org.apache.river.start

Class AggregatePolicyProvider

java.lang.Object

java.security.Policy

org.apache.river.api.security.AbstractPolicy

org.apache.river.start.AggregatePolicyProvider

All Implemented Interfaces:

DynamicPolicy, SecurityContextSource, ScalableNestedPolicy

public class AggregatePolicyProvider
extends AbstractPolicy
implements DynamicPolicy, SecurityContextSource, ScalableNestedPolicy

Security policy provider which supports associating security sub-policies with context class loaders. Permission queries and grants (if supported), as well as implies and refresh operations are delegated to the currently active sub-policy.

The currently active sub-policy is determined as follows: if the current thread does not override the getContextClassLoader method, then that method is called to obtain the context class loader. If the context class loader is associated with a sub-policy (via a previous call to setPolicy), then that sub-policy is the currently active sub-policy. If no such association exists, then the same check is performed on each non-null parent of the context class loader, proceeding up the chain of class loader delegation, until a sub-policy association is found, in which case the associated sub-policy is the currently active sub-policy. If no sub-policy association is found for the context class loader or any of its parents, then a fallback sub-policy, the main policy, is the currently active sub-policy. Also, if the current thread overrides the getContextClassLoader method, then getContextClassLoader is not called and the main policy is the currently active sub-policy.

Since:

2.0

Author:

Sun Microsystems, Inc.

Nested Class Summary

Nested classes/interfaces inherited from class java.security.Policy

Policy.Parameters

Field Summary

Fields inherited from class org.apache.river.api.security.AbstractPolicy

ALL_PERMISSION, comparator, umbrella

Fields inherited from class java.security.Policy

UNSUPPORTED_EMPTY_COLLECTION

Constructor Summary

Constructors

Constructor and Description
AggregatePolicyProvider() Creates a new AggregatePolicyProvider instance, containing a main policy created as follows: if the org.apache.river.start.AggregatePolicyProvider.mainPolicyClass security property is set, then its value is interpreted as the class name of the main policy provider; otherwise, a default class name of "net.jini.security.policy.DynamicPolicyProvider" is used.
AggregatePolicyProvider(Policy mainPolicy) Creates a new AggregatePolicyProvider instance with the given main policy, which must be non-null.

Method Summary

Modifier and Type	Method and Description
SecurityContext	getContext() Returns a snapshot of the current security context, which can be used to restore the context at a later time.
Permission[]	getGrants(Class cl, Principal[] principals) If the currently active sub-policy supports dynamic permission grants, delegates to the corresponding getGrants method of the currently active sub-policy to return a new array containing the set of permissions dynamically granted to protection domains which are associated with the class loader of the given class and possess at least the given set of principals.
List<PermissionGrant>	getPermissionGrants(ProtectionDomain domain) Returns a new List containing immutable PermissionGrant's, the List returned is not synchronised and must not be shared with policy internal state.
PermissionCollection	getPermissions(CodeSource source) Delegates to the corresponding getPermissions method of the currently active sub-policy to return the set of permissions allowed for code from the specified code source, as a newly-created mutable PermissionCollection which supports heterogeneous permission types.
PermissionCollection	getPermissions(ProtectionDomain domain) If the given protection domain is the protection domain of this class, then a newly-created PermissionCollection containing AllPermission is returned.
void	grant(Class cl, Principal[] principals, Permission[] permissions) If the currently active sub-policy supports dynamic permission grants, delegates to the corresponding grant method of the currently active sub-policy to grant the specified permissions to all protection domains (including ones not yet created) which are associated with the class loader of the given class and possess at least the given set of principals.
boolean	grantSupported() Returns true if the currently active sub-policy supports dynamic grants; this is determined by delegating to the grantSupported method of the currently active sub-policy if it implements the DynamicPolicy interface.
boolean	implies(ProtectionDomain domain, Permission permission) If the given protection domain is the protection domain of this class, then true is returned.
void	refresh() Refreshes the currently active sub-policy by delegating to its refresh method.
void	setPolicy(ClassLoader loader, Policy subPolicy) Changes sub-policy association with given class loader.

Methods inherited from class org.apache.river.api.security.AbstractPolicy

checkCallerHasGrants, checkNullElements, convert, expandUmbrella, extractGrantFromPolicy, processGrants

Methods inherited from class java.security.Policy

getInstance, getInstance, getInstance, getParameters, getPolicy, getProvider, getType, setPolicy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AggregatePolicyProvider

public AggregatePolicyProvider()
                        throws PolicyInitializationException

Creates a new AggregatePolicyProvider instance, containing a main policy created as follows: if the org.apache.river.start.AggregatePolicyProvider.mainPolicyClass security property is set, then its value is interpreted as the class name of the main policy provider; otherwise, a default class name of "net.jini.security.policy.DynamicPolicyProvider" is used. The main policy is then instantiated using the no-arg public constructor of the named class. If the main policy class is not found, is not instantiable via a public no-arg constructor, or if invocation of its constructor fails, then a PolicyInitializationException is thrown.

Note that this constructor requires the appropriate "getProperty" SecurityPermission to read the org.apache.river.start.AggregatePolicyProvider.mainPolicyClass security property, and may require "accessClassInPackage.*" RuntimePermissions, depending on the package of the main policy class.

Throws:

PolicyInitializationException - if unable to construct the main policy

SecurityException - if there is a security manager and the calling context does not have SecurityPermission for reading the org.apache.river.start.AggregatePolicyProvider.mainPolicy security property, or if the calling context does not have adequate permissions to access the main policy class

AggregatePolicyProvider

public AggregatePolicyProvider(Policy mainPolicy)

Creates a new AggregatePolicyProvider instance with the given main policy, which must be non-null.

Parameters:

mainPolicy - main policy

Throws:

NullPointerException - if main policy is null

Method Detail

getPermissions

public PermissionCollection getPermissions(CodeSource source)

Delegates to the corresponding getPermissions method of the currently active sub-policy to return the set of permissions allowed for code from the specified code source, as a newly-created mutable PermissionCollection which supports heterogeneous permission types.

Overrides:

getPermissions in class Policy

Parameters:

source - code source for which to look up permissions

Returns:

set of permissions allowed for the given code source

getPermissions

public PermissionCollection getPermissions(ProtectionDomain domain)

If the given protection domain is the protection domain of this class, then a newly-created PermissionCollection containing AllPermission is returned. Otherwise, delegates to the corresponding getPermissions method of the currently active sub-policy to return the set of permissions allowed for code in the specified protection domain, as a newly-created mutable PermissionCollection which supports heterogeneous permission types.

Overrides:

getPermissions in class Policy

Parameters:

domain - protection domain for which to look up permissions

Returns:

set of permissions allowed for given protection domain

implies

public boolean implies(ProtectionDomain domain,
                       Permission permission)

If the given protection domain is the protection domain of this class, then true is returned. Otherwise, delegates to the implies method of the currently active sub-policy to determine if the given permission is implied by the permissions for the specified protection domain.

Overrides:

implies in class Policy

Parameters:

domain - protection domain in which to check implication

permission - permission to test implication of

Returns:

true if permission is implied by permissions of given protection domain, false otherwise

refresh

public void refresh()

Refreshes the currently active sub-policy by delegating to its refresh method.

Overrides:

refresh in class Policy

getPermissionGrants

public List<PermissionGrant> getPermissionGrants(ProtectionDomain domain)

Description copied from interface: ScalableNestedPolicy

Returns a new List containing immutable PermissionGrant's, the List returned is not synchronised and must not be shared with policy internal state. Only those PermissionGrant's that imply the domain will be returned. If any PermissionGrant's are privileged (contain AllPermission), then only that one PermissionGrant should be added to the collection. If a List has a size of 1, and contains only a privileged PermissionGrant, it enables the calling policy to determine the privileged state quickly. If a policy has a privileged PermissionGrant to add to a Collection, then the Collection must be cleared before the privileged PermissionGrant is added, so the Collection only contains the privileged PermissionGrant. The top level policy gathers all PermissionGrant's, retrieves all relevant permissions, then sorts them using a PermissionComparator, so Permission objects are added to a PermissionCollection in the most efficient order. If a nested base policy doesn't support ScalableNestedPolicy, then the implementer should create a PermissionGrant for the domain, containing the Permission objects returned from the policy. The first nested base policy (usually a file policy provider) is responsible for merging any static Permission objects from the ProtectionDomain.

Specified by:

getPermissionGrants in interface ScalableNestedPolicy

Returns:

Collection

setPolicy

public void setPolicy(ClassLoader loader,
                      Policy subPolicy)

Changes sub-policy association with given class loader. If subPolicy is non-null, then it is used as a new sub-policy to associate with the given class loader, overriding any previous sub-policy associated with the loader. If subPolicy is null, then any previous association between a sub-policy and the given class loader is removed. If loader is null, then subPolicy is used as the new main policy, and must be non-null. If there is a security manager, its checkPermission method is called with the "setPolicy" SecurityPermission.

Parameters:

loader - class loader with which to associate sub-policy, or null if setting main policy

subPolicy - sub-policy to associate with given class loader, or null if removing sub-policy association

Throws:

NullPointerException - if both loader and subPolicy are null

SecurityException - if there is a security manager and the calling context does not have the "setPolicy" SecurityPermission

grantSupported

public boolean grantSupported()

Returns true if the currently active sub-policy supports dynamic grants; this is determined by delegating to the grantSupported method of the currently active sub-policy if it implements the DynamicPolicy interface. If the currently active sub-policy does not implement DynamicPolicy, then false is returned.

Specified by:

grantSupported in interface DynamicPolicy

Returns:

true if the currently active sub-policy supports dynamic grants, or false otherwise

grant

public void grant(Class cl,
                  Principal[] principals,
                  Permission[] permissions)

If the currently active sub-policy supports dynamic permission grants, delegates to the corresponding grant method of the currently active sub-policy to grant the specified permissions to all protection domains (including ones not yet created) which are associated with the class loader of the given class and possess at least the given set of principals.

Specified by:

grant in interface DynamicPolicy

Parameters:

cl - class to grant permissions to the class loader of, or null if granting across all class loaders

principals - if non-null, minimum set of principals to which grants apply

permissions - if non-null, permissions to grant

Throws:

UnsupportedOperationException - if policy does not support dynamic grants, or if cl is non-null and belongs to a protection domain with a null class loader other than the system domain

SecurityException - if a security manager is installed and the calling context does not have sufficient permissions to grant the given permissions

NullPointerException - if any element of the principals or permissions arrays is null

getGrants

public Permission[] getGrants(Class cl,
                              Principal[] principals)

If the currently active sub-policy supports dynamic permission grants, delegates to the corresponding getGrants method of the currently active sub-policy to return a new array containing the set of permissions dynamically granted to protection domains which are associated with the class loader of the given class and possess at least the given set of principals.

Specified by:

getGrants in interface DynamicPolicy

Parameters:

cl - class to query the permissions dynamically granted to the class loader of, or null if querying permissions granted across all class loaders

principals - if non-null, principals to query dynamic grants for

Returns:

new array containing the permissions dynamically granted to the indicated class loader (if any) and principals

Throws:

UnsupportedOperationException - if policy does not support dynamic grants, or if cl is non-null and belongs to a protection domain with a null class loader other than the system domain

NullPointerException - if any element of the principals array is null

getContext

public SecurityContext getContext()

Returns a snapshot of the current security context, which can be used to restore the context at a later time.

The security context returned by this method contains the security context of the currently active sub-policy (or an equivalent of the default security context described in the documentation for Security.getContext, if the currently active sub-policy does not implement SecurityContextSource), as well as the current context class loader. The privileged action wrappers it creates restore the saved context class loader before delegating to the action wrappers of the underlying sub-policy security context. The getAccessControlContext method of the returned security context delegates to the corresponding method of the sub-policy security context.

Specified by:

getContext in interface SecurityContextSource

Returns:

snapshot of the current security context