com.ibm.sec.authz.jaccplus
Class ApplicationPolicy
- java.lang.Object
java.security.Policy
com.ibm.sec.authz.jaccplus.ApplicationPolicy
- public final class ApplicationPolicy
- extends java.security.Policy
The primary interface for invoking authorization decisions. It is an extension of
the Java Policy
class with additional methods to allow application context to
be provided as input to the decision.
The manner by which this class is instantiated depends on the use case.
A singleton instance of this class is provided that is shared across the entire server or JVM.
Tivoli Security Policy Manager customers should use this instance which is retrieved using the
static getPolicy()
method:
ApplicationPolicy pol = ApplicationPolicy.getPolicy();
In other use cases, a new instance of ApplicationPolicy that is self-contained can be used by constructing an instance and passing down configuration properties:
Properties props = new Properties(); ApplicationPolicy pol = new ApplicationPolicy( props );
Nested Class Summary
Nested classes/interfaces inherited from class java.security.Policy |
---|
java.security.Policy.Parameters |
Field Summary
Fields inherited from class java.security.Policy |
---|
UNSUPPORTED_EMPTY_COLLECTION |
Constructor Summary
Constructor and Description |
---|
ApplicationPolicy()
Default Constructor.
|
ApplicationPolicy(java.util.Properties props)
Constructs a new instance of ApplicationPolicy using the passed configuration properties.
|
Method Summary
Modifier and Type | Method and Description |
---|---|
|
getPermissions(java.security.CodeSource codesource)
Implementation of the
Policy getPermissions() implementation.
|
|
getPermissions(java.lang.String contextID,EvaluationContext evalCtx,java.lang.Class<?> permissionClass)
Calculates the set of entitlements, in the form of Permission objects, to which the current user
(as specified in the EvaluationContext) has access to.
|
|
getPolicy()
Gets the singleton instance of ApplicationPolicy.
|
|
implies(java.security.ProtectionDomain domain,java.security.Permission permission)
Implementation of the
Policy implies() method.
|
|
implies(java.lang.String contextID,EvaluationContext evalCtx,java.security.Permission permission)
This method evaluates the passed Permission against the the policy for the passed in context identifier.
|
|
implies(java.lang.String contextID,EvaluationContext evalCtx,java.security.PermissionCollection permCollection)
This method evaluates the given set of Permissions against the policy specified by the context
identifier passed.
|
|
lockPolicy(java.lang.String context)
Locks the policy underlying this context to ensure that multiple calls
to implies() are evaluated against the same policy.
|
|
refresh()
Refreshes, or reloads, the policy that makes access decisions.
|
|
unlockPolicy(java.lang.String context)
Unlocks the policy underlying this context, so that the policy to be refreshed
if any updates are pending.
|
Methods inherited from class java.security.Policy |
---|
getInstance, getInstance, getInstance, getParameters, getPermissions, getProvider, getType, setPolicy |
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail
ApplicationPolicy
- public ApplicationPolicy(java.util.Properties props)
props
- A properties object that contains all of the required configuration. ApplicationPolicy
- public ApplicationPolicy()
Method Detail
getPolicy
- public static ApplicationPolicy getPolicy( )
implies
- public boolean implies(java.security.ProtectionDomain domain,
- java.security.Permission permission)
Policy
implies() method. This is used by container
code; do not directly invoke it.
implies
in class java.security.Policy
implies
- public boolean implies(java.lang.String contextID,
- EvaluationContext evalCtx,
- java.security.Permission permission)
EvaluationContext
object.
contextID
- The context identifier for the policy to evaluate against. For customers of Tivoli
Security Policy Manager, this is the "Application ID" used when creating the service structure. evalCtx
- The EvaulationContext that has all of the attributes required for the evaluation. permission
- The permission object to evaluate. This will normally be an instance of
ApplicationPermission
. implies
- public boolean implies(java.lang.String contextID,
- EvaluationContext evalCtx,
- java.security.PermissionCollection permCollection)
If a DelegatedPermissionCollection
is passed to to this method, the PermissionCollection
is updated to contain only the Permissions that were implied.
contextID
- The context identifier for the policy to evaluate against. For customers of Tivoli
Security Policy Manager, this is the "Application ID" used when creating the service structure. evalCtx
- The EvaulationContext that has all of the attributes required for the evaluation. permCollection
- The collection of Permissions to evaluate. This should normally contain instances
of ApplicationPermission
. getPermissions
- public java.security.PermissionCollection getPermissions( java.security.CodeSource codesource)
Policy
getPermissions() implementation.
Delegates to the system-wide Policy.getPolicy() instance if available.
getPermissions
in class java.security.Policy
getPermissions
- public java.security.PermissionCollection getPermissions( java.lang.String contextID,
- EvaluationContext evalCtx,
- java.lang.Class<?> permissionClass)
Calculates the set of entitlements, in the form of Permission objects, to which the current user (as specified in the EvaluationContext) has access to.
The type of Permission that should be constructed is specified by the permissionClass
parameter. Only the ApplicationPermission
class is supported. If another Permission
class instance is passed, then an empty PermissionCollection is returned.
contextID
- The context identifier to get permissions for. For customers of Tivoli
Security Policy Manager this is the "Application ID" used when creating the service structure. evalCtx
- The EvaulationContext that has all of the attributes required. permissionClass
- The class specifying what type of Permission objects that should be
returned. refresh
- public void refresh()
refresh
in class java.security.Policy
lockPolicy
- public void lockPolicy(java.lang.String context)
context
- The context identifier to lock. For customers of Tivoli
Security Policy Manager, this is the "Application ID" used when creating the service structure. unlockPolicy
- public void unlockPolicy(java.lang.String context)
context
- The context identifier to unlock. For customers of Tivoli
Security Policy Manager, this is the "Application ID" used when creating the service structure.