Skip navigation links

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Oracle Fusion Middleware Oracle Platform Security Services API Reference
11g Release 1 (11.1.1)
E14650-01
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

oracle.security.jps.service.policystore
Interface PolicyMgmt

All Known Subinterfaces:
ApplicationPolicy, PolicyStore
public interface PolicyMgmt

This interface defines policy provisioning APIs

Method Summary
 java.util.List<GrantEntry> getGrantEntries()
          Get all the grants defined in this scope (system or application).
 void grant(java.util.List<PrincipalEntry> principalEntries, CodeSourceEntry csEntry, java.util.List<PermissionEntry> permissionEntries)
          Grant a set of permissions to this group of principals and code source, or otherwise collectively known as the grantee.
 void grant(java.security.Principal[] principals, java.security.CodeSource cs, java.security.Permission[] perms)
          Grant a set of permissions to this group of principals and code source, or otherwise collectively known as the grantee.
 void modifyGrant(java.util.List<PrincipalEntry> principalEntries, CodeSourceEntry csEntry, PermissionEntry oldpermissionEntry, PermissionEntry newPermissionEntry)
          Modifies a grant by replacing the permission in an existing grant with a given permission if not already present.
 void revoke(java.util.List<PrincipalEntry> principalEntries, CodeSourceEntry csEntry, java.util.List<PermissionEntry> permissionEntries)
          Revoke a grant of permissions from this set of principals and codesource combination
 void revoke(java.security.Principal[] principals, java.security.CodeSource cs, java.security.Permission[] perms)
          Revoke a grant of permissions from this set of principals and codesource combination.

 

Method Detail

grant

void grant(java.security.Principal[] principals,
           java.security.CodeSource cs,
           java.security.Permission[] perms)
           throws PolicyObjectAlreadyExistsException,
                  PolicyStoreException
Grant a set of permissions to this group of principals and code source, or otherwise collectively known as the grantee.

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission( "context=APPLICATION,name=application stripe" , "grant"). OR for PolicyStoreAccessPermission("context=SYSTEM", "grant" This may result in an AccessControlException or SecurityException

Parameters:
principals - the set of principals to grant the permission(s) for
cs - the code source
perms - the set of permissions
Throws:
PolicyObjectAlreadyExistsException - if the grantee is already granted the requested permissions.
PolicyStoreException - if an error occured during this grant operation
java.lang.NullPointerException - if permissions is empty, or if a principal in the principals array is empty.

grant

void grant(java.util.List<PrincipalEntry> principalEntries,
           CodeSourceEntry csEntry,
           java.util.List<PermissionEntry> permissionEntries)
           throws PolicyObjectAlreadyExistsException,
                  PolicyStoreException
Grant a set of permissions to this group of principals and code source, or otherwise collectively known as the grantee.

Use this method only the if the grantee or PermissionEntries cannot be instantiated. Sometimes, the class that implements the principal, or the permission may not be available in the classloader. In such situations, this method can be used to perform a grant.

This method searches for an existing grantee by comparing the corresponding string values of the grantee, which are the principal classname, principal name and the code source URL. Therefore, the grantee search is not exact and may not be entirely accurate since the Principal objects are not compared.

Similarly, when the permissions are granted, the check for duplicate permissions is performed by string comparisons of the permission attributes - namely the permission classname, permissions name and the permission action. Also since the Permission object is not created, it is not possible to verify if the PermissionEntry is valid or not.

The caller is responsible for the grantee and permissions values supplied as parameters in this method.

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission( "context=APPLICATION,name=application stripe" , "grant"). OR for PolicyStoreAccessPermission("context=SYSTEM", "grant" This may result in an AccessControlException or SecurityException

Parameters:
principalEntries - principal entries that constitute the grantee
csEntry - codesource entry that constitute the grantee
permissionEntries - permissions to grant.
Throws:
PolicyObjectAlreadyExistsException - - if the grantee is already granted the requested permissions.
PolicyStoreException - if an error occured during this grant operation.
java.lang.NullPointerException - if permissions is empty, or if a principal in the principals array is empty.

revoke

void revoke(java.security.Principal[] principals,
            java.security.CodeSource cs,
            java.security.Permission[] perms)
            throws PolicyObjectNotFoundException,
                   PolicyStoreException
Revoke a grant of permissions from this set of principals and codesource combination. The revoke aplies to all global/system policies or just one particular application's policy based on whether this API is invoked on a PolicyStore or invoked on ApplicationPolicy.

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission( "context=APPLICATION,name=application stripe" , "revoke"). OR for PolicyStoreAccessPermission("context=SYSTEM", "revoke" This may result in an AccessControlException or SecurityException

Parameters:
principals - - the set of principals to revoke the permission(s) from
cs - - the code source
perms - - the set of permissions
Throws:
PolicyObjectNotFoundException - - if this object is not found
PolicyStoreException - - if an error occured during this revoke operation
java.lang.NullPointerException - if permissions is empty, or if a principal in the principals array is empty.

revoke

void revoke(java.util.List<PrincipalEntry> principalEntries,
            CodeSourceEntry csEntry,
            java.util.List<PermissionEntry> permissionEntries)
            throws PolicyObjectNotFoundException,
                   PolicyStoreException
Revoke a grant of permissions from this set of principals and codesource combination

Use this method only the if the grantee or PermissionEntries cannot be instantiated. Sometimes, the class that implements the principal, or the permission may not be available in the classloader. In such situations, this method can be used to perform a grant.

This method searches for an existing grantee by comparing the corresponding string values of the grantee, which are the principal classname, principal name and the code source URL. Therefore, the grantee search is not exact and may not be entirely accurate since the Principal objects are not compared.

Similarly, when the permissions are revoked, the check for an existing permissions is performed by string comparisons of the permission attributes - namely the permission classname, permissions name and the permission action. Also since the Permission object is not created, it is not possible to verify if the PermissionEntry is valid or not.

The caller is responsible for the grantee and permissions values supplied as parameters in this method.

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission( "context=APPLICATION,name=application stripe" , "revoke"). OR for PolicyStoreAccessPermission("context=SYSTEM", "revoke" This may result in an AccessControlException or SecurityException

Parameters:
principalEntries - principal entries that constitute the grantee
csEntry - codesource entry that constitute the grantee
permissionEntries - permissions to grant.
Throws:
PolicyObjectNotFoundException - if the grantee or permissions are not found.
PolicyStoreException - if an error occured during this revoke operation.
java.lang.NullPointerException - if permissions is empty, or if a principal in the principals array is empty.

getGrantEntries

java.util.List<GrantEntry> getGrantEntries()
                                           throws PolicyStoreException
Get all the grants defined in this scope (system or application).
Returns:
The GrantEntry list
Throws:
PolicyStoreException - if an error occured during this operation

modifyGrant

void modifyGrant(java.util.List<PrincipalEntry> principalEntries,
                 CodeSourceEntry csEntry,
                 PermissionEntry oldpermissionEntry,
                 PermissionEntry newPermissionEntry)
                 throws PolicyObjectNotFoundException,
                        PolicyStoreException
Modifies a grant by replacing the permission in an existing grant with a given permission if not already present. The implementation for the file based xml policystore should ensure that that the change to the underlying persisted XML File is minimal after this api is invoked This checks for PolicyStoreAccessPermission( "context=APPLICATION,name=application stripe" , "revoke"). OR for PolicyStoreAccessPermission("context=SYSTEM", "revoke" AND for PolicyStoreAccessPermission( "context=APPLICATION,name=application stripe" , "grant"). OR for PolicyStoreAccessPermission("context=SYSTEM", "grant" This may result in an AccessControlException or SecurityException
Parameters:
principalEntries - List of principal entries that defines the grant
csEntry - codesource entry that defines the grant
oldpermissionEntry - old permission entry to be replaced
newPermissionEntry - new permission entry to be put in
Throws:
PolicyObjectNotFoundException - thrown if the grant or old permission is not found
PolicyStoreException - internal policy store error
java.lang.NullPointerException - if principalEntries list is empty or oldpermissionEntry or newPermissionEntry is null.

Skip navigation links

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Oracle Fusion Middleware Oracle Platform Security Services API Reference
11g Release 1 (11.1.1)
E14650-01
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

Copyright © 2009, Oracle. All rights reserved.