com.sun.enterprise.security.provider

Class PolicyConfigurationImpl

java.lang.Object

com.sun.enterprise.security.provider.PolicyConfigurationImpl

All Implemented Interfaces:

javax.security.jacc.PolicyConfiguration

public class PolicyConfigurationImpl
extends Object
implements javax.security.jacc.PolicyConfiguration

Implementation of Jacc PolicyConfiguration Interface

Author:

Harpreet Singh (harpreet.singh@sun.com), Ron Monzillo

Field Summary

Fields

Modifier and Type	Field and Description
static int	DELETED_STATE
static int	INSERVICE_STATE
static int	OPEN_STATE
protected int	state

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	PolicyConfigurationImpl(File applicationPolicyDirectory, boolean open, boolean remove, PolicyConfigurationFactoryImpl fact)
protected	PolicyConfigurationImpl(String contextId, PolicyConfigurationFactoryImpl fact)

Method Summary

Modifier and Type	Method and Description
void	addToExcludedPolicy(Permission permission) Used to add a single excluded policy statement to this PolicyConfiguration.
void	addToExcludedPolicy(PermissionCollection permissions) Used to add excluded policy statements to this PolicyConfiguration.
void	addToRole(String roleName, Permission permission) Used to add a single permission to a named role in this PolicyConfiguration.
void	addToRole(String roleName, PermissionCollection permissions) Used to add permissions to a named role in this PolicyConfiguration.
void	addToUncheckedPolicy(Permission permission) Used to add a single unchecked policy statement to this PolicyConfiguration.
void	addToUncheckedPolicy(PermissionCollection permissions) Used to add unchecked policy statements to this PolicyConfiguration.
protected void	checkSetPolicyPermission()
void	commit() This method is used to set to "inService" the state of the policy context whose interface is this PolicyConfiguration Object.
void	delete() Causes all policy statements to be deleted from this PolicyConfiguration and sets its internal state such that calling any method, other than delete, getContextID, or inService on the PolicyConfiguration will be rejected and cause an UnsupportedOperationException to be thrown.
String	getContextID() This method returns this object's policy context identifier.
protected Permissions	getExcludedPolicy()
protected Policy	getPolicy()
protected void	initialize(boolean open, boolean remove, boolean fromFile)
boolean	inService() This method is used to determine if the policy context whose interface is this PolicyConfiguration Object is in the "inService" state.
void	linkConfiguration(javax.security.jacc.PolicyConfiguration link) Creates a relationship between this configuration and another such that they share the same principal-to-role mappings.
protected void	refresh(boolean force)
void	removeExcludedPolicy() Used to remove any excluded policy statements from this PolicyConfiguration.
void	removeRole(String roleName) Used to remove a role and all its permissions from this PolicyConfiguration.
void	removeUncheckedPolicy() Used to remove any unchecked policy statements from this PolicyConfiguration.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

OPEN_STATE

public static final int OPEN_STATE

See Also:

Constant Field Values

INSERVICE_STATE

public static final int INSERVICE_STATE

See Also:

Constant Field Values

DELETED_STATE

public static final int DELETED_STATE

See Also:

Constant Field Values

state

protected int state

Constructor Detail

PolicyConfigurationImpl

protected PolicyConfigurationImpl(String contextId,
                                  PolicyConfigurationFactoryImpl fact)

PolicyConfigurationImpl

protected PolicyConfigurationImpl(File applicationPolicyDirectory,
                                  boolean open,
                                  boolean remove,
                                  PolicyConfigurationFactoryImpl fact)

Parameters:

applicationPolicyDirectory, - need to have absolute path

open, - then mark state as open

remove, - then remove any existing policy statements

Method Detail

getContextID

public String getContextID()
                    throws javax.security.jacc.PolicyContextException

This method returns this object's policy context identifier.

Specified by:

getContextID in interface javax.security.jacc.PolicyConfiguration

Returns:

this object's policy context identifier.

Throws:

SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.

javax.security.jacc.PolicyContextException - if the implementation throws a checked exception that has not been accounted for by the getContextID method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.

addToRole

public void addToRole(String roleName,
                      PermissionCollection permissions)
               throws javax.security.jacc.PolicyContextException

Used to add permissions to a named role in this PolicyConfiguration. If the named Role does not exist in the PolicyConfiguration, it is created as a result of the call to this function.

It is the job of the Policy provider to ensure that all the permissions added to a role are granted to principals "mapped to the role".

Specified by:

addToRole in interface javax.security.jacc.PolicyConfiguration

Parameters:

roleName - the name of the Role to which the permissions are to be added.

permissions - the collection of permissions to be added to the role. The collection may be either a homogenous or heterogenous collection.

Throws:

SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.

UnsupportedOperationException - if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.

javax.security.jacc.PolicyContextException - if the implementation throws a checked exception that has not been accounted for by the addToRole method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.

addToRole

public void addToRole(String roleName,
                      Permission permission)
               throws javax.security.jacc.PolicyContextException

Used to add a single permission to a named role in this PolicyConfiguration. If the named Role does not exist in the PolicyConfiguration, it is created as a result of the call to this function.

It is the job of the Policy provider to ensure that all the permissions added to a role are granted to principals "mapped to the role".

Specified by:

addToRole in interface javax.security.jacc.PolicyConfiguration

Parameters:

roleName - the name of the Role to which the permission is to be added.

permission - the permission to be added to the role.

Throws:

SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.

UnsupportedOperationException - if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.

javax.security.jacc.PolicyContextException - if the implementation throws a checked exception that has not been accounted for by the addToRole method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.

addToUncheckedPolicy

public void addToUncheckedPolicy(PermissionCollection permissions)
                          throws javax.security.jacc.PolicyContextException

Used to add unchecked policy statements to this PolicyConfiguration.

Specified by:

addToUncheckedPolicy in interface javax.security.jacc.PolicyConfiguration

Parameters:

permissions - the collection of permissions to be added as unchecked policy statements. The collection may be either a homogenous or heterogenous collection.

Throws:

SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.

UnsupportedOperationException - if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.

javax.security.jacc.PolicyContextException - if the implementation throws a checked exception that has not been accounted for by the addToUncheckedPolicy method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.

addToUncheckedPolicy

public void addToUncheckedPolicy(Permission permission)
                          throws javax.security.jacc.PolicyContextException

Used to add a single unchecked policy statement to this PolicyConfiguration.

Specified by:

addToUncheckedPolicy in interface javax.security.jacc.PolicyConfiguration

Parameters:

permission - the permission to be added to the unchecked policy statements.

Throws:

SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.

UnsupportedOperationException - if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.

javax.security.jacc.PolicyContextException - if the implementation throws a checked exception that has not been accounted for by the addToUncheckedPolicy method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.

addToExcludedPolicy

public void addToExcludedPolicy(PermissionCollection permissions)
                         throws javax.security.jacc.PolicyContextException

Used to add excluded policy statements to this PolicyConfiguration.

Specified by:

addToExcludedPolicy in interface javax.security.jacc.PolicyConfiguration

Parameters:

permissions - the collection of permissions to be added to the excluded policy statements. The collection may be either a homogenous or heterogenous collection.

Throws:

SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.

UnsupportedOperationException - if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.

javax.security.jacc.PolicyContextException - if the implementation throws a checked exception that has not been accounted for by the addToExcludedPolicy method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.

addToExcludedPolicy

public void addToExcludedPolicy(Permission permission)
                         throws javax.security.jacc.PolicyContextException

Used to add a single excluded policy statement to this PolicyConfiguration.

Specified by:

addToExcludedPolicy in interface javax.security.jacc.PolicyConfiguration

Parameters:

permission - the permission to be added to the excluded policy statements.

Throws:

SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission. fa

UnsupportedOperationException - if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.

javax.security.jacc.PolicyContextException - if the implementation throws a checked exception that has not been accounted for by the addToExcludedPolicy method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.

removeRole

public void removeRole(String roleName)
                throws javax.security.jacc.PolicyContextException

Used to remove a role and all its permissions from this PolicyConfiguration.

Specified by:

removeRole in interface javax.security.jacc.PolicyConfiguration

Parameters:

roleName - the name of the role to remove from this PolicyConfiguration. If the value of the roleName parameter is "*" and no role with name "*" exists in this PolicyConfiguration, then all roles must be removed from this PolicyConfiguration.

Throws:

SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.

UnsupportedOperationException - if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.

javax.security.jacc.PolicyContextException - if the implementation throws a checked exception that has not been accounted for by the removeRole method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.

removeUncheckedPolicy

public void removeUncheckedPolicy()
                           throws javax.security.jacc.PolicyContextException

Used to remove any unchecked policy statements from this PolicyConfiguration.

Specified by:

removeUncheckedPolicy in interface javax.security.jacc.PolicyConfiguration

Throws:

SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.

UnsupportedOperationException - if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.

javax.security.jacc.PolicyContextException - if the implementation throws a checked exception that has not been accounted for by the removeUncheckedPolicy method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.

removeExcludedPolicy

public void removeExcludedPolicy()
                          throws javax.security.jacc.PolicyContextException

Used to remove any excluded policy statements from this PolicyConfiguration.

Specified by:

removeExcludedPolicy in interface javax.security.jacc.PolicyConfiguration

Throws:

SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.

UnsupportedOperationException - if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.

javax.security.jacc.PolicyContextException - if the implementation throws a checked exception that has not been accounted for by the removeExcludedPolicy method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.

commit

public void commit()
            throws javax.security.jacc.PolicyContextException

This method is used to set to "inService" the state of the policy context whose interface is this PolicyConfiguration Object. Only those policy contexts whose state is "inService" will be included in the policy contexts processed by the Policy.refresh method. A policy context whose state is "inService" may be returned to the "open" state by calling the getPolicyConfiguration method of the PolicyConfiguration factory with the policy context identifier of the policy context.

When the state of a policy context is "inService", calling any method other than commit, delete, getContextID, or inService on its PolicyConfiguration Object will cause an UnsupportedOperationException to be thrown.

Specified by:

commit in interface javax.security.jacc.PolicyConfiguration

Throws:

SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.

UnsupportedOperationException - if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" when this method is called.

javax.security.jacc.PolicyContextException - if the implementation throws a checked exception that has not been accounted for by the commit method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.

linkConfiguration

public void linkConfiguration(javax.security.jacc.PolicyConfiguration link)
                       throws javax.security.jacc.PolicyContextException

Creates a relationship between this configuration and another such that they share the same principal-to-role mappings. PolicyConfigurations are linked to apply a common principal-to-role mapping to multiple seperately manageable PolicyConfigurations, as is required when an application is composed of multiple modules.

Note that the policy statements which comprise a role, or comprise the excluded or unchecked policy collections in a PolicyConfiguration are unaffected by the configuration being linked to another.

Specified by:

linkConfiguration in interface javax.security.jacc.PolicyConfiguration

Parameters:

link - a reference to a different PolicyConfiguration than this PolicyConfiguration.

The relationship formed by this method is symetric, transitive and idempotent. If the argument PolicyConfiguration does not have a different Policy context identifier than this PolicyConfiguration no relationship is formed, and an exception, as described below, is thrown.

Throws:

SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.

UnsupportedOperationException - if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" or "inService" when this method is called.

IllegalArgumentException - if called with an argument PolicyConfiguration whose Policy context is equivalent to that of this PolicyConfiguration.

javax.security.jacc.PolicyContextException - if the implementation throws a checked exception that has not been accounted for by the linkConfiguration method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.

delete

public void delete()
            throws javax.security.jacc.PolicyContextException

Causes all policy statements to be deleted from this PolicyConfiguration and sets its internal state such that calling any method, other than delete, getContextID, or inService on the PolicyConfiguration will be rejected and cause an UnsupportedOperationException to be thrown.

This operation has no affect on any linked PolicyConfigurations other than removing any links involving the deleted PolicyConfiguration.

Specified by:

delete in interface javax.security.jacc.PolicyConfiguration

Throws:

SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.

javax.security.jacc.PolicyContextException - if the implementation throws a checked exception that has not been accounted for by the delete method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.

inService

public boolean inService()
                  throws javax.security.jacc.PolicyContextException

This method is used to determine if the policy context whose interface is this PolicyConfiguration Object is in the "inService" state.

Specified by:

inService in interface javax.security.jacc.PolicyConfiguration

Returns:

true if the state of the associated policy context is "inService"; false otherwise.

Throws:

SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.

javax.security.jacc.PolicyContextException - if the implementation throws a checked exception that has not been accounted for by the inService method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown PolicyContextException.

checkSetPolicyPermission

protected void checkSetPolicyPermission()

getPolicy

protected Policy getPolicy()

getExcludedPolicy

protected Permissions getExcludedPolicy()

refresh

protected void refresh(boolean force)

initialize

protected void initialize(boolean open,
                          boolean remove,
                          boolean fromFile)