oracle.security.jazn.policy
Interface JAZNPolicy

All Known Subinterfaces:

GlobalPolicy, RealmPolicy

public interface JAZNPolicy

An Policy object represents the repository of authorization policies.

To be more precise, the policy deals with the assignment of permissions or privileges to grantees (which can be users or roles or any valid Grantee).

Granting/Revoking Policies

In order for a grant/revocation to succeed, the grantor/revoker (represented by the current Subject) must have the relevant permissions granted to him/her.

Policy Snapshot

In general the methods that return a list or set represents a snapshot of the policy store at the time of query. If the policy store is further modified, the returned set of permissions/roles may no longer be valid.

Policy Cache

In general the Policy implementation should cache the policy information, so that repeated calls using the same parameters do not result in repeated network roundtrips to the backing store.

This interface also defines methods that change the persistent state of the policy store (e.g. grant/revokeXXX methods). The implementation should take care to ensure that whenever a grant/revoke is effected the relevant cache entries are invalidated.

Method Summary

Type	Method
PermissionCollection	getPermissions(CodeSource codesource) Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for code from the specified code source.
PermissionCollection	getPermissions(Grantee grantee, Class perm_cls) Lists all permissions of the specified Class granted to this grantee.
PermissionCollection	getPermissions(javax.security.auth.Subject subject, CodeSource cs) Retrieve the Permissions granted to the Principals associated with the specified CodeSource.
void	grant(Grantee grantee, Permission perm) Grants a permission to the specified grantee, optionally with admin option.
boolean	hasPermission(Grantee grantee, Permission perm) Returns true if the grantee in question can assume the specified permission.
void	refresh() Refresh and reload the Policy
void	revoke(Grantee grantee, Permission perm) Revokes the permission from the specified grantee

Method Detail

grant

public void grant(Grantee grantee,
                  Permission perm)
           throws JAZNException

Grants a permission to the specified grantee, optionally with admin option.

Parameters:

grantee - the grantee to be granted the specified permission

perm - the permission to be granted

Throws:

JAZNException - if a JAZN exception is encountered.

SecurityException - if the caller does not have the permission to invoke this method

revoke

public void revoke(Grantee grantee,
                   Permission perm)
            throws JAZNException

Revokes the permission from the specified grantee

Parameters:

grantee - the specified grantee

perm - the specified permission to be revoked

Throws:

JAZNException - if a JAZN exception is encountered.

SecurityException - if the caller does not have the permission to invoke this method

getPermissions

public PermissionCollection getPermissions(Grantee grantee,
                                           Class perm_cls)
                                    throws JAZNException

Lists all permissions of the specified Class granted to this grantee.

Parameters:

grantee - the grantee in question

perm_cls - the permission Class of which the returning permissions will be instances of

Returns:

permissions of the specified class granted to the specified grantee

Throws:

SecurityException - if the caller does not have the permission required to invoke this method.

hasPermission

public boolean hasPermission(Grantee grantee,
                             Permission perm)
                      throws JAZNException

Returns true if the grantee in question can assume the specified permission.

Parameters:

grantee - the grantee in question

perm - the specified permission

Returns:

true if the grantee in question can assume the specified permission.

Throws:

SecurityException - if the caller does not have the permission required to invoke this method.

getPermissions

public PermissionCollection getPermissions(javax.security.auth.Subject subject,
                                           CodeSource cs)

Retrieve the Permissions granted to the Principals associated with the specified CodeSource.

Parameters:

subject - the Subject whose associated Principals, in conjunction with the provided CodeSource, determines the Permissions returned by this method. This parameter may be null.

cs - the code specified by its CodeSource that determines, in conjunction with the provided Subject, the Permissions returned by this method. This parameter may be null.

Returns:

the Collection of Permissions granted to all the Subject and code specified in the provided subject and cs parameters.

See Also:

javax.security.auth.Policy

getPermissions

public PermissionCollection getPermissions(CodeSource codesource)

Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed for code from the specified code source.

Parameters:

codesource - the CodeSource associated with the caller. This encapsulates the original location of the code (where the code came from) and the public key(s) of its signer.

Returns:

the set of permissions allowed for code from codesource according to the policy.

Throws:

SecurityException - if the current thread does not have permission to call getPermissions on the policy object.

See Also:

java.security.Policy

refresh

public void refresh()

Refresh and reload the Policy

Throws:

SecurityException - if the caller does not have permission to refresh the Policy.

See Also:

java.security.Policy