站内搜索: 请输入搜索关键词
当前页面: 在线文档首页 > JBOSS Portal 2.2 API 英文版文档

PortalJaccPolicy - JBOSS Portal 2.2 API 英文版文档

Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jboss.portal.security.impl.jacc
Class PortalJaccPolicy

java.lang.Object
  extended byjava.security.Policy
      extended byorg.jboss.portal.security.impl.jacc.PortalJaccPolicy
public class PortalJaccPolicy
extends java.security.Policy

RipOff of the AppServer's DelegatingPolicy.

This is necessary to avoid redeployment issues with the access control checks. The DelegatingPolicy of the Application Server should be able to handle this, but I was not able to get it to work properly across redeployments. Idealy, the policy and the security service are defined external to the portal sar, but that raised other issues with the instatiation of the DelegatingPolicy and the external permission classes

Nested Class Summary
static class PortalJaccPolicy.PolicyProxy
          This proxy wrapper restricts the visible methods to only those from the Policy base class.
 
Constructor Summary
PortalJaccPolicy()
           
PortalJaccPolicy(java.security.Policy delegate)
           
 
Method Summary
 void commit(java.lang.String contextID)
          May need to make this synchronized to allow the move from the open to active policy map atomic.
 void delete(java.lang.String contextID)
           
 java.lang.Class[] getExternalPermissionTypes()
           
static java.security.Policy getInstance()
           
 java.security.PermissionCollection getPermissions(java.security.CodeSource cs)
          Return the permission collection associated with the cs.
 java.security.PermissionCollection getPermissions(java.security.ProtectionDomain domain)
           
 java.security.Policy getPolicyProxy()
          returning 'this' for now (instead of the proxy) since I need access to more functionality in the security provider's start().
 boolean implies(java.security.ProtectionDomain domain, java.security.Permission permission)
           
 java.lang.String listContextPolicies()
          Access the current ContextPolicy instances
 void refresh()
          We dynamically manage the active policies on commit so refresh is a noop.
 void setExternalPermissionTypes(java.lang.Class[] externalPermissionTypes)
           
 
Methods inherited from class java.security.Policy
getPolicy, setPolicy
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PortalJaccPolicy

public PortalJaccPolicy()

PortalJaccPolicy

public PortalJaccPolicy(java.security.Policy delegate)
Method Detail

getInstance

public static java.security.Policy getInstance()

getExternalPermissionTypes

public java.lang.Class[] getExternalPermissionTypes()

setExternalPermissionTypes

public void setExternalPermissionTypes(java.lang.Class[] externalPermissionTypes)

getPermissions

public java.security.PermissionCollection getPermissions(java.security.ProtectionDomain domain)

implies

public boolean implies(java.security.ProtectionDomain domain,
                       java.security.Permission permission)

getPermissions

public java.security.PermissionCollection getPermissions(java.security.CodeSource cs)
Return the permission collection associated with the cs. If there is no active JACC PolicyContext then the delegate value for getPermissions(CodeSource) is returned. Otherwise the JACC policy context permissions are returned.

Parameters:
cs - - the CodeSource
Returns:
the associated permission collection

refresh

public void refresh()
We dynamically manage the active policies on commit so refresh is a noop. Its not clear from the spec whether committed policies should not be visible until a refresh.

getPolicyProxy

public java.security.Policy getPolicyProxy()
returning 'this' for now (instead of the proxy) since I need access to more functionality in the security provider's start(). currently the policy is injected as an mbean attribute, hence we need an accessor like this one to get to it (since Policy is not an interface) todo: figure out how to protect this better and keep the functionality todo: or better: fix the DelegatingPolicy so that we can use it instead of this ;)

Returns:
A proxy for our Policy interface

listContextPolicies

public java.lang.String listContextPolicies()
Access the current ContextPolicy instances

Returns:
Map of the contextID to policy mappings

commit

public void commit(java.lang.String contextID)
            throws javax.security.jacc.PolicyContextException
May need to make this synchronized to allow the move from the open to active policy map atomic. Right now the assumption is that a single thread is active for a given contextID.

Parameters:
contextID -
Throws:
javax.security.jacc.PolicyContextException

delete

public void delete(java.lang.String contextID)
            throws javax.security.jacc.PolicyContextException
Throws:
javax.security.jacc.PolicyContextException
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD