org.freshcookies.security.policy
Class LocalPolicy

java.lang.Object
  extended by org.freshcookies.security.policy.LocalPolicy

public class LocalPolicy
extends java.lang.Object

Security policy class that implements a subset of Policy methods, using a standard Java 2 security policy file as input. This class is ideally suited for "local authorization" cases where consultation of a global JVM policy is not necessary or desired, but where polices are expressed in the standard policy file grammar. This class differs from standard Policy implementations in that it does not extend the Policy superclass, and it implements only two of its methods: implies(ProtectionDomain, Permission) and refresh(). Because LocalPolicy does not extend Policy, it cannot be installed as a system-wide security policy (which is probably a good thing, because it is not optimized as expertly as Sun's standard PolicyFile implementation).

The constructor of this class accepts a File from which the policy is parsed and read using the PolicyReader class. The policy is static and is derived only from the content of the file. If the policy file changes in the file system, callers may reload it by calling refresh().

This class is not thread-safe. It requires the same permissions to run as the underlying PolicyReader used to parse the policy file. (See PolicyReader for more details.

See Also:
PolicyReader

Nested Class Summary
static class LocalPolicy.AnyPrincipal
          Principal class that represents a non-class-specific Principal in a policy file grant block.
static class LocalPolicy.LocalProtectionDomain
          Lightweight re-implementation of ProtectionDomain that does not allow subsequent modifications to Permissions.
 
Constructor Summary
LocalPolicy(java.io.File file)
          Constructs a new instance of a LocalPolicy object, whose policy rules are parsed from a supplied File using the standard Java platform encoding.
LocalPolicy(java.io.File file, java.lang.String encoding)
          Constructs a new instance of a LocalPolicy object, whose policy rules are parsed from a supplied File using the standard Java platform encoding.
 
Method Summary
 boolean implies(java.security.ProtectionDomain domain, java.security.Permission permission)
          Returns true if the security policy grants a particular Permission to a ProtectionDomain whose code source, certificates and classloader match the one supplied as a parameter.
 void refresh()
           Reloads the policy from the filesystem.
protected  boolean samePrincipals(java.security.Principal[] p1, java.security.Principal[] p2)
          Determines whether two Principal arrays contain the same items, which may appear in any order
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

LocalPolicy

public LocalPolicy(java.io.File file)
Constructs a new instance of a LocalPolicy object, whose policy rules are parsed from a supplied File using the standard Java platform encoding. The policy file's contents and structure are expected to be identical to those used in the J2SE default policy file implementation.

Parameters:
file - the file supplying the security policy

LocalPolicy

public LocalPolicy(java.io.File file,
                   java.lang.String encoding)
Constructs a new instance of a LocalPolicy object, whose policy rules are parsed from a supplied File using the standard Java platform encoding. The policy file's contents and structure are expected to be identical to those used in the J2SE default policy file implementation.

Parameters:
file - the file supplying the security policy
encoding - the charset name, such as UTF-8 or ISO-8859-1
Method Detail

implies

public boolean implies(java.security.ProtectionDomain domain,
                       java.security.Permission permission)
Returns true if the security policy grants a particular Permission to a ProtectionDomain whose code source, certificates and classloader match the one supplied as a parameter. This method contains the exact same method signature as Policy.implies(ProtectionDomain, Permission) but differs in a key respect: Permissions for the supplied ProtectionDomain are looked up based on its CodeSource, ClassLoader and Principals, rather than looking for one that is logically equal to it.

Parameters:
domain - the protection domain
permission - the permission to check for
Returns:
true if the permission was granted, false if not
Throws:
java.lang.IllegalStateException - if the policy needed refreshing but could not be refreshed

refresh

public void refresh()
             throws PolicyException

Reloads the policy from the filesystem. This method contains the exact same method signature as Policy.refresh() and is functionally equivalent. If the policy does not parse correctly, it will print any errors to standard out and throw an IllegalStateException. This method does not itself require security permissions to run, although the underlying PolicyReader used to parse the policy file does. (See PolicyReader.read() for more details.

Throws:
PolicyException - if the policy could not be refreshed or parsed

samePrincipals

protected boolean samePrincipals(java.security.Principal[] p1,
                                 java.security.Principal[] p2)
Determines whether two Principal arrays contain the same items, which may appear in any order

Parameters:
p1 - the first array
p2 - the second array
Returns:
true if every item in the first array is equal to one other item in the second array; false otherwise