public class ConcurrentPolicyFile extends Policy implements ScalableNestedPolicy
Concurrent Policy implementation based on policy configuration URL's, it is intended to provide concurrent implies() for greatly improved throughput. Caching limits scalability and consumes shared memory, so no cache exists.
By default all River Policy implementations now utilise ConcurrentPolicyFile.
The default PolicyParser implementation recognises text files, consisting of clauses with the following syntax:keystore "some_keystore_url" [, "keystore_type"];
grant [SignedBy "signer_names"] [, CodeBase "URL"] [, Principal [principal_class_name] "principal_name"] [, Principal [principal_class_name] "principal_name"] ... { permission permission_class_name [ "target_name" ] [, "action"] [, SignedBy "signer_names"]; permission ... };The keystore clause specifies reference to a keystore, which is a database of private keys and their associated digital certificates. The keystore is used to look up the certificates of signers specified in the grant entries of the file. The policy file can contain any number of keystore entries which can appear at any ordinal position. However, only the first successfully loaded keystore is used, others are ignored. The keystore must be specified if some grant clause refers to a certificate's alias.
javax.security.auth.x500.X500Principal " DN "
string, where DN is a certificate's subject distinguished name.
AllPermission
, the domains to which a DENY clause
would apply will be a less privileged domain. For example a user could be
granted SocketPermission("*", "connect"), while a DENY clause might
list specific SocketPermission domains that are disallowed, where a DENY
clause has precedence over all GRANT clause Permissions except for AllPermission.
Policy.Parameters
UNSUPPORTED_EMPTY_COLLECTION
Modifier | Constructor and Description |
---|---|
|
ConcurrentPolicyFile()
Default constructor, equivalent to
ConcurrentPolicyFile(new DefaultPolicyParser()) . |
protected |
ConcurrentPolicyFile(PolicyParser dpr,
Comparator<Permission> comp) |
Modifier and Type | Method and Description |
---|---|
List<PermissionGrant> |
getPermissionGrants(ProtectionDomain pd)
Returns a new List containing immutable PermissionGrant's, the
List returned is not synchronised and must not be shared with policy
internal state.
|
PermissionCollection |
getPermissions(CodeSource cs)
This returns a java.security.Permissions collection, which allows
ProtectionDomain to optimise for the AllPermission case, which avoids
unnecessarily consulting the policy.
|
PermissionCollection |
getPermissions(ProtectionDomain pd)
Returns collection of permissions allowed for the domain
according to the policy.
|
boolean |
implies(ProtectionDomain domain,
Permission permission) |
void |
refresh()
Gets fresh list of locations and tries to load all of them in sequence;
failed loads are ignored.
|
getInstance, getInstance, getInstance, getParameters, getPolicy, getProvider, getType, setPolicy
public ConcurrentPolicyFile() throws PolicyInitializationException
ConcurrentPolicyFile(new DefaultPolicyParser())
.PolicyInitializationException
- in instantiation unsuccessfulprotected ConcurrentPolicyFile(PolicyParser dpr, Comparator<Permission> comp) throws PolicyInitializationException
PolicyInitializationException
public PermissionCollection getPermissions(ProtectionDomain pd)
null
if the domain is null
.
Each PermissionCollection returned is a unique instance.getPermissions
in class Policy
pd
- ProtectionDomainProtectionDomain
public PermissionCollection getPermissions(CodeSource cs)
getPermissions
in class Policy
cs
- CodeSourceCodeSource
public boolean implies(ProtectionDomain domain, Permission permission)
public void refresh()
public List<PermissionGrant> getPermissionGrants(ProtectionDomain pd)
ScalableNestedPolicy
getPermissionGrants
in interface ScalableNestedPolicy
pd
- ProtectionDomain grants apply toCopyright 2007-2013, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.