issrg.jaas
Class PermisPolicyImpl

java.lang.Object
  extended byjava.security.Policy
      extended byissrg.jaas.PermisPolicyImpl

public class PermisPolicyImpl
extends java.security.Policy

This class implements the Java Policy functionality, where the decisions are made based on the PERMIS XML Policy and the attributes of the Subject that has currently logged in. The attributes may be present in a form of X.509 Attribute Certificates, which are validated using PERMIS RBAC authorisation and privilege management system.

At the moment only two methods are overridden, so the default java.security.Policy behaviour is used for the other methods.


Field Summary
static Credentials PUBLIC_ACCESS_CREDENTIALS
           
 
Constructor Summary
PermisPolicyImpl()
           
 
Method Summary
 AccessPolicy getAccessPolicy(java.security.CodeSource cs)
          This method returns a AccessPolicy with the rules pertaining this particular CodeSource only.
 Credentials getCredentials()
           
 Credentials getCredentials(javax.security.auth.Subject s)
           
 java.util.Map getEnv()
          This method returns the Environment to be used at decision-making time.
 java.security.PermissionCollection getPermissions(java.security.CodeSource cs)
          This method gets the PermissionCollection for the given CodeSource.
 void refresh()
           
 
Methods inherited from class java.security.Policy
getPermissions, getPolicy, implies, setPolicy
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PUBLIC_ACCESS_CREDENTIALS

public static final Credentials PUBLIC_ACCESS_CREDENTIALS
Constructor Detail

PermisPolicyImpl

public PermisPolicyImpl()
Method Detail

getPermissions

public java.security.PermissionCollection getPermissions(java.security.CodeSource cs)
This method gets the PermissionCollection for the given CodeSource. First it checks if there are any Permissions already cached for this CodeSource, and if so, those are used; otherwise a new one is constructed and cached for further use.

If the target is out of target domain of PERMIS policy, an empty set of Permissions is returned - the code from an unknown domain will be denied any privileged action!


refresh

public void refresh()

getAccessPolicy

public AccessPolicy getAccessPolicy(java.security.CodeSource cs)
This method returns a AccessPolicy with the rules pertaining this particular CodeSource only. It looks in the cache of saved AccessPolicies, and if no matching AccessPolicy is found, it refines the PERMIS-wide AccessPolicy to filter out the unnecessary rules (so that decisions will be made faster).


getCredentials

public Credentials getCredentials()

getCredentials

public Credentials getCredentials(javax.security.auth.Subject s)

getEnv

public java.util.Map getEnv()
This method returns the Environment to be used at decision-making time.