1 /* |
1 /* |
2 * Copyright (c) 1999, 2011, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
32 import java.security.Principal; |
32 import java.security.Principal; |
33 import sun.security.util.ResourcesMgr; |
33 import sun.security.util.ResourcesMgr; |
34 |
34 |
35 /** |
35 /** |
36 * This class is used to protect access to private Credentials |
36 * This class is used to protect access to private Credentials |
37 * belonging to a particular <code>Subject</code>. The <code>Subject</code> |
37 * belonging to a particular {@code Subject}. The {@code Subject} |
38 * is represented by a Set of Principals. |
38 * is represented by a Set of Principals. |
39 * |
39 * |
40 * <p> The target name of this <code>Permission</code> specifies |
40 * <p> The target name of this {@code Permission} specifies |
41 * a Credential class name, and a Set of Principals. |
41 * a Credential class name, and a Set of Principals. |
42 * The only valid value for this Permission's actions is, "read". |
42 * The only valid value for this Permission's actions is, "read". |
43 * The target name must abide by the following syntax: |
43 * The target name must abide by the following syntax: |
44 * |
44 * |
45 * <pre> |
45 * <pre> |
63 * }; |
63 * }; |
64 * </pre> |
64 * </pre> |
65 * |
65 * |
66 * If CredentialClass is "*", then access is granted to |
66 * If CredentialClass is "*", then access is granted to |
67 * all private Credentials belonging to the specified |
67 * all private Credentials belonging to the specified |
68 * <code>Subject</code>. |
68 * {@code Subject}. |
69 * If "PrincipalName" is "*", then access is granted to the |
69 * If "PrincipalName" is "*", then access is granted to the |
70 * specified Credential owned by any <code>Subject</code> that has the |
70 * specified Credential owned by any {@code Subject} that has the |
71 * specified <code>Principal</code> (the actual PrincipalName doesn't matter). |
71 * specified {@code Principal} (the actual PrincipalName doesn't matter). |
72 * For example, the following grants access to the |
72 * For example, the following grants access to the |
73 * a.b.Credential owned by any <code>Subject</code> that has |
73 * a.b.Credential owned by any {@code Subject} that has |
74 * an a.b.Principal. |
74 * an a.b.Principal. |
75 * |
75 * |
76 * <pre> |
76 * <pre> |
77 * grant { |
77 * grant { |
78 * permission javax.security.auth.PrivateCredentialPermission |
78 * permission javax.security.auth.PrivateCredentialPermission |
81 * }; |
81 * }; |
82 * </pre> |
82 * </pre> |
83 * |
83 * |
84 * If both the PrincipalClass and "PrincipalName" are "*", |
84 * If both the PrincipalClass and "PrincipalName" are "*", |
85 * then access is granted to the specified Credential owned by |
85 * then access is granted to the specified Credential owned by |
86 * any <code>Subject</code>. |
86 * any {@code Subject}. |
87 * |
87 * |
88 * <p> In addition, the PrincipalClass/PrincipalName pairing may be repeated: |
88 * <p> In addition, the PrincipalClass/PrincipalName pairing may be repeated: |
89 * |
89 * |
90 * <pre> |
90 * <pre> |
91 * grant { |
91 * grant { |
94 * "read"; |
94 * "read"; |
95 * }; |
95 * }; |
96 * </pre> |
96 * </pre> |
97 * |
97 * |
98 * The above grants access to the private Credential, "a.b.Credential", |
98 * The above grants access to the private Credential, "a.b.Credential", |
99 * belonging to a <code>Subject</code> with at least two associated Principals: |
99 * belonging to a {@code Subject} with at least two associated Principals: |
100 * "a.b.Principal" with the name, "duke", and "c.d.Principal", with the name, |
100 * "a.b.Principal" with the name, "duke", and "c.d.Principal", with the name, |
101 * "dukette". |
101 * "dukette". |
102 * |
102 * |
103 */ |
103 */ |
104 public final class PrivateCredentialPermission extends Permission { |
104 public final class PrivateCredentialPermission extends Permission { |
113 private String credentialClass; |
113 private String credentialClass; |
114 |
114 |
115 /** |
115 /** |
116 * @serial The Principals associated with this permission. |
116 * @serial The Principals associated with this permission. |
117 * The set contains elements of type, |
117 * The set contains elements of type, |
118 * <code>PrivateCredentialPermission.CredOwner</code>. |
118 * {@code PrivateCredentialPermission.CredOwner}. |
119 */ |
119 */ |
120 private Set<Principal> principals; // ignored - kept around for compatibility |
120 private Set<Principal> principals; // ignored - kept around for compatibility |
121 private transient CredOwner[] credOwners; |
121 private transient CredOwner[] credOwners; |
122 |
122 |
123 /** |
123 /** |
124 * @serial |
124 * @serial |
125 */ |
125 */ |
126 private boolean testing = false; |
126 private boolean testing = false; |
127 |
127 |
128 /** |
128 /** |
129 * Create a new <code>PrivateCredentialPermission</code> |
129 * Create a new {@code PrivateCredentialPermission} |
130 * with the specified <code>credentialClass</code> and Principals. |
130 * with the specified {@code credentialClass} and Principals. |
131 */ |
131 */ |
132 PrivateCredentialPermission(String credentialClass, |
132 PrivateCredentialPermission(String credentialClass, |
133 Set<Principal> principals) { |
133 Set<Principal> principals) { |
134 |
134 |
135 super(credentialClass); |
135 super(credentialClass); |
151 } |
151 } |
152 } |
152 } |
153 } |
153 } |
154 |
154 |
155 /** |
155 /** |
156 * Creates a new <code>PrivateCredentialPermission</code> |
156 * Creates a new {@code PrivateCredentialPermission} |
157 * with the specified <code>name</code>. The <code>name</code> |
157 * with the specified {@code name}. The {@code name} |
158 * specifies both a Credential class and a <code>Principal</code> Set. |
158 * specifies both a Credential class and a {@code Principal} Set. |
159 * |
159 * |
160 * <p> |
160 * <p> |
161 * |
161 * |
162 * @param name the name specifying the Credential class and |
162 * @param name the name specifying the Credential class and |
163 * <code>Principal</code> Set. <p> |
163 * {@code Principal} Set. <p> |
164 * |
164 * |
165 * @param actions the actions specifying that the Credential can be read. |
165 * @param actions the actions specifying that the Credential can be read. |
166 * |
166 * |
167 * @throws IllegalArgumentException if <code>name</code> does not conform |
167 * @throws IllegalArgumentException if {@code name} does not conform |
168 * to the correct syntax or if <code>actions</code> is not "read". |
168 * to the correct syntax or if {@code actions} is not "read". |
169 */ |
169 */ |
170 public PrivateCredentialPermission(String name, String actions) { |
170 public PrivateCredentialPermission(String name, String actions) { |
171 super(name); |
171 super(name); |
172 |
172 |
173 if (!"read".equalsIgnoreCase(actions)) |
173 if (!"read".equalsIgnoreCase(actions)) |
176 init(name); |
176 init(name); |
177 } |
177 } |
178 |
178 |
179 /** |
179 /** |
180 * Returns the Class name of the Credential associated with this |
180 * Returns the Class name of the Credential associated with this |
181 * <code>PrivateCredentialPermission</code>. |
181 * {@code PrivateCredentialPermission}. |
182 * |
182 * |
183 * <p> |
183 * <p> |
184 * |
184 * |
185 * @return the Class name of the Credential associated with this |
185 * @return the Class name of the Credential associated with this |
186 * <code>PrivateCredentialPermission</code>. |
186 * {@code PrivateCredentialPermission}. |
187 */ |
187 */ |
188 public String getCredentialClass() { |
188 public String getCredentialClass() { |
189 return credentialClass; |
189 return credentialClass; |
190 } |
190 } |
191 |
191 |
192 /** |
192 /** |
193 * Returns the <code>Principal</code> classes and names |
193 * Returns the {@code Principal} classes and names |
194 * associated with this <code>PrivateCredentialPermission</code>. |
194 * associated with this {@code PrivateCredentialPermission}. |
195 * The information is returned as a two-dimensional array (array[x][y]). |
195 * The information is returned as a two-dimensional array (array[x][y]). |
196 * The 'x' value corresponds to the number of <code>Principal</code> |
196 * The 'x' value corresponds to the number of {@code Principal} |
197 * class and name pairs. When (y==0), it corresponds to |
197 * class and name pairs. When (y==0), it corresponds to |
198 * the <code>Principal</code> class value, and when (y==1), |
198 * the {@code Principal} class value, and when (y==1), |
199 * it corresponds to the <code>Principal</code> name value. |
199 * it corresponds to the {@code Principal} name value. |
200 * For example, array[0][0] corresponds to the class name of |
200 * For example, array[0][0] corresponds to the class name of |
201 * the first <code>Principal</code> in the array. array[0][1] |
201 * the first {@code Principal} in the array. array[0][1] |
202 * corresponds to the <code>Principal</code> name of the |
202 * corresponds to the {@code Principal} name of the |
203 * first <code>Principal</code> in the array. |
203 * first {@code Principal} in the array. |
204 * |
204 * |
205 * <p> |
205 * <p> |
206 * |
206 * |
207 * @return the <code>Principal</code> class and names associated |
207 * @return the {@code Principal} class and names associated |
208 * with this <code>PrivateCredentialPermission</code>. |
208 * with this {@code PrivateCredentialPermission}. |
209 */ |
209 */ |
210 public String[][] getPrincipals() { |
210 public String[][] getPrincipals() { |
211 |
211 |
212 if (credOwners == null || credOwners.length == 0) { |
212 if (credOwners == null || credOwners.length == 0) { |
213 return new String[0][0]; |
213 return new String[0][0]; |
239 * </pre> |
239 * </pre> |
240 * </ul> |
240 * </ul> |
241 * |
241 * |
242 * <p> |
242 * <p> |
243 * |
243 * |
244 * @param p the <code>Permission</code> to check against. |
244 * @param p the {@code Permission} to check against. |
245 * |
245 * |
246 * @return true if this <code>PrivateCredentialPermission</code> implies |
246 * @return true if this {@code PrivateCredentialPermission} implies |
247 * the specified <code>Permission</code>, false if not. |
247 * the specified {@code Permission}, false if not. |
248 */ |
248 */ |
249 public boolean implies(Permission p) { |
249 public boolean implies(Permission p) { |
250 |
250 |
251 if (p == null || !(p instanceof PrivateCredentialPermission)) |
251 if (p == null || !(p instanceof PrivateCredentialPermission)) |
252 return false; |
252 return false; |
258 |
258 |
259 return impliesPrincipalSet(credOwners, that.credOwners); |
259 return impliesPrincipalSet(credOwners, that.credOwners); |
260 } |
260 } |
261 |
261 |
262 /** |
262 /** |
263 * Checks two <code>PrivateCredentialPermission</code> objects for |
263 * Checks two {@code PrivateCredentialPermission} objects for |
264 * equality. Checks that <i>obj</i> is a |
264 * equality. Checks that <i>obj</i> is a |
265 * <code>PrivateCredentialPermission</code>, |
265 * {@code PrivateCredentialPermission}, |
266 * and has the same credential class as this object, |
266 * and has the same credential class as this object, |
267 * as well as the same Principals as this object. |
267 * as well as the same Principals as this object. |
268 * The order of the Principals in the respective Permission's |
268 * The order of the Principals in the respective Permission's |
269 * target names is not relevant. |
269 * target names is not relevant. |
270 * |
270 * |
271 * <p> |
271 * <p> |
272 * |
272 * |
273 * @param obj the object we are testing for equality with this object. |
273 * @param obj the object we are testing for equality with this object. |
274 * |
274 * |
275 * @return true if obj is a <code>PrivateCredentialPermission</code>, |
275 * @return true if obj is a {@code PrivateCredentialPermission}, |
276 * has the same credential class as this object, |
276 * has the same credential class as this object, |
277 * and has the same Principals as this object. |
277 * and has the same Principals as this object. |
278 */ |
278 */ |
279 public boolean equals(Object obj) { |
279 public boolean equals(Object obj) { |
280 if (obj == this) |
280 if (obj == this) |
309 return "read"; |
309 return "read"; |
310 } |
310 } |
311 |
311 |
312 /** |
312 /** |
313 * Return a homogeneous collection of PrivateCredentialPermissions |
313 * Return a homogeneous collection of PrivateCredentialPermissions |
314 * in a <code>PermissionCollection</code>. |
314 * in a {@code PermissionCollection}. |
315 * No such <code>PermissionCollection</code> is defined, |
315 * No such {@code PermissionCollection} is defined, |
316 * so this method always returns <code>null</code>. |
316 * so this method always returns {@code null}. |
317 * |
317 * |
318 * <p> |
318 * <p> |
319 * |
319 * |
320 * @return null in all cases. |
320 * @return null in all cases. |
321 */ |
321 */ |