPermission(new AuthPermission("setPolicy"));
Policy.policy = policy;
}
/**
* Retrieve the Permissions granted to the Principals associated with
* the specified CodeSource
.
*
*
*
* @param subject the Subject
* whose associated Principals,
* in conjunction with the provided
* CodeSource
, determines the Permissions
* returned by this method. This parameter
* may be null
.
*
* @param cs the code specified by its CodeSource
* that determines, in conjunction with the provided
* Subject
, the Permissions
* returned by this method. This parameter may be
* null
.
*
* @return the Collection of Permissions granted to all the
* Subject
and code specified in
* the provided subject and cs
* parameters.
*/
public abstract java.security.PermissionCollection getPermissions
(Subject subject,
java.security.CodeSource cs);
/**
* Refresh and reload the Policy.
*
*
This method causes this object to refresh/reload its current
* Policy. This is implementation-dependent.
* For example, if the Policy object is stored in
* a file, calling refresh
will cause the file to be re-read.
*
*
* * @exception SecurityException if the caller does not have permission * to refresh the Policy. */ public abstract void refresh(); }