Examples of PermissionCollection

java.security.PermissionCollection
Abstract class representing a collection of Permission objects.
With a PermissionCollection, you can:
- add a permission to the collection using the add method.
- check to see if a particular permission is implied in the collection, using the implies method.
- enumerate all the permissions, using the elements method.
When it is desirable to group together a number of Permission objects of the same type, the newPermissionCollection method on that particular type of Permission object should first be called. The default behavior (from the Permission class) is to simply return null. Subclasses of class Permission override the method if they need to store their permissions in a particular PermissionCollection object in order to provide the correct semantics when the PermissionCollection.implies method is called. If a non-null value is returned, that PermissionCollection must be used. If null is returned, then the caller of newPermissionCollection is free to store permissions of the given type in any PermissionCollection they choose (one that uses a Hashtable, one that uses a Vector, etc).
The PermissionCollection returned by the Permission.newPermissionCollection method is a homogeneous collection, which stores only Permission objects for a given Permission type. A PermissionCollection may also be heterogeneous. For example, Permissions is a PermissionCollection subclass that represents a collection of PermissionCollections. That is, its members are each a homogeneous PermissionCollection. For example, a Permissions object might have a FilePermissionCollection for all the FilePermission objects, a SocketPermissionCollection for all the SocketPermission objects, and so on. Its add method adds a permission to the appropriate collection.
Whenever a permission is added to a heterogeneous PermissionCollection such as Permissions, and the PermissionCollection doesn't yet contain a PermissionCollection of the specified permission's type, the PermissionCollection should call the newPermissionCollection method on the permission's class to see if it requires a special PermissionCollection. If newPermissionCollection returns null, the PermissionCollection is free to store the permission in any type of PermissionCollection it desires (one using a Hashtable, one using a Vector, etc.). For example, the Permissions object uses a default PermissionCollection implementation that stores the permission objects in a Hashtable.
Subclass implementations of PermissionCollection should assume that they may be called simultaneously from multiple threads, and therefore should be synchronized properly. Furthermore, Enumerations returned via the elements method are not fail-fast. Modifications to a collection should not be performed while enumerating over that collection. @see Permission @see Permissions @version 1.36 05/11/17 @author Roland Schemers

Examples of java.security.PermissionCollection

     * @return PermissionCollection for CodeSource
     */
    protected PermissionCollection getPermissions(CodeSource codeSource) {


        String codeUrl = codeSource.getLocation().toString();
        PermissionCollection pc;
        if ((pc = (PermissionCollection)loaderPC.get(codeUrl)) == null) {
            pc = super.getPermissions(codeSource);
            if (pc != null) {
                Iterator perms = permissionList.iterator();
                while (perms.hasNext()) {
                    Permission p = (Permission)perms.next();
                    pc.add(p);
                }
                loaderPC.put(codeUrl,pc);
            }
        }
        return (pc);

View Full Code Here

Examples of java.security.PermissionCollection

     * @return PermissionCollection for CodeSource
     */
    protected PermissionCollection getPermissions(CodeSource codeSource) {


        String codeUrl = codeSource.getLocation().toString();
        PermissionCollection pc;
        if ((pc = (PermissionCollection)loaderPC.get(codeUrl)) == null) {
            pc = super.getPermissions(codeSource);
            if (pc != null) {
                Iterator perms = permissionList.iterator();
                while (perms.hasNext()) {
                    Permission p = (Permission)perms.next();
                    pc.add(p);
                }
                loaderPC.put(codeUrl,pc);
            }
        }
        return (pc);

View Full Code Here

Examples of java.security.PermissionCollection

        return policyContext;
    }


    private void addDeclaredEjbPermissions(EjbJarInfo ejbJar, EnterpriseBeanInfo beanInfo, String defaultRole, Permissions notAssigned, PolicyContext policyContext) throws OpenEJBException {


        PermissionCollection uncheckedPermissions = policyContext.getUncheckedPermissions();
        PermissionCollection excludedPermissions = policyContext.getExcludedPermissions();
        Map<String, PermissionCollection> rolePermissions = policyContext.getRolePermissions();


        String ejbName = beanInfo.ejbName;


        //this can occur in an ear when one ejb module has security and one doesn't.  In this case we still need
        //to make the non-secure one completely unchecked.
        /**
         * JACC v1.0 section 3.1.5.1
         */
        for (MethodPermissionInfo methodPermission : ejbJar.methodPermissions) {
            List<String> roleNames = methodPermission.roleNames;
            boolean unchecked = methodPermission.unchecked;
            boolean excluded = methodPermission.excluded;


            for (MethodInfo method : methodPermission.methods) {


                if (!ejbName.equals(method.ejbName)) {
                    continue;
                }


                // method name
                String methodName = method.methodName;
                if ("*".equals(methodName)) {
                    // jacc uses null instead of *
                    methodName = null;
                }


                // method interface
                String methodIntf = method.methodIntf;


                // method parameters
                String[] methodParams;
                if (method.methodParams != null) {
                    List<String> paramList = method.methodParams;
                    methodParams = paramList.toArray(new String[paramList.size()]);
                } else {
                    methodParams = null;
                }


                // create the permission object
                EJBMethodPermission permission = new EJBMethodPermission(ejbName, methodName, methodIntf, methodParams);
                notAssigned = cullPermissions(notAssigned, permission);


                // if this is unchecked, mark it as unchecked; otherwise assign the roles
                if (unchecked) {
                    uncheckedPermissions.add(permission);
                } else if (excluded) {
                    /**
                     * JACC v1.0 section 3.1.5.2
                     */
                    excludedPermissions.add(permission);
                } else {
                    for (String roleName : roleNames) {
                        Permissions permissions = (Permissions) rolePermissions.get(roleName);
                        if (permissions == null) {
                            permissions = new Permissions();
                            rolePermissions.put(roleName, permissions);
                        }
                        permissions.add(permission);
                    }
                }
            }


        }


        /**
         * JACC v1.0 section 3.1.5.3
         */
        for (SecurityRoleReferenceInfo securityRoleRef : beanInfo.securityRoleReferences) {


            if (securityRoleRef.roleLink == null) {
                throw new OpenEJBException("Missing role-link");
            }


            String roleLink = securityRoleRef.roleLink;


            PermissionCollection roleLinks = (PermissionCollection) rolePermissions.get(roleLink);
            if (roleLinks == null) {
                roleLinks = new Permissions();
                rolePermissions.put(roleLink, roleLinks);


            }
            roleLinks.add(new EJBRoleRefPermission(ejbName, securityRoleRef.roleName));
        }


        /**
         * EJB v2.1 section 21.3.2
         * <p/>
         * It is possible that some methods are not assigned to any security
         * roles nor contained in the <code>exclude-list</code> element. In
         * this case, it is the responsibility of the Deployer to assign method
         * permissions for all of the unspecified methods, either by assigning
         * them to security roles, or by marking them as <code>unchecked</code>.
         */
        PermissionCollection permissions;
        if (defaultRole == null) {
            permissions = uncheckedPermissions;
        } else {
            permissions = (PermissionCollection) rolePermissions.get(defaultRole);
            if (permissions == null) {
                permissions = new Permissions();
                rolePermissions.put(defaultRole, permissions);
            }
        }


        Enumeration e = notAssigned.elements();
        while (e.hasMoreElements()) {
            Permission p = (Permission) e.nextElement();
            permissions.add(p);
        }


    }

View Full Code Here

Examples of java.security.PermissionCollection

     * @return PermissionCollection for CodeSource
     */
    protected PermissionCollection getPermissions(CodeSource codeSource) {


        String codeUrl = codeSource.getLocation().toString();
        PermissionCollection pc;
        if ((pc = (PermissionCollection)loaderPC.get(codeUrl)) == null) {
            pc = super.getPermissions(codeSource);
            if (pc != null) {
                Iterator perms = permissionList.iterator();
                while (perms.hasNext()) {
                    Permission p = (Permission)perms.next();
                    pc.add(p);
                }
                loaderPC.put(codeUrl,pc);
            }
        }
        return (pc);

View Full Code Here

Examples of java.security.PermissionCollection


        RoleResolver roleResolver = SystemInstance.get().getComponent(RoleResolver.class);
        Set<String> roles = roleResolver.getLogicalRoles(principals, rolePermissionsMap.keySet());


        for (String role : roles) {
            PermissionCollection permissions = rolePermissionsMap.get(role);


            if (permissions != null && permissions.implies(permission)) return true;
        }


        return false;
    }

View Full Code Here

Examples of java.security.PermissionCollection

    }


    public void addToRole(String roleName, Permission permission) throws PolicyContextException {
        if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");


        PermissionCollection permissions = rolePermissionsMap.get(roleName);
        if (permissions == null) {
            permissions = new DelegatePermissionCollection();
            rolePermissionsMap.put(roleName, permissions);
        }
        permissions.add(permission);
    }

View Full Code Here

Examples of java.security.PermissionCollection

        PolicyContext policyContext = new PolicyContext(ejbJar.moduleUri.toString());


        for (EnterpriseBeanInfo enterpriseBean : ejbJar.enterpriseBeans) {
            BeanContext beanContext = deployments.get(enterpriseBean.ejbDeploymentId);


            PermissionCollection permissions = DelegatePermissionCollection.getPermissionCollection();


            String ejbName = enterpriseBean.ejbName;


            for (InterfaceType type : InterfaceType.values()) {
                if (type == InterfaceType.UNKNOWN) continue;

View Full Code Here

Examples of java.security.PermissionCollection

        return policyContext;
    }


    private void addDeclaredEjbPermissions(EjbJarInfo ejbJar, EnterpriseBeanInfo beanInfo, String defaultRole, PermissionCollection notAssigned, PolicyContext policyContext) throws OpenEJBException {


        PermissionCollection uncheckedPermissions = policyContext.getUncheckedPermissions();
        PermissionCollection excludedPermissions = policyContext.getExcludedPermissions();
        Map<String, PermissionCollection> rolePermissions = policyContext.getRolePermissions();


        String ejbName = beanInfo.ejbName;


        //this can occur in an ear when one ejb module has security and one doesn't.  In this case we still need
        //to make the non-secure one completely unchecked.
        /**
         * JACC v1.0 section 3.1.5.1
         */
        for (MethodPermissionInfo methodPermission : ejbJar.methodPermissions) {
            List<String> roleNames = methodPermission.roleNames;
            boolean unchecked = methodPermission.unchecked;
            boolean excluded = methodPermission.excluded;


            for (MethodInfo method : methodPermission.methods) {


                if (!ejbName.equals(method.ejbName)) {
                    continue;
                }


                // method name
                String methodName = method.methodName;
                if ("*".equals(methodName)) {
                    // jacc uses null instead of *
                    methodName = null;
                }


                // method interface
                String methodIntf = method.methodIntf;


                // method parameters
                String[] methodParams;
                if (method.methodParams != null) {
                    List<String> paramList = method.methodParams;
                    methodParams = paramList.toArray(new String[paramList.size()]);
                } else {
                    methodParams = null;
                }


                // create the permission object
                EJBMethodPermission permission = new EJBMethodPermission(ejbName, methodName, methodIntf, methodParams);
                notAssigned = cullPermissions(notAssigned, permission);


                // if this is unchecked, mark it as unchecked; otherwise assign the roles
                if (unchecked) {
                    uncheckedPermissions.add(permission);
                } else if (excluded) {
                    /**
                     * JACC v1.0 section 3.1.5.2
                     */
                    excludedPermissions.add(permission);
                } else {
                    for (String roleName : roleNames) {
                        PermissionCollection permissions = rolePermissions.get(roleName);
                        if (permissions == null) {
                            permissions = DelegatePermissionCollection.getPermissionCollection();
                            rolePermissions.put(roleName, permissions);
                        }
                        permissions.add(permission);
                    }
                }
            }


        }


        /**
         * JACC v1.0 section 3.1.5.3
         */
        for (SecurityRoleReferenceInfo securityRoleRef : beanInfo.securityRoleReferences) {


            if (securityRoleRef.roleLink == null) {
                throw new OpenEJBException("Missing role-link");
            }


            String roleLink = securityRoleRef.roleLink;


            PermissionCollection roleLinks = rolePermissions.get(roleLink);
            if (roleLinks == null) {
                roleLinks = DelegatePermissionCollection.getPermissionCollection();
                rolePermissions.put(roleLink, roleLinks);


            }
            roleLinks.add(new EJBRoleRefPermission(ejbName, securityRoleRef.roleName));
        }


        /**
         * EJB v2.1 section 21.3.2
         * <p/>
         * It is possible that some methods are not assigned to any security
         * roles nor contained in the <code>exclude-list</code> element. In
         * this case, it is the responsibility of the Deployer to assign method
         * permissions for all of the unspecified methods, either by assigning
         * them to security roles, or by marking them as <code>unchecked</code>.
         */
        PermissionCollection permissions;
        if (defaultRole == null) {
            permissions = uncheckedPermissions;
        } else {
            permissions = rolePermissions.get(defaultRole);
            if (permissions == null) {
                permissions = DelegatePermissionCollection.getPermissionCollection();
                rolePermissions.put(defaultRole, permissions);
            }
        }


        Enumeration e = notAssigned.elements();
        while (e.hasMoreElements()) {
            Permission p = (Permission) e.nextElement();
            permissions.add(p);
        }


    }

View Full Code Here

Examples of java.security.PermissionCollection

     * @param toBeChecked the permissions that are to be checked and possibly culled
     * @param permission  the permission that is to be used for culling
     * @return the culled set of permissions that are not implied by <code>permission</code>
     */
    private PermissionCollection cullPermissions(PermissionCollection toBeChecked, Permission permission) {
        PermissionCollection result = DelegatePermissionCollection.getPermissionCollection();


        for (Enumeration e = toBeChecked.elements(); e.hasMoreElements();) {
            Permission test = (Permission) e.nextElement();
            if (!permission.implies(test)) {
                result.add(test);
            }
        }


        return result;
    }

View Full Code Here

Examples of java.security.PermissionCollection

                    pattern.setTransport(transport);
                }
            }
        }


        PermissionCollection excludedPermissions = new Permissions();
        PermissionCollection uncheckedPermissions = new Permissions();


        Iterator iter = excludedPatterns.keySet().iterator();
        while (iter.hasNext()) {
            URLPattern pattern = (URLPattern) excludedPatterns.get(iter.next());
            String name = pattern.getQualifiedPattern(allSet);
            String actions = pattern.getMethods();


            excludedPermissions.add(new WebResourcePermission(name, actions));
            excludedPermissions.add(new WebUserDataPermission(name, actions));
        }


        iter = rolesPatterns.keySet().iterator();
        while (iter.hasNext()) {
            URLPattern pattern = (URLPattern) rolesPatterns.get(iter.next());
            String name = pattern.getQualifiedPattern(allSet);
            String actions = pattern.getMethods();
            WebResourcePermission permission = new WebResourcePermission(name, actions);


            for (Iterator names = pattern.getRoles().iterator(); names.hasNext();) {
                String roleName = (String) names.next();
                addPermissionToRole(roleName, permission, rolePermissions);
            }
        }


        iter = uncheckedPatterns.keySet().iterator();
        while (iter.hasNext()) {
            URLPattern pattern = (URLPattern) uncheckedPatterns.get(iter.next());
            String name = pattern.getQualifiedPattern(allSet);
            String actions = pattern.getMethods();


            addOrUpdatePattern(uncheckedResourcePatterns, name, actions);
        }


        iter = rolesPatterns.keySet().iterator();
        while (iter.hasNext()) {
            URLPattern pattern = (URLPattern) rolesPatterns.get(iter.next());
            String name = pattern.getQualifiedPattern(allSet);
            String actions = pattern.getMethodsWithTransport();


            addOrUpdatePattern(uncheckedUserPatterns, name, actions);
        }


        iter = uncheckedPatterns.keySet().iterator();
        while (iter.hasNext()) {
            URLPattern pattern = (URLPattern) uncheckedPatterns.get(iter.next());
            String name = pattern.getQualifiedPattern(allSet);
            String actions = pattern.getMethodsWithTransport();


            addOrUpdatePattern(uncheckedUserPatterns, name, actions);
        }


        /**
         * A <code>WebResourcePermission</code> and a <code>WebUserDataPermission</code> must be instantiated for
         * each <tt>url-pattern</tt> in the deployment descriptor and the default pattern "/", that is not combined
         * by the <tt>web-resource-collection</tt> elements of the deployment descriptor with ever HTTP method
         * value.  The permission objects must be contructed using the qualified pattern as their name and with
         * actions defined by the subset of the HTTP methods that do not occur in combination with the pattern.
         * The resulting permissions that must be added to the unchecked policy statements by calling the
         * <code>addToUncheckedPolcy</code> method on the <code>PolicyConfiguration</code> object.
         */
        iter = allSet.iterator();
        while (iter.hasNext()) {
            URLPattern pattern = (URLPattern) iter.next();
            String name = pattern.getQualifiedPattern(allSet);
            String actions = pattern.getComplementedMethods();


            if (actions.length() == 0) {
                continue;
            }


            addOrUpdatePattern(uncheckedResourcePatterns, name, actions);
            addOrUpdatePattern(uncheckedUserPatterns, name, actions);
        }


        URLPattern pattern = new URLPattern("/");
        if (!allSet.contains(pattern)) {
            String name = pattern.getQualifiedPattern(allSet);
            String actions = pattern.getComplementedMethods();


            addOrUpdatePattern(uncheckedResourcePatterns, name, actions);
            addOrUpdatePattern(uncheckedUserPatterns, name, actions);
        }


        //Create the uncheckedPermissions for WebResourcePermissions
        iter = uncheckedResourcePatterns.keySet().iterator();
        while (iter.hasNext()) {
            UncheckedItem item = (UncheckedItem) iter.next();
            String actions = (String) uncheckedResourcePatterns.get(item);


            uncheckedPermissions.add(new WebResourcePermission(item.getName(), actions));
        }
        //Create the uncheckedPermissions for WebUserDataPermissions
        iter = uncheckedUserPatterns.keySet().iterator();
        while (iter.hasNext()) {
            UncheckedItem item = (UncheckedItem) iter.next();
            String actions = (String) uncheckedUserPatterns.get(item);


            uncheckedPermissions.add(new WebUserDataPermission(item.getName(), actions));
        }


        return new ComponentPermissions(excludedPermissions, uncheckedPermissions, rolePermissions);


    }

View Full Code Here

0 1 2 3 4 5

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.