1. /*
  2. * @(#)Policy.java 1.50 04/05/18
  3. *
  4. * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
  5. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
  6. */
  7. package javax.security.auth;
  8. /**
  9. * <p> This is an abstract class for representing the system policy for
  10. * Subject-based authorization. A subclass implementation
  11. * of this class provides a means to specify a Subject-based
  12. * access control <code>Policy</code>.
  13. *
  14. * <p> A <code>Policy</code> object can be queried for the set of
  15. * Permissions granted to code running as a
  16. * <code>Principal</code> in the following manner:
  17. *
  18. * <pre>
  19. * policy = Policy.getPolicy();
  20. * PermissionCollection perms = policy.getPermissions(subject,
  21. * codeSource);
  22. * </pre>
  23. *
  24. * The <code>Policy</code> object consults the local policy and returns
  25. * and appropriate <code>Permissions</code> object with the
  26. * Permissions granted to the Principals associated with the
  27. * provided <i>subject</i>, and granted to the code specified
  28. * by the provided <i>codeSource</i>.
  29. *
  30. * <p> A <code>Policy</code> contains the following information.
  31. * Note that this example only represents the syntax for the default
  32. * <code>Policy</code> implementation. Subclass implementations of this class
  33. * may implement alternative syntaxes and may retrieve the
  34. * <code>Policy</code> from any source such as files, databases,
  35. * or servers.
  36. *
  37. * <p> Each entry in the <code>Policy</code> is represented as
  38. * a <b><i>grant</i></b> entry. Each <b><i>grant</i></b> entry
  39. * specifies a codebase, code signers, and Principals triplet,
  40. * as well as the Permissions granted to that triplet.
  41. *
  42. * <pre>
  43. * grant CodeBase ["URL"], Signedby ["signers"],
  44. * Principal [Principal_Class] "Principal_Name" {
  45. * Permission Permission_Class ["Target_Name"]
  46. * [, "Permission_Actions"]
  47. * [, signedBy "SignerName"];
  48. * };
  49. * </pre>
  50. *
  51. * The CodeBase and Signedby components of the triplet name/value pairs
  52. * are optional. If they are not present, then any any codebase will match,
  53. * and any signer (including unsigned code) will match.
  54. * For Example,
  55. *
  56. * <pre>
  57. * grant CodeBase "foo.com", Signedby "foo",
  58. * Principal com.sun.security.auth.SolarisPrincipal "duke" {
  59. * permission java.io.FilePermission "/home/duke", "read, write";
  60. * };
  61. * </pre>
  62. *
  63. * This <b><i>grant</i></b> entry specifies that code from "foo.com",
  64. * signed by "foo', and running as a <code>SolarisPrincipal</code> with the
  65. * name, duke, has one <code>Permission</code>. This <code>Permission</code>
  66. * permits the executing code to read and write files in the directory,
  67. * "/home/duke".
  68. *
  69. * <p> To "run" as a particular <code>Principal</code>,
  70. * code invokes the <code>Subject.doAs(subject, ...)</code> method.
  71. * After invoking that method, the code runs as all the Principals
  72. * associated with the specified <code>Subject</code>.
  73. * Note that this <code>Policy</code> (and the Permissions
  74. * granted in this <code>Policy</code>) only become effective
  75. * after the call to <code>Subject.doAs</code> has occurred.
  76. *
  77. * <p> Multiple Principals may be listed within one <b><i>grant</i></b> entry.
  78. * All the Principals in the grant entry must be associated with
  79. * the <code>Subject</code> provided to <code>Subject.doAs</code>
  80. * for that <code>Subject</code> to be granted the specified Permissions.
  81. *
  82. * <pre>
  83. * grant Principal com.sun.security.auth.SolarisPrincipal "duke",
  84. * Principal com.sun.security.auth.SolarisNumericUserPrincipal "0" {
  85. * permission java.io.FilePermission "/home/duke", "read, write";
  86. * permission java.net.SocketPermission "duke.com", "connect";
  87. * };
  88. * </pre>
  89. *
  90. * This entry grants any code running as both "duke" and "0"
  91. * permission to read and write files in duke's home directory,
  92. * as well as permission to make socket connections to "duke.com".
  93. *
  94. * <p> Note that non Principal-based grant entries are not permitted
  95. * in this <code>Policy</code>. Therefore, grant entries such as:
  96. *
  97. * <pre>
  98. * grant CodeBase "foo.com", Signedby "foo" {
  99. * permission java.io.FilePermission "/tmp/scratch", "read, write";
  100. * };
  101. * </pre>
  102. *
  103. * are rejected. Such permission must be listed in the
  104. * <code>java.security.Policy</code>.
  105. *
  106. * <p> The default <code>Policy</code> implementation can be changed by
  107. * setting the value of the "auth.policy.provider" security property
  108. * (in the Java security properties file) to the fully qualified name of
  109. * the desired <code>Policy</code> implementation class.
  110. * The Java security properties file is located in the file named
  111. * <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME>
  112. * refers to the directory where the JDK was installed.
  113. *
  114. * @deprecated as of JDK version 1.4 -- Replaced by java.security.Policy.
  115. * java.security.Policy has a method:
  116. * <pre>
  117. * public PermissionCollection getPermissions
  118. * (java.security.ProtectionDomain pd)
  119. *
  120. * </pre>
  121. * and ProtectionDomain has a constructor:
  122. * <pre>
  123. * public ProtectionDomain
  124. * (CodeSource cs,
  125. * PermissionCollection permissions,
  126. * ClassLoader loader,
  127. * Principal[] principals)
  128. * </pre>
  129. *
  130. * These two APIs provide callers the means to query the
  131. * Policy for Principal-based Permission entries.
  132. *
  133. *
  134. * @version 1.50, 05/18/04
  135. */
  136. @Deprecated
  137. public abstract class Policy {
  138. private static Policy policy;
  139. private static ClassLoader contextClassLoader;
  140. static {
  141. contextClassLoader =
  142. (ClassLoader)java.security.AccessController.doPrivileged
  143. (new java.security.PrivilegedAction() {
  144. public Object run() {
  145. return Thread.currentThread().getContextClassLoader();
  146. }
  147. });
  148. };
  149. /**
  150. * Sole constructor. (For invocation by subclass constructors, typically
  151. * implicit.)
  152. */
  153. protected Policy() { }
  154. /**
  155. * Returns the installed Policy object.
  156. * This method first calls
  157. * <code>SecurityManager.checkPermission</code> with the
  158. * <code>AuthPermission("getPolicy")</code> permission
  159. * to ensure the caller has permission to get the Policy object.
  160. *
  161. * <p>
  162. *
  163. * @return the installed Policy. The return value cannot be
  164. * <code>null</code>.
  165. *
  166. * @exception java.lang.SecurityException if the current thread does not
  167. * have permission to get the Policy object.
  168. *
  169. * @see #setPolicy
  170. */
  171. public static Policy getPolicy() {
  172. java.lang.SecurityManager sm = System.getSecurityManager();
  173. if (sm != null) sm.checkPermission(new AuthPermission("getPolicy"));
  174. return getPolicyNoCheck();
  175. }
  176. /**
  177. * Returns the installed Policy object, skipping the security check.
  178. *
  179. * @return the installed Policy.
  180. *
  181. */
  182. static Policy getPolicyNoCheck() {
  183. if (policy == null) {
  184. synchronized(Policy.class) {
  185. if (policy == null) {
  186. String policy_class = null;
  187. policy_class = (String)
  188. java.security.AccessController.doPrivileged
  189. (new java.security.PrivilegedAction() {
  190. public Object run() {
  191. return java.security.Security.getProperty
  192. ("auth.policy.provider");
  193. }
  194. });
  195. if (policy_class == null) {
  196. policy_class = "com.sun.security.auth.PolicyFile";
  197. }
  198. try {
  199. final String finalClass = policy_class;
  200. policy = (Policy)
  201. java.security.AccessController.doPrivileged
  202. (new java.security.PrivilegedExceptionAction() {
  203. public Object run() throws ClassNotFoundException,
  204. InstantiationException,
  205. IllegalAccessException {
  206. return Class.forName
  207. (finalClass,
  208. true,
  209. contextClassLoader).newInstance();
  210. }
  211. });
  212. } catch (Exception e) {
  213. throw new SecurityException
  214. (sun.security.util.ResourcesMgr.getString
  215. ("unable to instantiate Subject-based policy"));
  216. }
  217. }
  218. }
  219. }
  220. return policy;
  221. }
  222. /**
  223. * Sets the system-wide Policy object. This method first calls
  224. * <code>SecurityManager.checkPermission</code> with the
  225. * <code>AuthPermission("setPolicy")</code>
  226. * permission to ensure the caller has permission to set the Policy.
  227. *
  228. * <p>
  229. *
  230. * @param policy the new system Policy object.
  231. *
  232. * @exception java.lang.SecurityException if the current thread does not
  233. * have permission to set the Policy.
  234. *
  235. * @see #getPolicy
  236. */
  237. public static void setPolicy(Policy policy) {
  238. java.lang.SecurityManager sm = System.getSecurityManager();
  239. if (sm != null) sm.checkPermission(new AuthPermission("setPolicy"));
  240. Policy.policy = policy;
  241. }
  242. /**
  243. * Retrieve the Permissions granted to the Principals associated with
  244. * the specified <code>CodeSource</code>.
  245. *
  246. * <p>
  247. *
  248. * @param subject the <code>Subject</code>
  249. * whose associated Principals,
  250. * in conjunction with the provided
  251. * <code>CodeSource</code>, determines the Permissions
  252. * returned by this method. This parameter
  253. * may be <code>null</code>. <p>
  254. *
  255. * @param cs the code specified by its <code>CodeSource</code>
  256. * that determines, in conjunction with the provided
  257. * <code>Subject</code>, the Permissions
  258. * returned by this method. This parameter may be
  259. * <code>null</code>.
  260. *
  261. * @return the Collection of Permissions granted to all the
  262. * <code>Subject</code> and code specified in
  263. * the provided <i>subject</i> and <i>cs</i>
  264. * parameters.
  265. */
  266. public abstract java.security.PermissionCollection getPermissions
  267. (Subject subject,
  268. java.security.CodeSource cs);
  269. /**
  270. * Refresh and reload the Policy.
  271. *
  272. * <p>This method causes this object to refresh/reload its current
  273. * Policy. This is implementation-dependent.
  274. * For example, if the Policy object is stored in
  275. * a file, calling <code>refresh</code> will cause the file to be re-read.
  276. *
  277. * <p>
  278. *
  279. * @exception SecurityException if the caller does not have permission
  280. * to refresh the Policy.
  281. */
  282. public abstract void refresh();
  283. }