GigaSpaces XAP 9.1 API

net.jini.security.policy
Class DynamicPolicyProvider

java.lang.Object
  extended by java.security.Policy
      extended by net.jini.security.policy.DynamicPolicyProvider
All Implemented Interfaces:
DynamicPolicy
Direct Known Subclasses:
DebugDynamicPolicyProvider

public class DynamicPolicyProvider
extends Policy
implements DynamicPolicy

Security policy provider that supports dynamic granting of permissions at run-time. This provider is designed as a wrapper to layer dynamic grant functionality on top of an underlying policy provider. If the underlying provider does not implement the DynamicPolicy interface, then its permission mappings are assumed to change only when its refresh method is called. Permissions are granted on the granularity of class loader; granting a permission requires (of the calling context) GrantPermission for that permission.

Since:
2.0
Author:
Sun Microsystems, Inc.

Nested Class Summary
 
Nested classes/interfaces inherited from class java.security.Policy
Policy.Parameters
 
Field Summary
 
Fields inherited from class java.security.Policy
UNSUPPORTED_EMPTY_COLLECTION
 
Constructor Summary
DynamicPolicyProvider()
          Creates a new DynamicPolicyProvider instance that wraps a default underlying policy.
DynamicPolicyProvider(Policy basePolicy)
          Creates a new DynamicPolicyProvider instance that wraps around the given non-null base policy object.
 
Method Summary
 Permission[] getGrants(Class cl, Principal[] principals)
          If this security policy provider supports dynamic permission grants, returns a new array containing the cumulative set of permissions dynamically granted to protection domains (including ones not yet created) that are associated with the class loader of the given class and possess at least the given set of principals.
 PermissionCollection getPermissions(CodeSource source)
          Behaves as specified by Policy.getPermissions(CodeSource).
 PermissionCollection getPermissions(ProtectionDomain domain)
          Behaves as specified by Policy.getPermissions(ProtectionDomain).
 void grant(Class cl, Principal[] principals, Permission[] permissions)
          If this security policy provider supports dynamic permission grants, grants the specified permissions to all protection domains (including ones not yet created) that are associated with the class loader of the given class and possess at least the given set of principals.
 boolean grantSupported()
          Returns true if this policy provider supports dynamic permission grants; returns false otherwise.
 boolean implies(ProtectionDomain domain, Permission permission)
          Behaves as specified by Policy.implies(java.security.ProtectionDomain, java.security.Permission).
 void refresh()
          Behaves as specified by Policy.refresh().
 
Methods inherited from class java.security.Policy
getInstance, getInstance, getInstance, getParameters, getPolicy, getProvider, getType, setPolicy
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DynamicPolicyProvider

public DynamicPolicyProvider()
                      throws PolicyInitializationException
Creates a new DynamicPolicyProvider instance that wraps a default underlying policy. The underlying policy is created as follows: if the net.jini.security.policy.DynamicPolicyProvider.basePolicyClass security property is set, then its value is interpreted as the class name of the base (underlying) policy provider; otherwise, a default class name of "net.jini.security.policy.PolicyFileProvider" is used. The base policy is then instantiated using the no-arg public constructor of the named class. If the base policy class is not found, is not instantiable via a public no-arg constructor, or if invocation of its constructor fails, then a PolicyInitializationException is thrown.

Note that this constructor requires the appropriate "getProperty" SecurityPermission to read the net.jini.security.policy.DynamicPolicyProvider.basePolicyClass security property, and may require "accessClassInPackage.*" RuntimePermissions, depending on the package of the base policy class.

Throws:
PolicyInitializationException - if unable to construct the base policy
SecurityException - if there is a security manager and the calling context does not have adequate permissions to read the net.jini.security.policy.DynamicPolicyProvider.basePolicyClass security property, or if the calling context does not have adequate permissions to access the base policy class

DynamicPolicyProvider

public DynamicPolicyProvider(Policy basePolicy)
Creates a new DynamicPolicyProvider instance that wraps around the given non-null base policy object.

Parameters:
basePolicy - base policy object containing information about non-dynamic grants
Throws:
NullPointerException - if basePolicy is null
Method Detail

getPermissions

public PermissionCollection getPermissions(CodeSource source)
Behaves as specified by Policy.getPermissions(CodeSource).

Overrides:
getPermissions in class Policy

getPermissions

public PermissionCollection getPermissions(ProtectionDomain domain)
Behaves as specified by Policy.getPermissions(ProtectionDomain).

Overrides:
getPermissions in class Policy

implies

public boolean implies(ProtectionDomain domain,
                       Permission permission)
Behaves as specified by Policy.implies(java.security.ProtectionDomain, java.security.Permission).

Overrides:
implies in class Policy

refresh

public void refresh()
Behaves as specified by Policy.refresh().

Overrides:
refresh in class Policy

grantSupported

public boolean grantSupported()
Description copied from interface: DynamicPolicy
Returns true if this policy provider supports dynamic permission grants; returns false otherwise. Note that this method may return different values for a given DynamicPolicy instance, depending on context. For example, a policy provider that delegates to different underlying policy implementations depending on thread state would return true from this method when the current delegate supports dynamic permission grants, but return false when another delegate lacking such support is in effect.

Specified by:
grantSupported in interface DynamicPolicy
Returns:
true if policy supports dynamic permission grants under current context, false otherwise

grant

public void grant(Class cl,
                  Principal[] principals,
                  Permission[] permissions)
Description copied from interface: DynamicPolicy
If this security policy provider supports dynamic permission grants, grants the specified permissions to all protection domains (including ones not yet created) that are associated with the class loader of the given class and possess at least the given set of principals. If the given class is null, then the grant applies across all protection domains that possess at least the specified principals. If the list of principals is null or empty, then principals are effectively ignored in determining the protection domains to which the grant applies. If this policy provider does not support dynamic permission grants, then no permissions are granted and an UnsupportedOperationException is thrown.

The given class, if non-null, must belong to either the system domain or a protection domain whose associated class loader is non-null. If the class does not belong to such a protection domain, then no permissions are granted and an UnsupportedOperationException is thrown.

If a security manager is installed, its checkPermission method is called with a GrantPermission containing the permissions to grant; if the permission check fails, then no permissions are granted and the resulting SecurityException is thrown. The principals and permissions arrays passed in are neither modified nor retained; subsequent changes to the arrays have no effect on the grant operation.

Specified by:
grant in interface DynamicPolicy
Parameters:
cl - class to grant permissions to the class loader of, or null if granting across all class loaders
principals - if non-null, minimum set of principals to which grants apply
permissions - if non-null, permissions to grant

getGrants

public Permission[] getGrants(Class cl,
                              Principal[] principals)
Description copied from interface: DynamicPolicy
If this security policy provider supports dynamic permission grants, returns a new array containing the cumulative set of permissions dynamically granted to protection domains (including ones not yet created) that are associated with the class loader of the given class and possess at least the given set of principals. If the given class is null, then this method returns the cumulative set of permissions dynamically granted across all protection domains that possess at least the specified principals (i.e., through calls to the grant method where the specified class was null). If the list of principals is null or empty, then the permissions returned reflect only grants not qualified by principals (i.e., those performed through calls to the grant method where the specified principals array was null or empty). If this policy provider does not support dynamic permission grants, then an UnsupportedOperationException is thrown.

The given class, if non-null, must belong to either the system domain or a protection domain whose associated class loader is non-null. If the class does not belong to such a protection domain, then an UnsupportedOperationException is thrown.

Specified by:
getGrants in interface DynamicPolicy
Parameters:
cl - class to query the permissions dynamically granted to the class loader of, or null if querying permissions granted across all class loaders
principals - if non-null, principals to query dynamic grants for
Returns:
new array containing the permissions dynamically granted to the indicated class loader (if any) and principals

GigaSpaces XAP 9.1 API

Copyright © GigaSpaces.