Package org.wildfly.security.authz.jacc

Class JaccDelegatingPolicy

java.lang.Object

java.security.Policy

org.wildfly.security.authz.jacc.JaccDelegatingPolicy

public class JaccDelegatingPolicy
extends Policy

A Policy implementation that knows how to process JACC permissions.

Elytron's JACC implementation is fully integrated with the Permission Mapping API, which allows users to specify custom permissions for a SecurityDomain and its identities by configuring a PermissionMapper. In this case, the permissions are evaluated considering both JACC-specific permissions (as defined by the specs) and also the ones associated with the current and authorized SecurityIdentity.

Author:

Pedro Igor

Nested Class Summary

Nested classes/interfaces inherited from class java.security.Policy

Policy.Parameters

Field Summary

Fields

Modifier and Type	Field	Description
private static String	ANY_AUTHENTICATED_USER_ROLE
private Policy	delegate
private static PrivilegedAction<Policy>	GET_POLICY_ACTION
private Set<Class<? extends Permission>>	supportedPermissionTypes

Fields inherited from class java.security.Policy

UNSUPPORTED_EMPTY_COLLECTION

Constructor Summary

Constructors

Constructor	Description
JaccDelegatingPolicy()	Create a new instance.
JaccDelegatingPolicy(Policy delegate)	Create a new instance based on the given delegate.

Method Summary

Modifier and Type	Method	Description
private void	extractRolesFromCurrentIdentity(Set<String> roles)
private void	extractRolesFromProtectionDomain(ProtectionDomain domain, Set<String> roles)
private SecurityIdentity	getCurrentSecurityIdentity()
PermissionCollection	getPermissions(CodeSource codeSource)
PermissionCollection	getPermissions(ProtectionDomain domain)
boolean	implies(ProtectionDomain domain, Permission permission)
private boolean	impliesExcludedPermission(Permission permission, ElytronPolicyConfiguration policyConfiguration)
private boolean	impliesIdentityPermission(Permission permission)
private boolean	impliesRolePermission(ProtectionDomain domain, Permission permission, ElytronPolicyConfiguration policyConfiguration)
private boolean	impliesUncheckedPermission(Permission permission, ElytronPolicyConfiguration policyConfiguration)
private boolean	isJaccPermission(Permission permission)
void	refresh()

Methods inherited from class java.security.Policy

getInstance, getInstance, getInstance, getParameters, getPolicy, getProvider, getType, setPolicy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

GET_POLICY_ACTION

private static final PrivilegedAction<Policy> GET_POLICY_ACTION

ANY_AUTHENTICATED_USER_ROLE

private static final String ANY_AUTHENTICATED_USER_ROLE

See Also:

Constant Field Values

delegate

private final Policy delegate

supportedPermissionTypes

private final Set<Class<? extends Permission>> supportedPermissionTypes

Constructor Detail

JaccDelegatingPolicy

public JaccDelegatingPolicy()

Create a new instance. In this case, the current policy will be automatically obtained and used to delegate method calls.

JaccDelegatingPolicy

public JaccDelegatingPolicy(Policy delegate)

Create a new instance based on the given delegate.

Parameters:

delegate - the policy that will be used to delegate method calls

Method Detail

implies

public boolean implies(ProtectionDomain domain,
                       Permission permission)

Overrides:

implies in class Policy

getPermissions

public PermissionCollection getPermissions(ProtectionDomain domain)

Overrides:

getPermissions in class Policy

getPermissions

public PermissionCollection getPermissions(CodeSource codeSource)

Overrides:

getPermissions in class Policy

refresh

public void refresh()

Overrides:

refresh in class Policy

impliesIdentityPermission

private boolean impliesIdentityPermission(Permission permission)

getCurrentSecurityIdentity

private SecurityIdentity getCurrentSecurityIdentity()

extractRolesFromCurrentIdentity

private void extractRolesFromCurrentIdentity(Set<String> roles)
                                      throws javax.security.jacc.PolicyContextException,
                                             ClassNotFoundException

Throws:

javax.security.jacc.PolicyContextException

ClassNotFoundException

extractRolesFromProtectionDomain

private void extractRolesFromProtectionDomain(ProtectionDomain domain,
                                              Set<String> roles)

impliesRolePermission

private boolean impliesRolePermission(ProtectionDomain domain,
                                      Permission permission,
                                      ElytronPolicyConfiguration policyConfiguration)
                               throws javax.security.jacc.PolicyContextException,
                                      ClassNotFoundException

Throws:

javax.security.jacc.PolicyContextException

ClassNotFoundException

impliesUncheckedPermission

private boolean impliesUncheckedPermission(Permission permission,
                                           ElytronPolicyConfiguration policyConfiguration)

impliesExcludedPermission

private boolean impliesExcludedPermission(Permission permission,
                                          ElytronPolicyConfiguration policyConfiguration)

isJaccPermission

private boolean isJaccPermission(Permission permission)