Package com.sun.identity.policy.jaas

Class ISPolicy

  • public class ISPolicy
extends Policy
    This is an implementation of abstract class java.security.Policy for representing the system security policy for a Java application environment. It provides a custom policy implementation based on JAAS and JDK 1.5 and above.It makes policy evaluation against the OpenAM Policy Service instead of the default file based one.

    It provides implementation of the abstract methods in Policy class.

    In general the source location for the policy information utilized by the Policy object to make policy decisions is up to the Policy implementation. In the case of ISPolicy the source comes from the OpenAM's policy store, which is consulted to make the policy evaluation.

    A Policy object can be queried for the set of Permissions granted to set of classes running as a Principal in the following manner: 

       policy = Policy.getPolicy();
   PermissionCollection perms = policy.getPermissions(ProtectionDomain);
    The Policy object consults the local policy and returns the appropriate PermissionCollection object ISPermissionCollection containing the Permissions granted to the Principals and granted to the set of classes specified by the provided protectionDomain.

    The currently-installed Policy object can be obtained by calling the getPolicy method, and it can be changed by a call to the setPolicy method (by code with permission to reset the Policy).

    The refresh method causes the policy object to refresh/reload its current configuration.

    See Also:
    ProtectionDomain, PermissionCollection

    • Constructor Detail

      • ISPolicy

        public ISPolicy()
        Constructs an ISPolicy instance. Save the existing global policy , so that we can use that for evaluating permissions we do not support through our custom policy implementation like FilePermission, SecurityPermission etc.

    • Method Detail

      • getPermissions

        public PermissionCollection getPermissions​(ProtectionDomain protectionDomain)
        Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for Principals associated with the enclosed set of classes. Here we always return the PermissionCollection after adding theISPermission object into it, so that policy determination is also based on OpenAM's policies.
        Overrides:
        getPermissions in class Policy
        Parameters:
        protectionDomain - the protection domain which encapsulates the characteristics of a domain, which encloses the set of classes whose instances are granted the permissions when being executed on behalf of the given set of Principals.
        Returns:
        the Collection of permissions allowed for the protection domain according to the policy.
        Throws:
        SecurityException - if the current thread does not have permission to call getPermissions on the policy object.

      • getPermissions

        public PermissionCollection getPermissions​(CodeSource codesource)
        Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for Principals associated with the specified code source. Here we always return the PermissionCollection after adding theISPermission object into it, so that policy determination is also based on OpenAM's policies.
        Overrides:
        getPermissions in class Policy
        Parameters:
        codesource - the CodeSource associated with the caller. This encapsulates the original location of the code (where the code came from) and the public key(s) of its signer.This parameter may be null.
        Returns:
        the Collection of permissions allowed for the code from codesource according to the policy.
        Throws:
        SecurityException - if the current thread does not have permission to call getPermissions on the policy object.

      • refresh

        public void refresh()
        Refreshes/reloads the policy configuration. The behavior of this method depends on the implementation. In this implementation we will call refresh on the defaultPolicy we saved in the ISPolicy constructor.
        Overrides:
        refresh in class Policy
        Throws:
        SecurityException - if the current thread does not have permission to refresh this Policy object.