|
Java example source code file (Policy.java)
The Policy.java Java example source code/* * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package javax.security.auth; import java.security.Security; import java.security.AccessController; import java.security.PrivilegedAction; import java.security.PrivilegedExceptionAction; import java.util.Objects; import sun.security.util.Debug; /** * <p> This is an abstract class for representing the system policy for * Subject-based authorization. A subclass implementation * of this class provides a means to specify a Subject-based * access control {@code Policy}. * * <p> A {@code Policy} object can be queried for the set of * Permissions granted to code running as a * {@code Principal} in the following manner: * * <pre> * policy = Policy.getPolicy(); * PermissionCollection perms = policy.getPermissions(subject, * codeSource); * </pre> * * The {@code Policy} object consults the local policy and returns * and appropriate {@code Permissions} object with the * Permissions granted to the Principals associated with the * provided <i>subject, and granted to the code specified * by the provided <i>codeSource. * * <p> A {@code Policy} contains the following information. * Note that this example only represents the syntax for the default * {@code Policy} implementation. Subclass implementations of this class * may implement alternative syntaxes and may retrieve the * {@code Policy} from any source such as files, databases, * or servers. * * <p> Each entry in the {@code Policy} is represented as * a <b>grant entry. Each grant entry * specifies a codebase, code signers, and Principals triplet, * as well as the Permissions granted to that triplet. * * <pre> * grant CodeBase ["URL"], Signedby ["signers"], * Principal [Principal_Class] "Principal_Name" { * Permission Permission_Class ["Target_Name"] * [, "Permission_Actions"] * [, signedBy "SignerName"]; * }; * </pre> * * The CodeBase and Signedby components of the triplet name/value pairs * are optional. If they are not present, then any any codebase will match, * and any signer (including unsigned code) will match. * For Example, * * <pre> * grant CodeBase "foo.com", Signedby "foo", * Principal com.sun.security.auth.SolarisPrincipal "duke" { * permission java.io.FilePermission "/home/duke", "read, write"; * }; * </pre> * * This <b>grant entry specifies that code from "foo.com", * signed by "foo', and running as a {@code SolarisPrincipal} with the * name, duke, has one {@code Permission}. This {@code Permission} * permits the executing code to read and write files in the directory, * "/home/duke". * * <p> To "run" as a particular {@code Principal}, * code invokes the {@code Subject.doAs(subject, ...)} method. * After invoking that method, the code runs as all the Principals * associated with the specified {@code Subject}. * Note that this {@code Policy} (and the Permissions * granted in this {@code Policy}) only become effective * after the call to {@code Subject.doAs} has occurred. * * <p> Multiple Principals may be listed within one grant entry. * All the Principals in the grant entry must be associated with * the {@code Subject} provided to {@code Subject.doAs} * for that {@code Subject} to be granted the specified Permissions. * * <pre> * grant Principal com.sun.security.auth.SolarisPrincipal "duke", * Principal com.sun.security.auth.SolarisNumericUserPrincipal "0" { * permission java.io.FilePermission "/home/duke", "read, write"; * permission java.net.SocketPermission "duke.com", "connect"; * }; * </pre> * * This entry grants any code running as both "duke" and "0" * permission to read and write files in duke's home directory, * as well as permission to make socket connections to "duke.com". * * <p> Note that non Principal-based grant entries are not permitted * in this {@code Policy}. Therefore, grant entries such as: * * <pre> * grant CodeBase "foo.com", Signedby "foo" { * permission java.io.FilePermission "/tmp/scratch", "read, write"; * }; * </pre> * * are rejected. Such permission must be listed in the * {@code java.security.Policy}. * * <p> The default {@code Policy} implementation can be changed by * setting the value of the {@code auth.policy.provider} security property to * the fully qualified name of the desired {@code Policy} implementation class. * * @deprecated as of JDK version 1.4 -- Replaced by java.security.Policy. * java.security.Policy has a method: * <pre> * public PermissionCollection getPermissions * (java.security.ProtectionDomain pd) * * </pre> * and ProtectionDomain has a constructor: * <pre> * public ProtectionDomain * (CodeSource cs, * PermissionCollection permissions, * ClassLoader loader, * Principal[] principals) * </pre> * * These two APIs provide callers the means to query the * Policy for Principal-based Permission entries. * * @see java.security.Security security properties */ @Deprecated public abstract class Policy { private static Policy policy; private final static String AUTH_POLICY = "sun.security.provider.AuthPolicyFile"; private final java.security.AccessControlContext acc = java.security.AccessController.getContext(); // true if a custom (not AUTH_POLICY) system-wide policy object is set private static boolean isCustomPolicy; /** * Sole constructor. (For invocation by subclass constructors, typically * implicit.) */ protected Policy() { } /** * Returns the installed Policy object. * This method first calls * {@code SecurityManager.checkPermission} with the * {@code AuthPermission("getPolicy")} permission * to ensure the caller has permission to get the Policy object. * * <p> * * @return the installed Policy. The return value cannot be * {@code null}. * * @exception java.lang.SecurityException if the current thread does not * have permission to get the Policy object. * * @see #setPolicy */ public static Policy getPolicy() { java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(new AuthPermission("getPolicy")); return getPolicyNoCheck(); } /** * Returns the installed Policy object, skipping the security check. * * @return the installed Policy. * */ static Policy getPolicyNoCheck() { if (policy == null) { synchronized(Policy.class) { if (policy == null) { String policy_class = null; policy_class = AccessController.doPrivileged (new PrivilegedAction<String>() { public String run() { return java.security.Security.getProperty ("auth.policy.provider"); } }); if (policy_class == null) { policy_class = AUTH_POLICY; } try { final String finalClass = policy_class; Policy untrustedImpl = AccessController.doPrivileged( new PrivilegedExceptionAction<Policy>() { public Policy run() throws ClassNotFoundException, InstantiationException, IllegalAccessException { Class<? extends Policy> implClass = Class.forName( finalClass, false, Thread.currentThread().getContextClassLoader() ).asSubclass(Policy.class); return implClass.newInstance(); } }); AccessController.doPrivileged( new PrivilegedExceptionAction<Void>() { public Void run() { setPolicy(untrustedImpl); isCustomPolicy = !finalClass.equals(AUTH_POLICY); return null; } }, Objects.requireNonNull(untrustedImpl.acc) ); } catch (Exception e) { throw new SecurityException (sun.security.util.ResourcesMgr.getString ("unable.to.instantiate.Subject.based.policy")); } } } } return policy; } /** * Sets the system-wide Policy object. This method first calls * {@code SecurityManager.checkPermission} with the * {@code AuthPermission("setPolicy")} * permission to ensure the caller has permission to set the Policy. * * <p> * * @param policy the new system Policy object. * * @exception java.lang.SecurityException if the current thread does not * have permission to set the Policy. * * @see #getPolicy */ public static void setPolicy(Policy policy) { java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(new AuthPermission("setPolicy")); Policy.policy = policy; // all non-null policy objects are assumed to be custom isCustomPolicy = policy != null ? true : false; } /** * Returns true if a custom (not AUTH_POLICY) system-wide policy object * has been set or installed. This method is called by * SubjectDomainCombiner to provide backwards compatibility for * developers that provide their own javax.security.auth.Policy * implementations. * * @return true if a custom (not AUTH_POLICY) system-wide policy object * has been set; false otherwise */ static boolean isCustomPolicySet(Debug debug) { if (policy != null) { if (debug != null && isCustomPolicy) { debug.println("Providing backwards compatibility for " + "javax.security.auth.policy implementation: " + policy.toString()); } return isCustomPolicy; } // check if custom policy has been set using auth.policy.provider prop String policyClass = java.security.AccessController.doPrivileged (new java.security.PrivilegedAction<String>() { public String run() { return Security.getProperty("auth.policy.provider"); } }); if (policyClass != null && !policyClass.equals(AUTH_POLICY)) { if (debug != null) { debug.println("Providing backwards compatibility for " + "javax.security.auth.policy implementation: " + policyClass); } return true; } return false; } /** * Retrieve the Permissions granted to the Principals associated with * the specified {@code CodeSource}. * * <p> * * @param subject the {@code Subject} * whose associated Principals, * in conjunction with the provided * {@code CodeSource}, determines the Permissions * returned by this method. This parameter * may be {@code null}. <p> * * @param cs the code specified by its {@code CodeSource} * that determines, in conjunction with the provided * {@code Subject}, the Permissions * returned by this method. This parameter may be * {@code null}. * * @return the Collection of Permissions granted to all the * {@code Subject} and code specified in * the provided <i>subject and cs * parameters. */ public abstract java.security.PermissionCollection getPermissions (Subject subject, java.security.CodeSource cs); /** * Refresh and reload the Policy. * * <p>This method causes this object to refresh/reload its current * Policy. This is implementation-dependent. * For example, if the Policy object is stored in * a file, calling {@code refresh} will cause the file to be re-read. * * <p> * * @exception SecurityException if the caller does not have permission * to refresh the Policy. */ public abstract void refresh(); } Other Java examples (source code examples)Here is a short list of links related to this Java Policy.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2024 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.