Package com.sun.identity.policy.jaas

Class ISPermission

  • All Implemented Interfaces:
    Serializable, Guard
    public class ISPermission
extends Permission
    This class provides the support for JAAS Authorization service Its a new JAAS Permission which extends the Permission class. This is the only API which gets used by an application/container to evaluate policy against the OpenAM Policy framework. This class provides implementations of all the required abstract methods of java.security.Permission , in a way that the policy evaluation is made against the OpenAM Policy service.

    For example, one would use this class as follows to evaluate policy permissions: 

     ISPermission perm = new ISPermission("iPlanetAMWebAgentService",
                  "http://www.example.com:80","GET");
 AccessController.checkPermission(perm);
    If OpenAM has the policy service iPlanetAMWebAgentService which has a Rule defined for resource http://www.example.com:80 with action "GET" with allow privilege, this call will return quietly, if such a policy is not found then access is denied and Exception thrown accordingly. Also ISPermission co-exists with the permissions specified in the JDK policy store ( by default file sun.security.provider.PolicyFile or defined on the command line using the -D option.

    See Also:
    Permission, Subject, ProtectionDomain, Serialized Form

    • Constructor Detail

      • ISPermission

        protected ISPermission​(ProtectionDomain pd)
        Constructs an ISPermission instance, with the specified ProtectionDomain.
        Parameters:
        pd - ProtectionDomain for which this ISPermission is being created.

      • ISPermission

        public ISPermission​(Subject subject,
                    CodeSource codesource)
        Constructs an ISPermission instance, with the specified Subject and the CodeSource.
        Parameters:
        subject - Subject for which this ISPermission is being created.
        codesource - CodeSource for which this permission is being created.

      • ISPermission

        public ISPermission​(CodeSource codesource)
        Constructs an ISPermission instance, with the specified CodeSource.
        Parameters:
        codesource - CodeSource for which this permission is being created.

      • ISPermission

        public ISPermission​(String serviceName,
                    String resourceName,
                    String actions)
        Constructs an ISPermission instance, with the specified service name, resource name and action name.
        Parameters:
        serviceName - name of service for which this ISPermission is being created. This name needs to be one of the loaded services in the OpenAM's policy engine. example: iPlanetAMWegAgentService
        resourceName - name of the resource for which this ISPermission is being defined.
        actions - name of the action that needs to be checked for. It may be a String like "GET", "POST" in case of service name iPlanetAMWebAgentService.

      • ISPermission

        public ISPermission​(String serviceName,
                    String resourceName,
                    String actions,
                    Map envParams)
        Constructs an ISPermission instance, with the specified service name, resource name and action name.
        Parameters:
        serviceName - name of service for which this ISPermission is being created. This name needs to be one of the loaded policy services in the OpenSSO. example: iPlanetAMWegAgentService
        resourceName - name of the resource for which this ISPermission is being defined.
        actions - name of the action that needs to be checked for. It may be a String like "GET", "POST" in case of service name iPlanetAMWebAgentService.
        envParams - a java.util.Map of environment parameters which are used by the com.sun.identity.policy.client.PolicyEvaluator to evaluate the com.sun.identity.policy.Conditions associated with the policy. This is a Map of attribute-value pairs representing the environment under which the policy needs to be evaluated.

    • Method Detail

      • getServiceName

        public String getServiceName()
        returns the name of the service associated with this ISPermission .
        Returns:
        String representing the name of the service for this permission.

      • getResourceName

        public String getResourceName()
        returns the name of the resource associated with this ISPermission .
        Returns:
        String representing the name of the resource for this permission.

      • getEnvParams

        public Map getEnvParams()
        returns environment parameters and their values associated with this ISPermission.
        Returns:
        Map representing the environment parameters of this permission. The Map consists of attribute value pairs.

      • getActions

        public String getActions()
        returns a comma separated list of actions associated with this ISPermission.
        Specified by:
        getActions in class Permission
        Returns:
        a comma separated String representing the name of the action for this object. For example for: 
                  ISPermission isp = new ISPermission("iPlanetAMWebAgentService, 
              "http://www.sun.com:80", "GET, POST");
          getActions() would return "GET,POST"

      • getSubject

        public Subject getSubject()
        returns the Subjectassociated with this ISPermission .
        Returns:
        javax.security.auth.Subject representing the subject of this permission.

      • getCodeSource

        public CodeSource getCodeSource()
        returns the CodeSourceassociated with this ISPermission.
        Returns:
        java.security.CodeSource representing the codesource of this permission.

      • getProtectionDomain

        public ProtectionDomain getProtectionDomain()
        returns the ProtectionDomainassociated with this ISPermission.
        Returns:
        java.security.ProtectionDomain representing the protectionDomain of this permission.

      • equals

        public boolean equals​(Object obj)
        Returns true if two ISPermission objects for equality.
        Specified by:
        equals in class Permission
        Parameters:
        obj - ISPermission object.
        Returns:
        true if subject, codesource, service name, resource name actions and environment parameters of both objects are equal.

      • hashCode

        public int hashCode()
        Returns the hash code value for this Permission object.

        The required hashCode behavior for Permission Objects is the following:

        • Whenever it is invoked on the same Permission object more than once during an execution of a Java application, the hashCode method must consistently return the same integer. This integer need not remain consistent from one execution of an application to another execution of the same application.

        • If two Permission objects are equal according to the equals method, then calling the hashCode method on each of the two Permission objects must produce the same integer result.
        Specified by:
        hashCode in class Permission
        Returns:
        a hash code value for this object.

      • implies

        public boolean implies​(Permission perm)
        Checks if the specified permission's actions are "implied by" this object's actions.

        The implies method is used by the AccessController to determine whether or not a requested permission is implied by another permission that is known to be valid in the current execution context.

        Specified by:
        implies in class Permission
        Parameters:
        perm - the permission to check against.
        Returns:
        true if the specified permission is implied by this object, false if not. The check is made against the OpenAM's policy service to determine this evaluation.

      • toString

        public String toString()
        Returns a string describing this Permission.
        Overrides:
        toString in class Permission
        Returns:
        String containing information about this Permission.