Main Page | Packages | Class Hierarchy | Class List | Directories | Class Members | Related Pages Class Reference

Inheritance diagram for List of all members.

Public Member Functions

void refresh ()
PermissionCollection getPermissions (Subject subject, CodeSource codeSource)

Detailed Description

This sample policy class extends the JAAS policy concept by introducing ownership and relationship to a class instance. JAAS extends the core Java security by controlling permissions based on a Subject (user executing the code). This class extends this further by controlling permissions based on a class instance owner and relationship.

For example, all users are allowed to create an Action.class instance but users can only modify the Auction.class instance they created (the instance owned by the individual user). Further more, another user comes along a creates a Bid.class instance corresponding to a particular Auction.class instance. Using this policy class the Bid.class can be designed to allow the the owner of the Auction.class instance to modify certain attributes on the corresponding Bid.class instance by using a special relationship. The attribute could be the accepted or rejected flag.

For simplicity this class uses an xml policy file and uses XPATH to search for data. In a real application this class can be designed to retrieve data from a relational database.

A policy is defined as follows:
The [permission], [subject], and the optional [relationship] are defined in the policy file.

The policy file uses the format defined in the following example:

 <?xml version="1.0"?>
    <grant codebase="file:/D:/sample_actions.jar">
       <principal classname="" 
="" name="usersGroup">
In the example policy file above, any user with the usersGroup principal can create a Action.class instance. Any user can read its attributes but only the user that created the instance can update (write) it. The same holds true for the Bid.class instances except that the owner of of the corresponding Auction.class instance can change the bid acception flag.

The classes that need this type of protection need to implement the Resource interface. The getOwner() method returns the owner of the class instance. The fulfills(Subject subject, String relationShip) method is used by the ResourcePermission class for dealing with special relationships. The bulk of the work is performed by the implies(Permission p) method of the ResourcePermission class. This class understands the owner relationship. Any other relationship is delegated to the fulfills() method of the resource being protected.

To protect a method of a class a ResourcePermission is passed to the AccessController (Core Java security class). For example, the Auction class listed in the above policy file has the following constructor: public Auction() { Permission permission = new DefaultResourceActionPermission( "", "create"); AccessController.checkPermission(permission); } Since only the owner of an Auction instance can write to it, the setter methods of the class look like the following: public void setName(String name) { Permission permission = new DefaultResourceActionPermission( "", "write", this); AccessController.checkPermission(permission); = name; } The this reference passed in to the ResourcePermission constructor represents the Resource interface that the Auction class implements. Since the relationship listed in the policy file is owner, the ResourcePermission uses this reference to check if the current Subject (user) has a principal that matches the owner of the instance. If another relationship is specified then the ResourcePermission calls the Auction class fulfills(Subject subject, String relationship) method. It is up to the Resource implementing class to provide this logic. For example, the Bid class listed in the policy file has the following methods: public void setAccepted(boolean flag) { Permission permission = new DefaultResourceActionPermission( "", "accept", this); AccessController.checkPermission(permission); }

public boolean fulfills(Subject user, String relationship) { if(relationship.equalsIgnoreCase("auctionOwner")) { String owner = auction.getOwner(); Iterator principalIterator = user.getPrincipals().iterator(); while (principalIterator.hasNext()) { Principal principal = (Principal); if(principal.getName().equals(owner)) return true; } } return false; } The relationship String passed in to the fulfills() method is the relationship listed in the policy file. In this case, the "auctionOwner" String is used.

By defualt, this class looks for an XML file named ResourcePolicy.xml in the current directory. The system property,, may be used to specify another file.

zhao lei
Modification History:
 --- ---------- ----- -------------- -----------------------------
 001 2005/12/03          zhao lei       INIT

Member Function Documentation

PermissionCollection Subject  subject,
CodeSource  codeSource

Retrieve the Permissions granted to the Principals of the specified Subject associated with the specified CodeSource.

subject the Subject whose associated Principals and the specified CodeSource is used to determine permissions returned by this method.
codeSource the location specified by this CodeSource and the Principals associated with the specified Subject is used to determine the permissions returned by this method. This parameter may be null.
the Collection of Permissions granted to the Subject and CodeSource location specified in the provided subject and codeSource parameters.

void  ) 

Creates a DOM tree document from the default XML file or from the file specified by the system property, This DOM tree document is then used by the getPermissions() in searching for permissions.

See also:

The documentation for this class was generated from the following file:
Generated on Sat Jan 14 02:04:31 2006 for Colimas by  doxygen 1.4.4