PolicyFile.java example

Explorer
openjdk-master
/*
 * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package com.sun.security.auth;

import java.security.CodeSource;
import java.security.PermissionCollection;
import javax.security.auth.Subject;

/**
 * This class represents a default implementation for
 * {@code javax.security.auth.Policy}.
 *
 * <p> This object stores the policy for entire Java runtime,
 * and is the amalgamation of multiple static policy
 * configurations that resides in files.
 * The algorithm for locating the policy file(s) and reading their
 * information into this {@code Policy} object is:
 *
 * <ol>
 * <li>
 *   Loop through the security properties,
 *   <i>auth.policy.url.1</i>, <i>auth.policy.url.2</i>, ...,
 *   <i>auth.policy.url.X</i>".
 *   Each property value specifies a {@code URL} pointing to a
 *   policy file to be loaded.  Read in and load each policy.
 *
 * <li>
 *   The {@code java.lang.System} property <i>java.security.auth.policy</i>
 *   may also be set to a {@code URL} pointing to another policy file
 *   (which is the case when a user uses the -D switch at runtime).
 *   If this property is defined, and its use is allowed by the
 *   security property file (the Security property,
 *   <i>policy.allowSystemProperty</i> is set to <i>true</i>),
 *   also load that policy.
 *
 * <li>
 *   If the <i>java.security.auth.policy</i> property is defined using
 *   "==" (rather than "="), then ignore all other specified
 *   policies and only load this policy.
 * </ol>
 *
 * Each policy file consists of one or more grant entries, each of
 * which consists of a number of permission entries.
 *
 * <pre>
 *   grant signedBy "<b>alias</b>", codeBase "<b>URL</b>",
 *         principal <b>principalClass</b> "<b>principalName</b>",
 *         principal <b>principalClass</b> "<b>principalName</b>",
 *         ... {
 *
 *     permission <b>Type</b> "<b>name</b> "<b>action</b>",
 *         signedBy "<b>alias</b>";
 *     permission <b>Type</b> "<b>name</b> "<b>action</b>",
 *         signedBy "<b>alias</b>";
 *     ....
 *   };
 * </pre>
 *
 * All non-bold items above must appear as is (although case
 * doesn't matter and some are optional, as noted below).
 * Italicized items represent variable values.
 *
 * <p> A grant entry must begin with the word {@code grant}.
 * The {@code signedBy} and {@code codeBase}
 * name/value pairs are optional.
 * If they are not present, then any signer (including unsigned code)
 * will match, and any codeBase will match.  Note that the
 * {@code principal} name/value pair is not optional.
 * This {@code Policy} implementation only permits
 * Principal-based grant entries.  Note that the <i>principalClass</i>
 * may be set to the wildcard value, *, which allows it to match
 * any {@code Principal} class.  In addition, the <i>principalName</i>
 * may also be set to the wildcard value, *, allowing it to match
 * any {@code Principal} name.  When setting the <i>principalName</i>
 * to the *, do not surround the * with quotes.
 *
 * <p> A permission entry must begin with the word {@code permission}.
 * The word <i>{@code Type}</i> in the template above is
 * a specific permission type, such as {@code java.io.FilePermission}
 * or {@code java.lang.RuntimePermission}.
 *
 * <p> The "<i>action</i>" is required for
 * many permission types, such as {@code java.io.FilePermission}
 * (where it specifies what type of file access that is permitted).
 * It is not required for categories such as
 * {@code java.lang.RuntimePermission}
 * where it is not necessary - you either have the
 * permission specified by the "<i>{@code name}</i>"
 * value following the type name or you don't.
 *
 * <p> The {@code signedBy} name/value pair for a permission entry
 * is optional. If present, it indicates a signed permission. That is,
 * the permission class itself must be signed by the given alias in
 * order for it to be granted. For example,
 * suppose you have the following grant entry:
 *
 * <pre>
 *   grant principal foo.com.Principal "Duke" {
 *     permission Foo "foobar", signedBy "FooSoft";
 *   }
 * </pre>
 *
 * <p> Then this permission of type <i>Foo</i> is granted if the
 * {@code Foo.class} permission has been signed by the
 * "FooSoft" alias, or if {@code Foo.class} is a
 * system class (i.e., is found on the CLASSPATH).
 *
 * <p> Items that appear in an entry must appear in the specified order
 * ({@code permission}, <i>Type</i>, "<i>name</i>", and
 * "<i>action</i>"). An entry is terminated with a semicolon.
 *
 * <p> Case is unimportant for the identifiers ({@code permission},
 * {@code signedBy}, {@code codeBase}, etc.) but is
 * significant for the <i>Type</i>
 * or for any string that is passed in as a value.
 *
 * <p> An example of two entries in a policy configuration file is
 * <pre>
 *   // if the code is comes from "foo.com" and is running as "Duke",
 *   // grant it read/write to all files in /tmp.
 *
 *   grant codeBase "foo.com", principal foo.com.Principal "Duke" {
 *              permission java.io.FilePermission "/tmp/*", "read,write";
 *   };
 *
 *   // grant any code running as "Duke" permission to read
 *   // the "java.vendor" Property.
 *
 *   grant principal foo.com.Principal "Duke" {
 *         permission java.util.PropertyPermission "java.vendor";
 * </pre>
 *
 * <p> This {@code Policy} implementation supports
 * special handling for PrivateCredentialPermissions.
 * If a grant entry is configured with a
 * {@code PrivateCredentialPermission},
 * and the "Principal Class/Principal Name" for that
 * {@code PrivateCredentialPermission} is "self",
 * then the entry grants the specified {@code Subject} permission to
 * access its own private Credential.  For example,
 * the following grants the {@code Subject} "Duke"
 * access to its own a.b.Credential.
 *
 * <pre>
 *   grant principal foo.com.Principal "Duke" {
 *      permission javax.security.auth.PrivateCredentialPermission
 *              "a.b.Credential self",
 *              "read";
 *    };
 * </pre>
 *
 * The following grants the {@code Subject} "Duke"
 * access to all of its own private Credentials:
 *
 * <pre>
 *   grant principal foo.com.Principal "Duke" {
 *      permission javax.security.auth.PrivateCredentialPermission
 *              "* self",
 *              "read";
 *    };
 * </pre>
 *
 * The following grants all Subjects authenticated as a
 * {@code SolarisPrincipal} (regardless of their respective names)
 * permission to access their own private Credentials:
 *
 * <pre>
 *   grant principal com.sun.security.auth.SolarisPrincipal * {
 *      permission javax.security.auth.PrivateCredentialPermission
 *              "* self",
 *              "read";
 *    };
 * </pre>
 *
 * The following grants all Subjects permission to access their own
 * private Credentials:
 *
 * <pre>
 *   grant principal * * {
 *      permission javax.security.auth.PrivateCredentialPermission
 *              "* self",
 *              "read";
 *    };
 * </pre>

 * @deprecated As of JDK 1.4, replaced by
 *             {@code sun.security.provider.PolicyFile}.
 *             This class is entirely deprecated.
 * This class is subject to removal in a future version of Java SE.
 *
 * @see java.security.CodeSource
 * @see java.security.Permissions
 * @see java.security.ProtectionDomain
 * @see java.security.Security security properties
 */
@Deprecated(since="1.4", forRemoval=true)
public class PolicyFile extends javax.security.auth.Policy {

    private final sun.security.provider.AuthPolicyFile apf;

    /**
     * Initializes the Policy object and reads the default policy
     * configuration file(s) into the Policy object.
     */
    public PolicyFile() {
        apf = new sun.security.provider.AuthPolicyFile();
    }

    /**
     * Refreshes the policy object by re-reading all the policy files.
     *
     * @exception SecurityException if the caller doesn't have permission
     *          to refresh the {@code Policy}.
     */
    @Override
    public void refresh() {
        apf.refresh();
    }

    /**
     * Examines this {@code Policy} and returns the Permissions granted
     * to the specified {@code Subject} and {@code CodeSource}.
     *
     * <p> Permissions for a particular <i>grant</i> entry are returned
     * if the {@code CodeSource} constructed using the codebase and
     * signedby values specified in the entry {@code implies}
     * the {@code CodeSource} provided to this method, and if the
     * {@code Subject} provided to this method contains all of the
     * Principals specified in the entry.
     *
     * <p> The {@code Subject} provided to this method contains all
     * of the Principals specified in the entry if, for each
     * {@code Principal}, "P1", specified in the <i>grant</i> entry
     * one of the following two conditions is met:
     *
     * <ol>
     * <li> the {@code Subject} has a
     *      {@code Principal}, "P2", where
     *      {@code P2.getClass().getName()} equals the
     *      P1's class name, and where
     *      {@code P2.getName()} equals the P1's name.
     *
     * <li> P1 implements
     *      {@code com.sun.security.auth.PrincipalComparator},
     *      and {@code P1.implies} the provided {@code Subject}.
     * </ol>
     *
     * <p> Note that this {@code Policy} implementation has
     * special handling for PrivateCredentialPermissions.
     * When this method encounters a {@code PrivateCredentialPermission}
     * which specifies "self" as the {@code Principal} class and name,
     * it does not add that {@code Permission} to the returned
     * {@code PermissionCollection}.  Instead, it builds
     * a new {@code PrivateCredentialPermission}
     * for each {@code Principal} associated with the provided
     * {@code Subject}.  Each new {@code PrivateCredentialPermission}
     * contains the same Credential class as specified in the
     * originally granted permission, as well as the Class and name
     * for the respective {@code Principal}.
     *
     * @param subject the Permissions granted to this {@code Subject}
     *          and the additionally provided {@code CodeSource}
     *          are returned.
     *
     * @param codesource the Permissions granted to this {@code CodeSource}
     *          and the additionally provided {@code Subject}
     *          are returned.
     *
     * @return the Permissions granted to the provided {@code Subject}
     *          {@code CodeSource}.
     */
    @Override
    public PermissionCollection getPermissions(final Subject subject,
                                               final CodeSource codesource) {
        return apf.getPermissions(subject, codesource);
    }
}