com.sun.identity.policy.jaas

Class ISPolicy

java.lang.Object

java.security.Policy

com.sun.identity.policy.jaas.ISPolicy

public class ISPolicy
extends Policy

This is an implementation of abstract class java.security.Policy for representing the system security policy for a Java application environment. It provides a custom policy implementation based on JAAS and JDK 1.5 and above.It makes policy evaluation against the OpenAM Policy Service instead of the default file based one.

It provides implementation of the abstract methods in Policy class.

In general the source location for the policy information utilized by the Policy object to make policy decisions is up to the Policy implementation. In the case of ISPolicy the source comes from the OpenAM's policy store, which is consulted to make the policy evaluation.

A Policy object can be queried for the set of Permissions granted to set of classes running as a Principal in the following manner:

   policy = Policy.getPolicy();
   PermissionCollection perms = policy.getPermissions(ProtectionDomain);
 

The Policy object consults the local policy and returns the appropriate PermissionCollection object ISPermissionCollection containing the Permissions granted to the Principals and granted to the set of classes specified by the provided protectionDomain.

The currently-installed Policy object can be obtained by calling the getPolicy method, and it can be changed by a call to the setPolicy method (by code with permission to reset the Policy).

The refresh method causes the policy object to refresh/reload its current configuration.

See Also:

ProtectionDomain, PermissionCollection

Nested Class Summary

Nested classes/interfaces inherited from class java.security.Policy

Policy.Parameters

Field Summary

Fields inherited from class java.security.Policy

UNSUPPORTED_EMPTY_COLLECTION

Constructor Summary

Constructors

Constructor and Description
ISPolicy() Constructs an ISPolicy instance.

Method Summary

Modifier and Type	Method and Description
PermissionCollection	getPermissions(CodeSource codesource) Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for Principals associated with the specified code source.
PermissionCollection	getPermissions(ProtectionDomain protectionDomain) Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for Principals associated with the enclosed set of classes.
void	refresh() Refreshes/reloads the policy configuration.

Methods inherited from class java.security.Policy

getInstance, getInstance, getInstance, getParameters, getPolicy, getProvider, getType, implies, setPolicy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ISPolicy

public ISPolicy()

Constructs an ISPolicy instance. Save the existing global policy , so that we can use that for evaluating permissions we do not support through our custom policy implementation like FilePermission, SecurityPermission etc.

Method Detail

getPermissions

public PermissionCollection getPermissions(ProtectionDomain protectionDomain)

Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for Principals associated with the enclosed set of classes. Here we always return the PermissionCollection after adding theISPermission object into it, so that policy determination is also based on OpenAM's policies.

Overrides:

getPermissions in class Policy

Parameters:

protectionDomain - the protection domain which encapsulates the characteristics of a domain, which encloses the set of classes whose instances are granted the permissions when being executed on behalf of the given set of Principals.

Returns:

the Collection of permissions allowed for the protection domain according to the policy.

Throws:

SecurityException - if the current thread does not have permission to call getPermissions on the policy object.

getPermissions

public PermissionCollection getPermissions(CodeSource codesource)

Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for Principals associated with the specified code source. Here we always return the PermissionCollection after adding theISPermission object into it, so that policy determination is also based on OpenAM's policies.

Overrides:

getPermissions in class Policy

Parameters:

codesource - the CodeSource associated with the caller. This encapsulates the original location of the code (where the code came from) and the public key(s) of its signer.This parameter may be null.

Returns:

the Collection of permissions allowed for the code from codesource according to the policy.

Throws:

SecurityException - if the current thread does not have permission to call getPermissions on the policy object.

refresh

public void refresh()

Refreshes/reloads the policy configuration. The behavior of this method depends on the implementation. In this implementation we will call refresh on the defaultPolicy we saved in the ISPolicy constructor.

Overrides:

refresh in class Policy

Throws:

SecurityException - if the current thread does not have permission to refresh this Policy object.