|
GigaSpaces XAP 9.7.2 API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object java.security.Policy net.jini.security.policy.DynamicPolicyProvider
public class DynamicPolicyProvider
Security policy provider that supports dynamic granting of permissions at
run-time. This provider is designed as a wrapper to layer dynamic grant
functionality on top of an underlying policy provider. If the underlying
provider does not implement the DynamicPolicy
interface, then its
permission mappings are assumed to change only when its refresh
method is called. Permissions are granted on the
granularity of class loader; granting a permission requires (of the calling
context) GrantPermission
for that permission.
Nested Class Summary |
---|
Nested classes/interfaces inherited from class java.security.Policy |
---|
Policy.Parameters |
Field Summary |
---|
Fields inherited from class java.security.Policy |
---|
UNSUPPORTED_EMPTY_COLLECTION |
Constructor Summary | |
---|---|
DynamicPolicyProvider()
Creates a new DynamicPolicyProvider instance that wraps a
default underlying policy. |
|
DynamicPolicyProvider(Policy basePolicy)
Creates a new DynamicPolicyProvider instance that wraps
around the given non-null base policy object. |
Method Summary | |
---|---|
Permission[] |
getGrants(Class cl,
Principal[] principals)
If this security policy provider supports dynamic permission grants, returns a new array containing the cumulative set of permissions dynamically granted to protection domains (including ones not yet created) that are associated with the class loader of the given class and possess at least the given set of principals. |
PermissionCollection |
getPermissions(CodeSource source)
Behaves as specified by Policy.getPermissions(CodeSource) . |
PermissionCollection |
getPermissions(ProtectionDomain domain)
Behaves as specified by Policy.getPermissions(ProtectionDomain) . |
void |
grant(Class cl,
Principal[] principals,
Permission[] permissions)
If this security policy provider supports dynamic permission grants, grants the specified permissions to all protection domains (including ones not yet created) that are associated with the class loader of the given class and possess at least the given set of principals. |
boolean |
grantSupported()
Returns true if this policy provider supports dynamic
permission grants; returns false otherwise. |
boolean |
implies(ProtectionDomain domain,
Permission permission)
Behaves as specified by Policy.implies(java.security.ProtectionDomain, java.security.Permission) . |
void |
refresh()
Behaves as specified by Policy.refresh() . |
Methods inherited from class java.security.Policy |
---|
getInstance, getInstance, getInstance, getParameters, getPolicy, getProvider, getType, setPolicy |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public DynamicPolicyProvider() throws PolicyInitializationException
DynamicPolicyProvider
instance that wraps a
default underlying policy. The underlying policy is created as follows:
if the
net.jini.security.policy.DynamicPolicyProvider.basePolicyClass
security property is set, then its value is interpreted as the class
name of the base (underlying) policy provider; otherwise, a default
class name of
"net.jini.security.policy.PolicyFileProvider"
is used. The base policy is then instantiated using the no-arg public
constructor of the named class. If the base policy class is not found,
is not instantiable via a public no-arg constructor, or if invocation of
its constructor fails, then a PolicyInitializationException
is thrown.
Note that this constructor requires the appropriate
"getProperty"
SecurityPermission
to
read the
net.jini.security.policy.DynamicPolicyProvider.basePolicyClass
security property, and may require "accessClassInPackage.*"
RuntimePermission
s, depending on the package of the base policy
class.
PolicyInitializationException
- if unable to construct the base
policy
SecurityException
- if there is a security manager and the
calling context does not have adequate permissions to read the
net.jini.security.policy.DynamicPolicyProvider.basePolicyClass
security property, or if the calling context does not have
adequate permissions to access the base policy classpublic DynamicPolicyProvider(Policy basePolicy)
DynamicPolicyProvider
instance that wraps
around the given non-null
base policy object.
basePolicy
- base policy object containing information about
non-dynamic grants
NullPointerException
- if basePolicy
is
null
Method Detail |
---|
public PermissionCollection getPermissions(CodeSource source)
Policy.getPermissions(CodeSource)
.
getPermissions
in class Policy
public PermissionCollection getPermissions(ProtectionDomain domain)
Policy.getPermissions(ProtectionDomain)
.
getPermissions
in class Policy
public boolean implies(ProtectionDomain domain, Permission permission)
Policy.implies(java.security.ProtectionDomain, java.security.Permission)
.
implies
in class Policy
public void refresh()
Policy.refresh()
.
refresh
in class Policy
public boolean grantSupported()
DynamicPolicy
true
if this policy provider supports dynamic
permission grants; returns false
otherwise. Note that this
method may return different values for a given
DynamicPolicy
instance, depending on context. For example,
a policy provider that delegates to different underlying policy
implementations depending on thread state would return true
from this method when the current delegate supports dynamic permission
grants, but return false
when another delegate lacking such
support is in effect.
grantSupported
in interface DynamicPolicy
true
if policy supports dynamic permission grants
under current context, false
otherwisepublic void grant(Class cl, Principal[] principals, Permission[] permissions)
DynamicPolicy
null
, then the grant applies across all
protection domains that possess at least the specified principals. If
the list of principals is null
or empty, then principals
are effectively ignored in determining the protection domains to which
the grant applies. If this policy provider does not support dynamic
permission grants, then no permissions are granted and an
UnsupportedOperationException
is thrown.
The given class, if non-null
, must belong to either the
system domain or a protection domain whose associated class loader is
non-null
. If the class does not belong to such a
protection domain, then no permissions are granted and an
UnsupportedOperationException
is thrown.
If a security manager is installed, its checkPermission
method is called with a GrantPermission
containing the
permissions to grant; if the permission check fails, then no permissions
are granted and the resulting SecurityException
is thrown.
The principals and permissions arrays passed in are neither modified nor
retained; subsequent changes to the arrays have no effect on the grant
operation.
grant
in interface DynamicPolicy
cl
- class to grant permissions to the class loader of, or
null
if granting across all class loadersprincipals
- if non-null
, minimum set of principals
to which grants applypermissions
- if non-null
, permissions to grantpublic Permission[] getGrants(Class cl, Principal[] principals)
DynamicPolicy
null
, then this method returns the cumulative set of
permissions dynamically granted across all protection domains that
possess at least the specified principals (i.e., through calls to the
grant method where the specified class was null
). If the
list of principals is null
or empty, then the permissions
returned reflect only grants not qualified by principals (i.e., those
performed through calls to the grant method where the specified
principals array was null
or empty). If this policy
provider does not support dynamic permission grants, then an
UnsupportedOperationException
is thrown.
The given class, if non-null
, must belong to either the
system domain or a protection domain whose associated class loader is
non-null
. If the class does not belong to such a
protection domain, then an UnsupportedOperationException
is
thrown.
getGrants
in interface DynamicPolicy
cl
- class to query the permissions dynamically granted to the
class loader of, or null
if querying permissions
granted across all class loadersprincipals
- if non-null
, principals to query
dynamic grants for
|
GigaSpaces XAP 9.7.2 API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |