|
JAAS Provider Java API Reference 10g (9.0.4.0.0) B10389-01 | ||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
An Policy object represents the repository of authorization policies.
To be more precise, the policy deals with the assignment of permissions or privileges to grantees (which can be users or roles or any valid Grantee).
Granting/Revoking Policies
In order for a grant/revocation to succeed, the grantor/revoker (represented by the current Subject) must have the relevant permissions granted to him/her.
Policy Snapshot
In general the methods that return a list or set represents a snapshot of the policy store at the time of query. If the policy store is further modified, the returned set of permissions/roles may no longer be valid.
Policy Cache
In general the Policy implementation should cache the policy information, so that repeated calls using the same parameters do not result in repeated network roundtrips to the backing store.
This interface also defines methods that change the persistent state of the policy store (e.g. grant/revokeXXX methods). The implementation should take care to ensure that whenever a grant/revoke is effected the relevant cache entries are invalidated.
Method Summary | |
PermissionCollection |
getPermissions(CodeSource codesource) Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for code from the specified code source. |
PermissionCollection |
getPermissions(Grantee grantee, Class perm_cls) Lists all permissions of the specified Class granted to this grantee. |
PermissionCollection |
getPermissions(ProtectionDomain domain) Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed given the characteristics of the protection domain. |
PermissionCollection |
getPermissions(Subject subject, CodeSource cs) Retrieve the Permissions granted to the Principals associated with the specified CodeSource. |
void |
grant(Grantee grantee, Permission perm) Grants a permission to the specified grantee, optionally with admin option. |
boolean |
hasPermission(Grantee grantee, Permission perm) Returns true if the grantee in question can assume the specified permission. |
void |
refresh() Refresh and reload the Policy |
void |
revoke(Grantee grantee, Permission perm) Revokes the permission from the specified grantee |
Method Detail |
public void grant(Grantee grantee, Permission perm) throws JAZNException
grantee
- the grantee to be granted the specified permissionperm
- the permission to be grantedJAZNException
- if a JAZN exception is encountered.SecurityException
- if the caller does not have the permission to invoke this methodpublic void revoke(Grantee grantee, Permission perm) throws JAZNException
grantee
- the specified granteeperm
- the specified permission to be revokedJAZNException
- if a JAZN exception is encountered.SecurityException
- if the caller does not have the permission to invoke this methodpublic PermissionCollection getPermissions(Grantee grantee, Class perm_cls) throws JAZNException
grantee
- the grantee in questionperm_cls
- the permission Class of which the returning permissions will be instances ofSecurityException
- if the caller does not have the permission required to invoke this method.JAZNException
public boolean hasPermission(Grantee grantee, Permission perm) throws JAZNException
grantee
- the grantee in questionperm
- the specified permissionSecurityException
- if the caller does not have the permission required to invoke this method.JAZNException
public PermissionCollection getPermissions(Subject subject, CodeSource cs)
subject
- the Subject whose associated Principals, in conjunction with the provided CodeSource, determines the Permissions returned by this method. This parameter may be null.cs
- the code specified by its CodeSource that determines, in conjunction with the provided Subject, the Permissions returned by this method. This parameter may be null.Policy
public PermissionCollection getPermissions(CodeSource codesource)
codesource
- the CodeSource associated with the caller. This encapsulates the original location of the code (where the code came from) and the public key(s) of its signer.SecurityException
- if the current thread does not have permission to call getPermissions
on the policy object.Policy
public PermissionCollection getPermissions(ProtectionDomain domain)
domain
- the ProtectionDomain associated with the caller.ProtectionDomain
, SecureClassLoader
public void refresh()
SecurityException
- if the caller does not have permission to refresh the Policy.Policy
|
JAAS Provider Java API Reference 10g (9.0.4.0.0) B10389-01 | ||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |