Package org.apache.river.api.security

This package contains a scalable cache based security manager that parallelises domain security checks.

See: Description

Interface Summary

Interface	Description
AdvisoryDynamicPermissions	Jar files that include a META-INF/PERMISSIONS.LIST file, allow a ProxyPreparer to grant these permissions dynamically.
CachingSecurityManager	A CachingSecurityManager caches the result of check permission calls for AccessControlContexts.
PolicyParser	Parser of policy syntax.
RemotePolicy	RemotePolicy is a service api that can be implemented by a distributed Policy service, allowing local Policy providers to be updated remotely by a djinn group administrator.
RevocablePolicy	RevocablePolicy, is a Java Security Policy Provider that supports Runtime Dynamic addition and removal of PermissionGrant's Warning: Not all Permission's are truly revocable, while any Permission can be dynamically added and later removed from this policy, many JVM Permission implementations are used in ways that allow references to escape To quote Tim Blackman, from river-dev: I remember talking with Bob and Mike Warres about this.
ScalableNestedPolicy	Policy providers can implement this interface to provide nested policies a common interface to allow delayed creation of PermissionCollection instances until all after all Permission objects are collected, allowing the implementer to add Permission objects to a PermissionCollection in an order that avoids unnecessary reverse DNS calls for example.
SubjectDomain	A Marker interface used by net.jini.security.Security to mark a ProtectionDomain added to the stack that represents an authenticated Subject with Principal's.

Class Summary

Class	Description
AbstractPolicy	A common superclass with utility methods for policy providers.
AdvisoryPermissionParser	Utility class to make working with PERMISSIONS.LIST files easier.
CombinerSecurityManager	CombinerSecurityManager, is intended to be a highly scalable SecurityManager implementation that caches the results of security checks for each context, which may be an instance of SecurityContext or AccessControlContext.
ConcurrentPolicyFile	Concurrent Policy implementation based on policy configuration URL's, it is intended to provide concurrent implies() for greatly improved throughput.
DefaultPolicyParser	This is a basic loader of policy files.
DelegatePermission	Permissions such as SocketPermission or FilePermission guard a resource but allow that resource to escape the control of the SecurityManager and Policy provider, this prevents them from being revoked.
DelegateSecurityManager	The DelegateSecurityManager is designed to enable the use of Delegate decorators to encapsulate security sensitive objects using Li Gong's method guard pattern.
PermissionComparator	A Comparator for Permission that avoids using equals and hashCode() on Permission implementations.
PermissionGrant	PermissionGrant implementations are expected to be immutable, non blocking, thread safe and have a good hashCode implementation to perform well in Collections.
PermissionGrantBuilder	The PermissionGrantBuilder creates Dynamic PermissionGrant's based on information provided by the user.
PolicyPermission	A "remote" or "REMOTE" PolicyPermission is allows updating a RemotePolicy
RemotePolicyProvider	An implementation of RemotePolicy.

Package org.apache.river.api.security Description

This package contains a scalable cache based security manager that parallelises domain security checks. Also included is a concurrent policy file provider to replace Java's standard offering, this policy provider is in theory much faster after policy file parsing is complete, it uses an immutable data structure that supports highly scalable concurrent access and does not require further disk access and minimises network and DNS requirements.

Disk access of policy files is performed serially.

Since:

3.3.0