jdk/src/share/classes/javax/security/auth/Policy.java
author mullan
Mon, 22 Nov 2010 10:16:07 -0500
changeset 7291 9fefa2786251
parent 7179 4afb81e50183
child 14775 2ed01c760aea
permissions -rw-r--r--
6995424: Eliminate dependency to a deprecated API com.sun.security.auth.PolicyFile Reviewed-by: mchung

/*
 * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package javax.security.auth;

import java.security.Security;
import sun.security.util.Debug;

/**
 * <p> This is an abstract class for representing the system policy for
 * Subject-based authorization.  A subclass implementation
 * of this class provides a means to specify a Subject-based
 * access control <code>Policy</code>.
 *
 * <p> A <code>Policy</code> object can be queried for the set of
 * Permissions granted to code running as a
 * <code>Principal</code> in the following manner:
 *
 * <pre>
 *      policy = Policy.getPolicy();
 *      PermissionCollection perms = policy.getPermissions(subject,
 *                                                      codeSource);
 * </pre>
 *
 * The <code>Policy</code> object consults the local policy and returns
 * and appropriate <code>Permissions</code> object with the
 * Permissions granted to the Principals associated with the
 * provided <i>subject</i>, and granted to the code specified
 * by the provided <i>codeSource</i>.
 *
 * <p> A <code>Policy</code> contains the following information.
 * Note that this example only represents the syntax for the default
 * <code>Policy</code> implementation. Subclass implementations of this class
 * may implement alternative syntaxes and may retrieve the
 * <code>Policy</code> from any source such as files, databases,
 * or servers.
 *
 * <p> Each entry in the <code>Policy</code> is represented as
 * a <b><i>grant</i></b> entry.  Each <b><i>grant</i></b> entry
 * specifies a codebase, code signers, and Principals triplet,
 * as well as the Permissions granted to that triplet.
 *
 * <pre>
 *      grant CodeBase ["URL"], Signedby ["signers"],
 *            Principal [Principal_Class] "Principal_Name" {
 *          Permission Permission_Class ["Target_Name"]
 *                                      [, "Permission_Actions"]
 *                                      [, signedBy "SignerName"];
 *      };
 * </pre>
 *
 * The CodeBase and Signedby components of the triplet name/value pairs
 * are optional.  If they are not present, then any any codebase will match,
 * and any signer (including unsigned code) will match.
 * For Example,
 *
 * <pre>
 *      grant CodeBase "foo.com", Signedby "foo",
 *            Principal com.sun.security.auth.SolarisPrincipal "duke" {
 *          permission java.io.FilePermission "/home/duke", "read, write";
 *      };
 * </pre>
 *
 * This <b><i>grant</i></b> entry specifies that code from "foo.com",
 * signed by "foo', and running as a <code>SolarisPrincipal</code> with the
 * name, duke, has one <code>Permission</code>.  This <code>Permission</code>
 * permits the executing code to read and write files in the directory,
 * "/home/duke".
 *
 * <p> To "run" as a particular <code>Principal</code>,
 * code invokes the <code>Subject.doAs(subject, ...)</code> method.
 * After invoking that method, the code runs as all the Principals
 * associated with the specified <code>Subject</code>.
 * Note that this <code>Policy</code> (and the Permissions
 * granted in this <code>Policy</code>) only become effective
 * after the call to <code>Subject.doAs</code> has occurred.
 *
 * <p> Multiple Principals may be listed within one <b><i>grant</i></b> entry.
 * All the Principals in the grant entry must be associated with
 * the <code>Subject</code> provided to <code>Subject.doAs</code>
 * for that <code>Subject</code> to be granted the specified Permissions.
 *
 * <pre>
 *      grant Principal com.sun.security.auth.SolarisPrincipal "duke",
 *            Principal com.sun.security.auth.SolarisNumericUserPrincipal "0" {
 *          permission java.io.FilePermission "/home/duke", "read, write";
 *          permission java.net.SocketPermission "duke.com", "connect";
 *      };
 * </pre>
 *
 * This entry grants any code running as both "duke" and "0"
 * permission to read and write files in duke's home directory,
 * as well as permission to make socket connections to "duke.com".
 *
 * <p> Note that non Principal-based grant entries are not permitted
 * in this <code>Policy</code>.  Therefore, grant entries such as:
 *
 * <pre>
 *      grant CodeBase "foo.com", Signedby "foo" {
 *          permission java.io.FilePermission "/tmp/scratch", "read, write";
 *      };
 * </pre>
 *
 * are rejected.  Such permission must be listed in the
 * <code>java.security.Policy</code>.
 *
 * <p> The default <code>Policy</code> implementation can be changed by
 * setting the value of the "auth.policy.provider" security property
 * (in the Java security properties file) to the fully qualified name of
 * the desired <code>Policy</code> implementation class.
 * The Java security properties file is located in the file named
 * &lt;JAVA_HOME&gt;/lib/security/java.security.
 * &lt;JAVA_HOME&gt; refers to the value of the java.home system property,
 * and specifies the directory where the JRE is installed.
 *
 * @deprecated  as of JDK version 1.4 -- Replaced by java.security.Policy.
 *              java.security.Policy has a method:
 * <pre>
 *      public PermissionCollection getPermissions
 *          (java.security.ProtectionDomain pd)
 *
 * </pre>
 * and ProtectionDomain has a constructor:
 * <pre>
 *      public ProtectionDomain
 *          (CodeSource cs,
 *           PermissionCollection permissions,
 *           ClassLoader loader,
 *           Principal[] principals)
 * </pre>
 *
 * These two APIs provide callers the means to query the
 * Policy for Principal-based Permission entries.
 *
 *
 */
@Deprecated
public abstract class Policy {

    private static Policy policy;
    private static ClassLoader contextClassLoader;

    // true if a custom (not com.sun.security.auth.PolicyFile) system-wide
    // policy object is set
    private static boolean isCustomPolicy;

    static {
        contextClassLoader = java.security.AccessController.doPrivileged
                (new java.security.PrivilegedAction<ClassLoader>() {
                public ClassLoader run() {
                    return Thread.currentThread().getContextClassLoader();
                }
        });
    };

    /**
     * Sole constructor.  (For invocation by subclass constructors, typically
     * implicit.)
     */
    protected Policy() { }

    /**
     * Returns the installed Policy object.
     * This method first calls
     * <code>SecurityManager.checkPermission</code> with the
     * <code>AuthPermission("getPolicy")</code> permission
     * to ensure the caller has permission to get the Policy object.
     *
     * <p>
     *
     * @return the installed Policy.  The return value cannot be
     *          <code>null</code>.
     *
     * @exception java.lang.SecurityException if the current thread does not
     *      have permission to get the Policy object.
     *
     * @see #setPolicy
     */
    public static Policy getPolicy() {
        java.lang.SecurityManager sm = System.getSecurityManager();
        if (sm != null) sm.checkPermission(new AuthPermission("getPolicy"));
        return getPolicyNoCheck();
    }

    /**
     * Returns the installed Policy object, skipping the security check.
     *
     * @return the installed Policy.
     *
     */
    static Policy getPolicyNoCheck() {
        if (policy == null) {

            synchronized(Policy.class) {

                if (policy == null) {
                    String policy_class = null;
                    policy_class = java.security.AccessController.doPrivileged
                        (new java.security.PrivilegedAction<String>() {
                        public String run() {
                            return java.security.Security.getProperty
                                ("auth.policy.provider");
                        }
                    });
                    if (policy_class == null) {
                        policy_class = "com.sun.security.auth.PolicyFile";
                    }

                    try {
                        final String finalClass = policy_class;
                        policy = java.security.AccessController.doPrivileged
                            (new java.security.PrivilegedExceptionAction<Policy>() {
                            public Policy run() throws ClassNotFoundException,
                                                InstantiationException,
                                                IllegalAccessException {
                                return (Policy) Class.forName
                                        (finalClass,
                                        true,
                                        contextClassLoader).newInstance();
                            }
                        });
                        isCustomPolicy =
                            !finalClass.equals("com.sun.security.auth.PolicyFile");
                    } catch (Exception e) {
                        throw new SecurityException
                                (sun.security.util.ResourcesMgr.getString
                                ("unable.to.instantiate.Subject.based.policy"));
                    }
                }
            }
        }
        return policy;
    }


    /**
     * Sets the system-wide Policy object. This method first calls
     * <code>SecurityManager.checkPermission</code> with the
     * <code>AuthPermission("setPolicy")</code>
     * permission to ensure the caller has permission to set the Policy.
     *
     * <p>
     *
     * @param policy the new system Policy object.
     *
     * @exception java.lang.SecurityException if the current thread does not
     *          have permission to set the Policy.
     *
     * @see #getPolicy
     */
    public static void setPolicy(Policy policy) {
        java.lang.SecurityManager sm = System.getSecurityManager();
        if (sm != null) sm.checkPermission(new AuthPermission("setPolicy"));
        Policy.policy = policy;
        // all non-null policy objects are assumed to be custom
        isCustomPolicy = policy != null ? true : false;
    }

    /**
     * Returns true if a custom (not com.sun.security.auth.PolicyFile)
     * system-wide policy object has been set or installed. This method is
     * called by SubjectDomainCombiner to provide backwards compatibility for
     * developers that provide their own javax.security.auth.Policy
     * implementations.
     *
     * @return true if a custom (not com.sun.security.auth.PolicyFile)
     * system-wide policy object has been set; false otherwise
     */
    static boolean isCustomPolicySet(Debug debug) {
        if (policy != null) {
            if (debug != null && isCustomPolicy) {
                debug.println("Providing backwards compatibility for " +
                              "javax.security.auth.policy implementation: " +
                              policy.toString());
            }
            return isCustomPolicy;
        }
        // check if custom policy has been set using auth.policy.provider prop
        String policyClass = java.security.AccessController.doPrivileged
            (new java.security.PrivilegedAction<String>() {
                public String run() {
                    return Security.getProperty("auth.policy.provider");
                }
        });
        if (policyClass != null
            && !policyClass.equals("com.sun.security.auth.PolicyFile")) {
            if (debug != null) {
                debug.println("Providing backwards compatibility for " +
                              "javax.security.auth.policy implementation: " +
                              policyClass);
            }
            return true;
        }
        return false;
    }

    /**
     * Retrieve the Permissions granted to the Principals associated with
     * the specified <code>CodeSource</code>.
     *
     * <p>
     *
     * @param subject the <code>Subject</code>
     *                  whose associated Principals,
     *                  in conjunction with the provided
     *                  <code>CodeSource</code>, determines the Permissions
     *                  returned by this method.  This parameter
     *                  may be <code>null</code>. <p>
     *
     * @param cs the code specified by its <code>CodeSource</code>
     *                  that determines, in conjunction with the provided
     *                  <code>Subject</code>, the Permissions
     *                  returned by this method.  This parameter may be
     *                  <code>null</code>.
     *
     * @return the Collection of Permissions granted to all the
     *                  <code>Subject</code> and code specified in
     *                  the provided <i>subject</i> and <i>cs</i>
     *                  parameters.
     */
    public abstract java.security.PermissionCollection getPermissions
                                        (Subject subject,
                                        java.security.CodeSource cs);

    /**
     * Refresh and reload the Policy.
     *
     * <p>This method causes this object to refresh/reload its current
     * Policy. This is implementation-dependent.
     * For example, if the Policy object is stored in
     * a file, calling <code>refresh</code> will cause the file to be re-read.
     *
     * <p>
     *
     * @exception SecurityException if the caller does not have permission
     *                          to refresh the Policy.
     */
    public abstract void refresh();
}