org.apache.river.api.security

Class AbstractPolicy

java.lang.Object

java.security.Policy

org.apache.river.api.security.AbstractPolicy

Direct Known Subclasses:

DynamicPolicyProvider, PolicyFileProvider, RemotePolicyProvider

public abstract class AbstractPolicy
extends Policy

A common superclass with utility methods for policy providers.

Since:

3.0.0

Author:

Peter Firmstone.

Nested Class Summary

Nested classes/interfaces inherited from class java.security.Policy

Policy.Parameters

Field Summary

Fields

Modifier and Type	Field and Description
protected Permission	ALL_PERMISSION
protected Comparator<Permission>	comparator
protected Permission	umbrella

Fields inherited from class java.security.Policy

UNSUPPORTED_EMPTY_COLLECTION

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	AbstractPolicy()

Method Summary

Modifier and Type	Method and Description
protected void	checkCallerHasGrants(Collection<PermissionGrant> grants) This method checks that the PermissionGrant's are authorised to be granted by it's caller, if it Fails, it will throw a SecurityException or AccessControlException.
protected void	checkNullElements(Object[] array) Checks array for null elements
protected PermissionCollection	convert(NavigableSet<Permission> permissions, int initialCapacity, float loadFactor, int concurrencyLevel, int unresolvedCapacity) Creates an optimised PermissionCollection, firstly all permissions should be sorted using PermissionComparator, this ensures that any SocketPermission will be ordered to avoid reverse DNS calls if possible.
protected void	expandUmbrella(PermissionCollection pc) River-26 Mark Brouwer suggested making UmbrellaPermission's expandable from Dynamic Grants.
protected PermissionGrant	extractGrantFromPolicy(Policy p, ProtectionDomain domain)
protected void	processGrants(Collection<PermissionGrant> grant, Class permClass, boolean stopIfAll, NavigableSet<Permission> setToAddPerms) Adds Permission objects contained in PermissionGrant's to a NavigableSet that is sorted using a PermissionComparator.

Methods inherited from class java.security.Policy

getInstance, getInstance, getInstance, getParameters, getPermissions, getPermissions, getPolicy, getProvider, getType, implies, refresh, setPolicy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

umbrella

protected final Permission umbrella

ALL_PERMISSION

protected final Permission ALL_PERMISSION

comparator

protected final Comparator<Permission> comparator

Constructor Detail

AbstractPolicy

protected AbstractPolicy()

Method Detail

checkCallerHasGrants

protected final void checkCallerHasGrants(Collection<PermissionGrant> grants)
                                   throws SecurityException

This method checks that the PermissionGrant's are authorised to be granted by it's caller, if it Fails, it will throw a SecurityException or AccessControlException. The PermissionGrant should not be requested for it's Permissions again, since doing so would risk an escalation of privilege attack if the PermissionGrant implementation was mutable.

Parameters:

grants - to check

Throws:

SecurityException

checkNullElements

protected final void checkNullElements(Object[] array)
                                throws NullPointerException

Checks array for null elements

Parameters:

array - to check for null elements.

Throws:

NullPointerException - if array contains null elements or array is null.

convert

protected final PermissionCollection convert(NavigableSet<Permission> permissions,
                                             int initialCapacity,
                                             float loadFactor,
                                             int concurrencyLevel,
                                             int unresolvedCapacity)
                                      throws IllegalArgumentException

Creates an optimised PermissionCollection, firstly all permissions should be sorted using PermissionComparator, this ensures that any SocketPermission will be ordered to avoid reverse DNS calls if possible. Other parameters enable the underlying ConcurrentHashMap to be optimised, these parameters use identical names.

Parameters:

permissions - to be optimized

initialCapacity - see ConcurrentHashMap

loadFactor - see ConcurrentHashMap

concurrencyLevel - see ConcurrentHashMap

unresolvedCapacity - Capacity of Map used to store UnresolvedPermission instances

Returns:

PermissionCollection

Throws:

IllegalArgumentException - if the initial capacity is negative or the load factor or concurrencyLevel are nonpositive.

expandUmbrella

protected final void expandUmbrella(PermissionCollection pc)

River-26 Mark Brouwer suggested making UmbrellaPermission's expandable from Dynamic Grants.

Parameters:

pc - PermissionCollection containing UmbrellaPermission's to be expanded.

processGrants

protected final void processGrants(Collection<PermissionGrant> grant,
                                   Class permClass,
                                   boolean stopIfAll,
                                   NavigableSet<Permission> setToAddPerms)

Adds Permission objects contained in PermissionGrant's to a NavigableSet that is sorted using a PermissionComparator. This method doesn't perform any checks on the conditions of the PermissionGrant's, it simply collects their Permission objects.

Parameters:

grant - array of PermissionGrants.

permClass - optionally only add Permission objects that use this class or UnresolvedPermission.

stopIfAll - if true returns immediately when AllPermission is found.

setToAddPerms - Permission objects extracted from grant will be added to this set.

extractGrantFromPolicy

protected PermissionGrant extractGrantFromPolicy(Policy p,
                                                 ProtectionDomain domain)