8146619: Re-examine supportness of public classes in com.sun.security.auth.**
Reviewed-by: xuelei
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.security.auth;
import java.security.CodeSource;
import java.security.PermissionCollection;
import javax.security.auth.Subject;
/**
* This class represents a default implementation for
* {@code javax.security.auth.Policy}.
*
* <p> This object stores the policy for entire Java runtime,
* and is the amalgamation of multiple static policy
* configurations that resides in files.
* The algorithm for locating the policy file(s) and reading their
* information into this {@code Policy} object is:
*
* <ol>
* <li>
* Loop through the security properties,
* <i>auth.policy.url.1</i>, <i>auth.policy.url.2</i>, ...,
* <i>auth.policy.url.X</i>".
* Each property value specifies a {@code URL} pointing to a
* policy file to be loaded. Read in and load each policy.
*
* <li>
* The {@code java.lang.System} property <i>java.security.auth.policy</i>
* may also be set to a {@code URL} pointing to another policy file
* (which is the case when a user uses the -D switch at runtime).
* If this property is defined, and its use is allowed by the
* security property file (the Security property,
* <i>policy.allowSystemProperty</i> is set to <i>true</i>),
* also load that policy.
*
* <li>
* If the <i>java.security.auth.policy</i> property is defined using
* "==" (rather than "="), then ignore all other specified
* policies and only load this policy.
* </ol>
*
* Each policy file consists of one or more grant entries, each of
* which consists of a number of permission entries.
*
* <pre>
* grant signedBy "<b>alias</b>", codeBase "<b>URL</b>",
* principal <b>principalClass</b> "<b>principalName</b>",
* principal <b>principalClass</b> "<b>principalName</b>",
* ... {
*
* permission <b>Type</b> "<b>name</b> "<b>action</b>",
* signedBy "<b>alias</b>";
* permission <b>Type</b> "<b>name</b> "<b>action</b>",
* signedBy "<b>alias</b>";
* ....
* };
* </pre>
*
* All non-bold items above must appear as is (although case
* doesn't matter and some are optional, as noted below).
* Italicized items represent variable values.
*
* <p> A grant entry must begin with the word {@code grant}.
* The {@code signedBy} and {@code codeBase}
* name/value pairs are optional.
* If they are not present, then any signer (including unsigned code)
* will match, and any codeBase will match. Note that the
* {@code principal} name/value pair is not optional.
* This {@code Policy} implementation only permits
* Principal-based grant entries. Note that the <i>principalClass</i>
* may be set to the wildcard value, *, which allows it to match
* any {@code Principal} class. In addition, the <i>principalName</i>
* may also be set to the wildcard value, *, allowing it to match
* any {@code Principal} name. When setting the <i>principalName</i>
* to the *, do not surround the * with quotes.
*
* <p> A permission entry must begin with the word {@code permission}.
* The word <i>{@code Type}</i> in the template above is
* a specific permission type, such as {@code java.io.FilePermission}
* or {@code java.lang.RuntimePermission}.
*
* <p> The "<i>action</i>" is required for
* many permission types, such as {@code java.io.FilePermission}
* (where it specifies what type of file access that is permitted).
* It is not required for categories such as
* {@code java.lang.RuntimePermission}
* where it is not necessary - you either have the
* permission specified by the "<i>{@code name}</i>"
* value following the type name or you don't.
*
* <p> The {@code signedBy} name/value pair for a permission entry
* is optional. If present, it indicates a signed permission. That is,
* the permission class itself must be signed by the given alias in
* order for it to be granted. For example,
* suppose you have the following grant entry:
*
* <pre>
* grant principal foo.com.Principal "Duke" {
* permission Foo "foobar", signedBy "FooSoft";
* }
* </pre>
*
* <p> Then this permission of type <i>Foo</i> is granted if the
* {@code Foo.class} permission has been signed by the
* "FooSoft" alias, or if {@code Foo.class} is a
* system class (i.e., is found on the CLASSPATH).
*
* <p> Items that appear in an entry must appear in the specified order
* ({@code permission}, <i>Type</i>, "<i>name</i>", and
* "<i>action</i>"). An entry is terminated with a semicolon.
*
* <p> Case is unimportant for the identifiers ({@code permission},
* {@code signedBy}, {@code codeBase}, etc.) but is
* significant for the <i>Type</i>
* or for any string that is passed in as a value.
*
* <p> An example of two entries in a policy configuration file is
* <pre>
* // if the code is comes from "foo.com" and is running as "Duke",
* // grant it read/write to all files in /tmp.
*
* grant codeBase "foo.com", principal foo.com.Principal "Duke" {
* permission java.io.FilePermission "/tmp/*", "read,write";
* };
*
* // grant any code running as "Duke" permission to read
* // the "java.vendor" Property.
*
* grant principal foo.com.Principal "Duke" {
* permission java.util.PropertyPermission "java.vendor";
* </pre>
*
* <p> This {@code Policy} implementation supports
* special handling for PrivateCredentialPermissions.
* If a grant entry is configured with a
* {@code PrivateCredentialPermission},
* and the "Principal Class/Principal Name" for that
* {@code PrivateCredentialPermission} is "self",
* then the entry grants the specified {@code Subject} permission to
* access its own private Credential. For example,
* the following grants the {@code Subject} "Duke"
* access to its own a.b.Credential.
*
* <pre>
* grant principal foo.com.Principal "Duke" {
* permission javax.security.auth.PrivateCredentialPermission
* "a.b.Credential self",
* "read";
* };
* </pre>
*
* The following grants the {@code Subject} "Duke"
* access to all of its own private Credentials:
*
* <pre>
* grant principal foo.com.Principal "Duke" {
* permission javax.security.auth.PrivateCredentialPermission
* "* self",
* "read";
* };
* </pre>
*
* The following grants all Subjects authenticated as a
* {@code SolarisPrincipal} (regardless of their respective names)
* permission to access their own private Credentials:
*
* <pre>
* grant principal com.sun.security.auth.SolarisPrincipal * {
* permission javax.security.auth.PrivateCredentialPermission
* "* self",
* "read";
* };
* </pre>
*
* The following grants all Subjects permission to access their own
* private Credentials:
*
* <pre>
* grant principal * * {
* permission javax.security.auth.PrivateCredentialPermission
* "* self",
* "read";
* };
* </pre>
* @deprecated As of JDK 1.4, replaced by
* {@code sun.security.provider.PolicyFile}.
* This class is entirely deprecated.
* This class is subject to removal in a future version of Java SE.
*
* @see java.security.CodeSource
* @see java.security.Permissions
* @see java.security.ProtectionDomain
* @see java.security.Security security properties
*/
@Deprecated(since="1.4", forRemoval=true)
public class PolicyFile extends javax.security.auth.Policy {
private final sun.security.provider.AuthPolicyFile apf;
/**
* Initializes the Policy object and reads the default policy
* configuration file(s) into the Policy object.
*/
public PolicyFile() {
apf = new sun.security.provider.AuthPolicyFile();
}
/**
* Refreshes the policy object by re-reading all the policy files.
*
* @exception SecurityException if the caller doesn't have permission
* to refresh the {@code Policy}.
*/
@Override
public void refresh() {
apf.refresh();
}
/**
* Examines this {@code Policy} and returns the Permissions granted
* to the specified {@code Subject} and {@code CodeSource}.
*
* <p> Permissions for a particular <i>grant</i> entry are returned
* if the {@code CodeSource} constructed using the codebase and
* signedby values specified in the entry {@code implies}
* the {@code CodeSource} provided to this method, and if the
* {@code Subject} provided to this method contains all of the
* Principals specified in the entry.
*
* <p> The {@code Subject} provided to this method contains all
* of the Principals specified in the entry if, for each
* {@code Principal}, "P1", specified in the <i>grant</i> entry
* one of the following two conditions is met:
*
* <ol>
* <li> the {@code Subject} has a
* {@code Principal}, "P2", where
* {@code P2.getClass().getName()} equals the
* P1's class name, and where
* {@code P2.getName()} equals the P1's name.
*
* <li> P1 implements
* {@code com.sun.security.auth.PrincipalComparator},
* and {@code P1.implies} the provided {@code Subject}.
* </ol>
*
* <p> Note that this {@code Policy} implementation has
* special handling for PrivateCredentialPermissions.
* When this method encounters a {@code PrivateCredentialPermission}
* which specifies "self" as the {@code Principal} class and name,
* it does not add that {@code Permission} to the returned
* {@code PermissionCollection}. Instead, it builds
* a new {@code PrivateCredentialPermission}
* for each {@code Principal} associated with the provided
* {@code Subject}. Each new {@code PrivateCredentialPermission}
* contains the same Credential class as specified in the
* originally granted permission, as well as the Class and name
* for the respective {@code Principal}.
*
* @param subject the Permissions granted to this {@code Subject}
* and the additionally provided {@code CodeSource}
* are returned.
*
* @param codesource the Permissions granted to this {@code CodeSource}
* and the additionally provided {@code Subject}
* are returned.
*
* @return the Permissions granted to the provided {@code Subject}
* {@code CodeSource}.
*/
@Override
public PermissionCollection getPermissions(final Subject subject,
final CodeSource codesource) {
return apf.getPermissions(subject, codesource);
}
}