issrg.jaas
Class PermisPolicyImpl
java.lang.Object
java.security.Policy
issrg.jaas.PermisPolicyImpl
- public class PermisPolicyImpl
- extends java.security.Policy
This class implements the Java Policy functionality, where the decisions are
made based on the PERMIS XML Policy and the attributes of the Subject that
has currently logged in. The attributes may be present in a form of X.509
Attribute Certificates, which are validated using PERMIS RBAC authorisation
and privilege management system.
At the moment only two methods are overridden, so the default
java.security.Policy behaviour is used for the other methods.
Method Summary |
AccessPolicy |
getAccessPolicy(java.security.CodeSource cs)
This method returns a AccessPolicy with the rules pertaining this
particular
CodeSource only. |
Credentials |
getCredentials()
|
Credentials |
getCredentials(javax.security.auth.Subject s)
|
java.util.Map |
getEnv()
This method returns the Environment to be used at decision-making time. |
java.security.PermissionCollection |
getPermissions(java.security.CodeSource cs)
This method gets the PermissionCollection for the given CodeSource. |
void |
refresh()
|
Methods inherited from class java.security.Policy |
getPermissions, getPolicy, implies, setPolicy |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
PUBLIC_ACCESS_CREDENTIALS
public static final Credentials PUBLIC_ACCESS_CREDENTIALS
PermisPolicyImpl
public PermisPolicyImpl()
getPermissions
public java.security.PermissionCollection getPermissions(java.security.CodeSource cs)
- This method gets the PermissionCollection for the given CodeSource. First
it checks if there are any Permissions already cached for this CodeSource,
and if so, those are used; otherwise a new one is constructed and cached
for further use.
If the target is out of target domain of PERMIS policy, an empty set
of Permissions is returned - the code from an unknown domain will be
denied any privileged action!
refresh
public void refresh()
getAccessPolicy
public AccessPolicy getAccessPolicy(java.security.CodeSource cs)
- This method returns a AccessPolicy with the rules pertaining this
particular
CodeSource only. It looks in the cache of saved AccessPolicies, and if no
matching AccessPolicy is found, it refines the PERMIS-wide AccessPolicy
to filter out the unnecessary rules (so that decisions will be made
faster).
getCredentials
public Credentials getCredentials()
getCredentials
public Credentials getCredentials(javax.security.auth.Subject s)
getEnv
public java.util.Map getEnv()
- This method returns the Environment to be used at decision-making time.