net.jini.security.policy

Class PolicyFileProvider

java.lang.Object

java.security.Policy

org.apache.river.api.security.AbstractPolicy

net.jini.security.policy.PolicyFileProvider

public class PolicyFileProvider
extends org.apache.river.api.security.AbstractPolicy

Security policy provider that wraps the J2SE(TM) default "PolicyFile" security policy provider distributed as part of the Java(TM) 2 Platform, Standard Edition. This provider augments the J2SE default policy provider in two ways: it provides an additional constructor for creating a policy based on an explicitly named policy file, and supports the use of UmbrellaGrantPermissions as shorthand notation for GrantPermissions covering all permissions authorized to given protection domains.

Since:

2.0

Author:

Sun Microsystems, Inc.

Nested Class Summary

Nested classes/interfaces inherited from class java.security.Policy

Policy.Parameters

Field Summary

Fields inherited from class org.apache.river.api.security.AbstractPolicy

ALL_PERMISSION, comparator, umbrella

Fields inherited from class java.security.Policy

UNSUPPORTED_EMPTY_COLLECTION

Constructor Summary

Constructors

Constructor and Description
PolicyFileProvider() Deprecated. DynamicPolicyProvider now supports Umbrella grants directly.
PolicyFileProvider(String policyFile) Creates a PolicyFileProvider whose starting set of permission mappings is the same as those that would result from constructing a new instance of the J2SE default security policy provider with the java.security.policy system property set to the value of policyFile, except that UmbrellaGrantPermissions are expanded into GrantPermissions as described in the documentation for UmbrellaGrantPermission.

Method Summary

Modifier and Type	Method and Description
PermissionCollection	getPermissions(CodeSource source) Behaves as specified by Policy.getPermissions(CodeSource).
PermissionCollection	getPermissions(ProtectionDomain domain) Behaves as specified by Policy.getPermissions(ProtectionDomain).
boolean	implies(ProtectionDomain domain, Permission permission) Behaves as specified by Policy.implies(java.security.ProtectionDomain, java.security.Permission).
void	refresh() Refreshes the policy configuration by calling refresh on the base policy.

Methods inherited from class org.apache.river.api.security.AbstractPolicy

checkCallerHasGrants, checkNullElements, convert, expandUmbrella, extractGrantFromPolicy, processGrants

Methods inherited from class java.security.Policy

getInstance, getInstance, getInstance, getParameters, getPolicy, getProvider, getType, setPolicy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PolicyFileProvider

@Deprecated
public PolicyFileProvider()
                                throws PolicyInitializationException

Deprecated. DynamicPolicyProvider now supports Umbrella grants directly.

Creates a PolicyFileProvider whose starting set of permission mappings is the same as those that would result from constructing a new instance of the J2SE default security policy provider with the current java.security.policy system property setting (if any), except that UmbrellaGrantPermissions are expanded into GrantPermissions as described in the documentation for UmbrellaGrantPermission.

The constructed PolicyFileProvider contains an instance of the J2SE default security policy provider, which is created as follows: if the net.jini.security.policy.PolicyFileProvider.basePolicyClass security property is set, then its value is interpreted as the class name of the base (underlying) J2SE default policy provider; otherwise, an implementation-specific default class name is used. The base policy is then instantiated using the no-arg public constructor of the named class. If the base policy class is not found or is not instantiable via a public no-arg constructor, or if invocation of its constructor fails, then a PolicyInitializationException is thrown.

Note that this constructor requires the appropriate "getProperty" SecurityPermission to read the net.jini.security.policy.PolicyFileProvider.basePolicyClass security property, and may require "accessClassInPackage.*" RuntimePermissions, depending on the package of the base policy class.

Throws:

PolicyInitializationException - if unable to construct the base policy

SecurityException - if there is a security manager and the calling context does not have adequate permissions to read the net.jini.security.policy.PolicyFileProvider.basePolicyClass security property, or if the calling context does not have adequate permissions to access the base policy class

PolicyFileProvider

public PolicyFileProvider(String policyFile)
                   throws PolicyInitializationException

Creates a PolicyFileProvider whose starting set of permission mappings is the same as those that would result from constructing a new instance of the J2SE default security policy provider with the java.security.policy system property set to the value of policyFile, except that UmbrellaGrantPermissions are expanded into GrantPermissions as described in the documentation for UmbrellaGrantPermission.

The constructed PolicyFileProvider contains an instance of the J2SE default security policy provider, which is created as described in the documentation for PolicyFileProvider(). Before instantiating the base (underlying) J2SE default policy provider, this constructor sets the java.security.policy system property to the value of policyFile; after instantiation of the base policy instance has completed (normally or otherwise), the java.security.policy system property is reset to its prior value. Internal synchronization ensures that concurrent calls to this constructor and/or the refresh() method of this class (which may also modify java.security.policy) will not interfere with the java.security.policy values set and restored by each. No synchronization is done with any other accesses or modifications to java.security.policy.

Note that this constructor requires PropertyPermission to read and write the java.security.policy system property, SecurityPermission to read the net.jini.security.policy.PolicyFileProvider.basePolicyClass security property, and may require "accessClassInPackage.*" RuntimePermissions, depending on the package of the base policy class.

Parameters:

policyFile - URL string specifying location of the policy file to use

Throws:

NullPointerException - if policyFile is null

PolicyInitializationException - if unable to construct the base policy

SecurityException - if there is a security manager and the calling context does not have adequate permissions to read and write the java.security.policy system property, to read the net.jini.security.policy.PolicyFileProvider.basePolicyClass security property, or to access the base policy class

Method Detail

getPermissions

public PermissionCollection getPermissions(CodeSource source)

Behaves as specified by Policy.getPermissions(CodeSource).

Overrides:

getPermissions in class Policy

getPermissions

public PermissionCollection getPermissions(ProtectionDomain domain)

Behaves as specified by Policy.getPermissions(ProtectionDomain).

Overrides:

getPermissions in class Policy

implies

public boolean implies(ProtectionDomain domain,
                       Permission permission)

Behaves as specified by Policy.implies(java.security.ProtectionDomain, java.security.Permission).

Overrides:

implies in class Policy

refresh

public void refresh()

Refreshes the policy configuration by calling refresh on the base policy. If this PolicyFileProvider instance was constructed with an explicit policy file value, then the java.security.policy system property is set to that value prior to invoking refresh on the base policy; once the base policy refresh call has completed, the java.security.policy system property is reset to its prior value. Internal synchronization ensures that concurrent invocations of this method and/or the PolicyFileProvider(String) constructor (which also modifies java.security.policy) will not interfere with the java.security.policy values set and restored by each. No synchronization is done with any other accesses or modifications to java.security.policy.

Overrides:

refresh in class Policy