Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 JAAS Provider Java API Reference
10g (9.0.4.0.0)
B10389-01
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

oracle.security.jazn.policy
Interface JAZNPolicy

All Known Subinterfaces:
GlobalPolicy, RealmPolicy
public interface JAZNPolicy

An Policy object represents the repository of authorization policies.

To be more precise, the policy deals with the assignment of permissions or privileges to grantees (which can be users or roles or any valid Grantee).

Granting/Revoking Policies

In order for a grant/revocation to succeed, the grantor/revoker (represented by the current Subject) must have the relevant permissions granted to him/her.

Policy Snapshot

In general the methods that return a list or set represents a snapshot of the policy store at the time of query. If the policy store is further modified, the returned set of permissions/roles may no longer be valid.

Policy Cache

In general the Policy implementation should cache the policy information, so that repeated calls using the same parameters do not result in repeated network roundtrips to the backing store.

This interface also defines methods that change the persistent state of the policy store (e.g. grant/revokeXXX methods). The implementation should take care to ensure that whenever a grant/revoke is effected the relevant cache entries are invalidated.

Method Summary
 PermissionCollection getPermissions(CodeSource codesource)
          Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for code from the specified code source.
 PermissionCollection getPermissions(Grantee grantee, Class perm_cls)
          Lists all permissions of the specified Class granted to this grantee.
 PermissionCollection getPermissions(ProtectionDomain domain)
          Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed given the characteristics of the protection domain.
 PermissionCollection getPermissions(Subject subject, CodeSource cs)
          Retrieve the Permissions granted to the Principals associated with the specified CodeSource.
 void grant(Grantee grantee, Permission perm)
          Grants a permission to the specified grantee, optionally with admin option.
 boolean hasPermission(Grantee grantee, Permission perm)
          Returns true if the grantee in question can assume the specified permission.
 void refresh()
          Refresh and reload the Policy
 void revoke(Grantee grantee, Permission perm)
          Revokes the permission from the specified grantee

 

Method Detail

grant

public void grant(Grantee grantee,
Permission perm)
           throws JAZNException
Grants a permission to the specified grantee, optionally with admin option.
Parameters:
grantee - the grantee to be granted the specified permission
perm - the permission to be granted
Throws:
JAZNException - if a JAZN exception is encountered.
SecurityException - if the caller does not have the permission to invoke this method

revoke

public void revoke(Grantee grantee,
Permission perm)
            throws JAZNException
Revokes the permission from the specified grantee
Parameters:
grantee - the specified grantee
perm - the specified permission to be revoked
Throws:
JAZNException - if a JAZN exception is encountered.
SecurityException - if the caller does not have the permission to invoke this method

getPermissions

public PermissionCollection getPermissions(Grantee grantee,
Class perm_cls)
                                    throws JAZNException
Lists all permissions of the specified Class granted to this grantee.
Parameters:
grantee - the grantee in question
perm_cls - the permission Class of which the returning permissions will be instances of
Returns:
permissions of the specified class granted to the specified grantee
Throws:
SecurityException - if the caller does not have the permission required to invoke this method.
JAZNException

hasPermission

public boolean hasPermission(Grantee grantee,
Permission perm)
                      throws JAZNException
Returns true if the grantee in question can assume the specified permission.
Parameters:
grantee - the grantee in question
perm - the specified permission
Returns:
true if the grantee in question can assume the specified permission.
Throws:
SecurityException - if the caller does not have the permission required to invoke this method.
JAZNException

getPermissions

public PermissionCollection getPermissions(Subject subject,
CodeSource cs)
Retrieve the Permissions granted to the Principals associated with the specified CodeSource.
Parameters:
subject - the Subject whose associated Principals, in conjunction with the provided CodeSource, determines the Permissions returned by this method. This parameter may be null.
cs - the code specified by its CodeSource that determines, in conjunction with the provided Subject, the Permissions returned by this method. This parameter may be null.
Returns:
the Collection of Permissions granted to all the Subject and code specified in the provided subject and cs parameters.
See Also:
Policy

getPermissions

public PermissionCollection getPermissions(CodeSource codesource)
Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for code from the specified code source.
Parameters:
codesource - the CodeSource associated with the caller. This encapsulates the original location of the code (where the code came from) and the public key(s) of its signer.
Returns:
the set of permissions allowed for code from codesource according to the policy.
Throws:
SecurityException - if the current thread does not have permission to call getPermissions on the policy object.
See Also:
Policy

getPermissions

public PermissionCollection getPermissions(ProtectionDomain domain)
Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed given the characteristics of the protection domain.
Parameters:
domain - the ProtectionDomain associated with the caller.
Returns:
the set of permissions allowed for the domain according to the policy.The returned set of permissions must be a new mutable instance and it must support heterogeneous Permission types.
Since:
1.4
See Also:
ProtectionDomain, SecureClassLoader

refresh

public void refresh()
Refresh and reload the Policy
Throws:
SecurityException - if the caller does not have permission to refresh the Policy.
See Also:
Policy
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 JAAS Provider Java API Reference
10g (9.0.4.0.0)
B10389-01
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright 2002, 2003 Oracle Corporation. All Rights Reserved.