com.sun.identity.policy.jaas

Class ISPermission

java.lang.Object

java.security.Permission

com.sun.identity.policy.jaas.ISPermission

All Implemented Interfaces:

Serializable, Guard

public class ISPermission
extends Permission

This class provides the support for JAAS Authorization service Its a new JAAS Permission which extends the Permission class. This is the only API which gets used by an application/container to evaluate policy against the OpenAM Policy framework. This class provides implementations of all the required abstract methods of java.security.Permission , in a way that the policy evaluation is made against the OpenAM Policy service.

For example, one would use this class as follows to evaluate policy permissions:

 ISPermission perm = new ISPermission("iPlanetAMWebAgentService",
                  "http://www.example.com:80","GET");
 AccessController.checkPermission(perm);
 

If OpenAM has the policy service iPlanetAMWebAgentService which has a Rule defined for resource http://www.example.com:80 with action "GET" with allow privilege, this call will return quietly, if such a policy is not found then access is denied and Exception thrown accordingly. Also ISPermission co-exists with the permissions specified in the JDK policy store ( by default file sun.security.provider.PolicyFile or defined on the command line using the -D option.

See Also:

Permission, Subject,

, Serialized Form

Constructor Summary

Constructors

Modifier	Constructor and Description
	ISPermission(CodeSource codesource) Constructs an ISPermission instance, with the specified CodeSource.
protected	ISPermission(ProtectionDomain pd) Constructs an ISPermission instance, with the specified ProtectionDomain.
	ISPermission(String serviceName, String resourceName, String actions) Constructs an ISPermission instance, with the specified service name, resource name and action name.
	ISPermission(String serviceName, String resourceName, String actions, Map envParams) Constructs an ISPermission instance, with the specified service name, resource name and action name.
	ISPermission(Subject subject, CodeSource codesource) Constructs an ISPermission instance, with the specified Subject and the CodeSource.

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object obj) Returns true if two ISPermission objects for equality.
String	getActions() returns a comma separated list of actions associated with this ISPermission.
CodeSource	getCodeSource() returns the CodeSourceassociated with this ISPermission.
Map	getEnvParams() returns environment parameters and their values associated with this ISPermission.
ProtectionDomain	getProtectionDomain() returns the ProtectionDomainassociated with this ISPermission.
String	getResourceName() returns the name of the resource associated with this ISPermission .
String	getServiceName() returns the name of the service associated with this ISPermission .
Subject	getSubject() returns the Subjectassociated with this ISPermission .
int	hashCode() Returns the hash code value for this Permission object.
boolean	implies(Permission perm) Checks if the specified permission's actions are "implied by" this object's actions.
PermissionCollection	newPermissionCollection() Returns a java.security.PermissionCollection to store this kind of Permission.
String	toString() Returns a string describing this Permission.

Methods inherited from class java.security.Permission

checkGuard, getName

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

ISPermission

protected ISPermission(ProtectionDomain pd)

Constructs an ISPermission instance, with the specified ProtectionDomain.

Parameters:

pd - ProtectionDomain for which this ISPermission is being created.

ISPermission

public ISPermission(Subject subject,
                    CodeSource codesource)

Constructs an ISPermission instance, with the specified Subject and the CodeSource.

Parameters:

subject - Subject for which this ISPermission is being created.

codesource - CodeSource for which this permission is being created.

ISPermission

public ISPermission(CodeSource codesource)

Constructs an ISPermission instance, with the specified CodeSource.

Parameters:

codesource - CodeSource for which this permission is being created.

ISPermission

public ISPermission(String serviceName,
                    String resourceName,
                    String actions)

Constructs an ISPermission instance, with the specified service name, resource name and action name.

Parameters:

serviceName - name of service for which this ISPermission is being created. This name needs to be one of the loaded services in the OpenAM's policy engine. example: iPlanetAMWegAgentService

resourceName - name of the resource for which this ISPermission is being defined.

actions - name of the action that needs to be checked for. It may be a String like "GET", "POST" in case of service name iPlanetAMWebAgentService.

ISPermission

public ISPermission(String serviceName,
                    String resourceName,
                    String actions,
                    Map envParams)

Constructs an ISPermission instance, with the specified service name, resource name and action name.

Parameters:

serviceName - name of service for which this ISPermission is being created. This name needs to be one of the loaded policy services in the OpenSSO. example: iPlanetAMWegAgentService

resourceName - name of the resource for which this ISPermission is being defined.

actions - name of the action that needs to be checked for. It may be a String like "GET", "POST" in case of service name iPlanetAMWebAgentService.

envParams - a java.util.Map of environment parameters which are used by the com.sun.identity.policy.client.PolicyEvaluator to evaluate the com.sun.identity.policy.Conditions associated with the policy. This is a Map of attribute-value pairs representing the environment under which the policy needs to be evaluated.

Method Detail

getServiceName

public String getServiceName()

returns the name of the service associated with this ISPermission .

Returns:

String representing the name of the service for this permission.

getResourceName

public String getResourceName()

returns the name of the resource associated with this ISPermission .

Returns:

String representing the name of the resource for this permission.

getEnvParams

public Map getEnvParams()

returns environment parameters and their values associated with this ISPermission.

Returns:

Map representing the environment parameters of this permission. The Map consists of attribute value pairs.

getActions

public String getActions()

returns a comma separated list of actions associated with this ISPermission.

Specified by:

getActions in class Permission

Returns:

a comma separated String representing the name of the action for this object. For example for:

          ISPermission isp = new ISPermission("iPlanetAMWebAgentService, 
              "http://www.sun.com:80", "GET, POST");
          getActions() would return "GET,POST"
          

getSubject

public Subject getSubject()

returns the Subjectassociated with this ISPermission .

Returns:

javax.security.auth.Subject representing the subject of this permission.

getCodeSource

public CodeSource getCodeSource()

returns the CodeSourceassociated with this ISPermission.

Returns:

java.security.CodeSource representing the codesource of this permission.

getProtectionDomain

public ProtectionDomain getProtectionDomain()

returns the ProtectionDomainassociated with this ISPermission.

Returns:

java.security.ProtectionDomain representing the protectionDomain of this permission.

equals

public boolean equals(Object obj)

Returns true if two ISPermission objects for equality.

Specified by:

equals in class Permission

Parameters:

obj - ISPermission object.

Returns:

true if subject, codesource, service name, resource name actions and environment parameters of both objects are equal.

hashCode

public int hashCode()

Returns the hash code value for this Permission object.

The required hashCode behavior for Permission Objects is the following:

• Whenever it is invoked on the same Permission object more than once during an execution of a Java application, the hashCode method must consistently return the same integer. This integer need not remain consistent from one execution of an application to another execution of the same application.

• If two Permission objects are equal according to the equals method, then calling the hashCode method on each of the two Permission objects must produce the same integer result.

Specified by:

hashCode in class Permission

Returns:

a hash code value for this object.

implies

public boolean implies(Permission perm)

Checks if the specified permission's actions are "implied by" this object's actions.

The implies method is used by the AccessController to determine whether or not a requested permission is implied by another permission that is known to be valid in the current execution context.

Specified by:

implies in class Permission

Parameters:

perm - the permission to check against.

Returns:

true if the specified permission is implied by this object, false if not. The check is made against the OpenAM's policy service to determine this evaluation.

newPermissionCollection

public PermissionCollection newPermissionCollection()

Returns a java.security.PermissionCollection to store this kind of Permission.

Overrides:

newPermissionCollection in class Permission

Returns:

an instance of ISPermissionCollection

toString

public String toString()

Returns a string describing this Permission.

Overrides:

toString in class Permission

Returns:

String containing information about this Permission.