PolicyStore (Oracle Fusion Middleware Oracle Platform Security Services API Reference)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

Oracle Fusion Middleware Oracle Platform Security Services API Reference
11g Release 1 (11.1.1)
E14650-01

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

oracle.security.jps.service.policystore
Interface PolicyStore

All Superinterfaces:: JavaPolicy, JpsPersistable, PolicyMgmt, ServiceInstance

public interface PolicyStore

extends ServiceInstance, JavaPolicy, PolicyMgmt

Nested Class Summary

Nested classes/interfaces inherited from interface oracle.security.jps.service.JpsPersistable
`JpsPersistable.Mode`

Method Summary
`java.util.Set<ResourceActionsEntry>`	`checkBulkAuthorization(javax.security.auth.Subject subject, java.util.Set<ResourceActionsEntry> requestedResources)` Determines whether the subject has access one or more Resource Actions.
`ApplicationPolicy`	`createApplicationPolicy(java.lang.String appId)` Creates an application policy given the application name - `appid`.
`void`	`deleteApplicationPolicy(java.lang.String appId)` Delete an application policy given the application name - `appid`.
`java.util.Map<java.lang.String,ApplicationPolicy>`	`getApplicationPolicies()` Deprecated. Use `getApplicationPolicy(String appId)` Returns a map of applications and their policies managed by this PolicyStore This may in turn be queried for application roles, and policies provisioned for a given application
`ApplicationPolicy`	`getApplicationPolicy(java.lang.String appId)` Returns a application policy for the given application by this PolicyStore This may in turn be queried for application roles, and policies provisioned for a given application
`java.util.List<java.lang.String>`	`getConfiguredApplications()` This APIs returns the list of applications present in the policy store.
`PolicyStoreType`	`getPolicyStoreType()` Returns the underlying Policy Storage mechanism (XML, LDAP, etc).
`JavaPolicy`	`getSystemPolicy()` Returns the "system" or "non-app-specific" or "global" policy

Methods inherited from interface oracle.security.jps.service.ServiceInstance
`accept, getName, getServiceProvider`

Methods inherited from interface oracle.security.jps.service.JpsPersistable
`persist, refresh`

Methods inherited from interface oracle.security.jps.jaas.JavaPolicy
`getPermissions, getPermissions, getPermissions, getPermissions, getPermissions, hasPermission, implies, refresh`

Methods inherited from interface oracle.security.jps.service.policystore.PolicyMgmt
`getGrantEntries, grant, grant, modifyGrant, revoke, revoke`

Method Detail

getApplicationPolicies

@Deprecated
java.util.Map<java.lang.String,ApplicationPolicy> getApplicationPolicies()
                                                                         throws PolicyStoreException

Deprecated. Use getApplicationPolicy(String appId) Returns a map of applications and their policies managed by this PolicyStore This may in turn be queried for application roles, and policies provisioned for a given application

Returns:: the app-specific policies managed by this PolicyStore
Throws:: PolicyStoreException - - if there is an error during this policy operation

getConfiguredApplications

java.util.List<java.lang.String> getConfiguredApplications()
                                                           throws PolicyStoreException

This APIs returns the list of applications present in the policy store.

Returns:: array of applications present in the policy store
Throws:: PolicyStoreException

getApplicationPolicy

ApplicationPolicy getApplicationPolicy(java.lang.String appId)
                                       throws PolicyObjectNotFoundException,
                                              PolicyStoreException

Returns a application policy for the given application by this PolicyStore This may in turn be queried for application roles, and policies provisioned for a given application

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Application's stripe id" , "getApplicationPolicy"). This permission allows one to "read" from an application Policy. Further permissions are required to alter/ write to the ApplicationPolicy. This may result in an AccessControlException or SecurityException

Parameters:: appId - name of the application
Returns:: ApplicationPolicy the app-specific policy managed by this PolicyStore
Throws:: PolicyObjectNotFoundException - requested policy object does not exist; PolicyStoreException - if there is an error during this policy operation; java.lang.NullPointerException - if application name is empty.

getSystemPolicy

JavaPolicy getSystemPolicy()
                           throws PolicyStoreException

Returns the "system" or "non-app-specific" or "global" policy

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=SYSTEM" , "getSystemPolicy"). This may result in an AccessControlException or SecurityException

Returns:: the "system" or "non-app-specific" policy
Throws:: PolicyStoreException - - if there is an error during this operation

createApplicationPolicy

ApplicationPolicy createApplicationPolicy(java.lang.String appId)
                                          throws PolicyObjectAlreadyExistsException,
                                                 PolicyStoreException

Creates an application policy given the application name - appid.

If neccessary, create an application policy and return to caller. Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Applicaiton's stripe Id" , "createApplicationPolicy"). This may result in an AccessControlException or SecurityException

Parameters:: appId -
Returns:: ApplicationPolicy - the created policy
Throws:: PolicyObjectAlreadyExistsException - if this application policy already exists; PolicyStoreException - if there is an error during creation of the policy; java.lang.NullPointerException - if application name is empty.

deleteApplicationPolicy

void deleteApplicationPolicy(java.lang.String appId)
                             throws PolicyObjectNotFoundException,
                                    PolicyStoreException

Delete an application policy given the application name - appid.

Based on the algorithm in JpsAuth this checks for PolicyStoreAccessPermission("context=APPLICATION,name=Applicaiton's stripe Id" , "deleteApplicationPolicy"). This may result in an AccessControlException or SecurityException

Parameters:: appId -
Throws:: PolicyObjectNotFoundException - if this application policy does not exist; PolicyStoreException - if there is an error during deletion of the policy; java.lang.NullPointerException - if application name is empty.

getPolicyStoreType

PolicyStoreType getPolicyStoreType()

Returns the underlying Policy Storage mechanism (XML, LDAP, etc).

Returns:: PolicyStoreType - underlying policy storage mechanism.

checkBulkAuthorization

java.util.Set<ResourceActionsEntry> checkBulkAuthorization(javax.security.auth.Subject subject,
                                                           java.util.Set<ResourceActionsEntry> requestedResources)
                                                           throws PolicyStoreException

Determines whether the subject has access one or more Resource Actions.

Following example illustrates how to invoke this method

    
     import oracle.security.jps.*;
     import oracle.security.jps.util.*;
     import oracle.security.jps.service.policystore.*;
     import oracle.security.jps.service.policystore.info.*;
     import oracle.security.jps.service.policystore.info.common.*;
     import oracle.security.jps.service.policystore.info.resource.*;
     import oracle.security.jps.service.policystore.search.*;
     import java.util.*;
     import java.security.*;
     import javax.security.auth.*;
    
     ...

     PolicyStore ps;  // the current PolicyStore

      // Construct the requested Resource-Actions
     Set<ResourceActionsEntry> requestedResources = new HashSet<ResourceActionsEntry>();
     ResourceActionsEntry aResourceActionsEntry;
     Set<String> allowedActions;
        
     // actions for this resource 
     allowedActions = new HashSet<String>();
     allowedActions.add("read");
     allowedActions.add("write");
 
 
     // Build one resource-actions
     // Assuming FILE is a pre-existing resource type defined in the application 'application_1'
     aResourceActionsEntry = InfoFactory.newResourceActionsEntry("FILE", "/tmp", allowedActions, "application_1");
 
     // and add it to the request
     requestedResources.add ( aResourceActionsEntry );
 
     // build one more resource-actions 
     allowedActions = new HashSet<String>();
     allowedActions.add("connect");
     // Assuming SOCKET is a pre-existing resource type defined in the application 'application2'
     aResourceActionsEntry = InfoFactory.newResourceActionsEntry("SOCKET", "somehost:9999", allowedActions, "application_2");
     requestedResources.add ( aResourceActionsEntry );

     // Create a Subject (not shown here)
     Subject jdoe;
     Set<ResourceActionsEntry> allowedResources; 
 
     // Return result has the allowed resource-actions
     allowedResources = ps.checkBulkAuthorization(jdoe, requestedResources);

Parameters:: caller - the Subject to authorize; requestedResources - a Set of resource actions the caller is requesting access to.
NOTE: Multiple actions in the ResourceActionsEntry correspond to action1 AND action2 ... AND action_n.
Returns:: the set of resource actions the caller is authorized to access from the supplied requestedResources. Resource Actions the caller cannot access are not included in the return result.
If the Subject is not authorized to all the resoure-actions, an empty Set is returned.
Throws:: PolicyStoreException - if an error occurs while evaluating the request.
See Also:: InfoFactory.newResourceActionsEntry(String,String,Set,String)