ISSecurityPermission.java revision 5c099afa7c9361afc2f4477fec0e3018588d7840
2075N/A/**
2075N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
2075N/A *
2075N/A * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
2075N/A *
2075N/A * The contents of this file are subject to the terms
2075N/A * of the Common Development and Distribution License
2075N/A * (the License). You may not use this file except in
2075N/A * compliance with the License.
2075N/A *
2075N/A * You can obtain a copy of the License at
2075N/A * https://opensso.dev.java.net/public/CDDLv1.0.html or
2075N/A * opensso/legal/CDDLv1.0.txt
2075N/A * See the License for the specific language governing
2075N/A * permission and limitations under the License.
2075N/A *
2075N/A * When distributing Covered Code, include this CDDL
2075N/A * Header Notice in each file and include the License file
2075N/A * at opensso/legal/CDDLv1.0.txt.
2075N/A * If applicable, add the following below the CDDL Header,
3661N/A * with the fields enclosed by brackets [] replaced by
2075N/A * your own identifying information:
2075N/A * "Portions Copyrighted [year] [name of copyright owner]"
2075N/A *
2075N/A * $Id: ISSecurityPermission.java,v 1.4 2008/08/19 19:14:56 veiming Exp $
2075N/A *
2075N/A */
2075N/A
2075N/Apackage com.sun.identity.security;
2075N/A
2075N/Aimport java.security.Permission;
2075N/Aimport java.util.HashSet;
2075N/Aimport java.util.Iterator;
2075N/Aimport java.util.Random;
3661N/Aimport java.util.Set;
3661N/Aimport java.util.StringTokenizer;
2075N/A
2075N/A/**
2075N/A * This class <code>ISSecurityPermission</code> is used to protect the Access
2075N/A * Manager resources which should be accessed only by trusted application. The
2075N/A * resources this Permission is used to protect are: OpenSSO
2075N/A * administrator DN and password, and access to the encryption and decryption
2075N/A * methods used to encrypt all passwords in OpenSSO services. The
2075N/A * supported permissions is <code>"access"</code> and supported actions are
2075N/A * <code>"adminpassword"</code> and <code>"crypt"</code>. So in the Java
2075N/A * security policy file which will define the security options to grant this
2075N/A * permission to code bases, it should be done as below:
2075N/A *
2075N/A * <pre>
2075N/A * grant codeBase "file:{directory where jars are located}/-" {
2075N/A * com.sun.identity.security.ISSecurityPermission "access",
2075N/A * "adminpassword,crypt"; };
2075N/A *</pre>
2075N/A *
2075N/A * Note: The property <code>com.sun.identity.security.checkcaller</code>
* should be set to true in <code>AMConfig.properties</code> file to enable the
* Java security permissions check.
*
* @supported.all.api
*/
public class ISSecurityPermission extends Permission {
private static Random rnd = new Random();
private String perm;
private Set actions = new HashSet();
private int hashCode;
/**
* Constructs <code>ISSecurityPermission</code> object.
*
* @param access
* Has to be string "access"
* @param action
* Can be <code>adminpassword</code> or <code>crypt</code>.
*/
public ISSecurityPermission(String access, String action) {
super(access);
perm = access;
this.actions = convertActionStringToSet(action);
hashCode = rnd.nextInt();
}
/**
* Constructs <code>ISSecurityPermission</code> object. This constructor
* sets the action to <code>"adminpassword"</code> by default.
*
* @param access
* Has to be string "access"
*/
public ISSecurityPermission(String access) {
super(access);
perm = access;
actions = convertActionStringToSet("adminpassword");
hashCode = rnd.nextInt();
}
/**
* This method checks to see if this instance of
* <code>ISSecurityPermission</code> implies the Permission being passed
* as the argument. For more information on this, see the Javadocs of
* <code>java.security.Permission</code>
*
* @param p
* Instance of
* <code>com.sun.identity.security.ISSecurityPermission</code>
* @return true if this instance of <code>ISSecurityPermission</code>
* implies the actions of the argument p. False otherwise
* <code>java.security.Permission</code>
*/
public boolean implies(Permission p) {
if (!(p instanceof ISSecurityPermission)) {
return false;
}
Set pActions = convertActionStringToSet(p.getActions());
// Action "crypt" is implied by the action "adminpassword"
if (actions.contains("adminpassword")
&& (pActions.contains("adminpassword") || pActions
.contains("crypt"))) {
return true;
} else {
if (pActions.contains("crypt") && actions.contains("crypt")) {
return true;
}
}
return false;
}
/**
* Returns hash code for this object.
*
* @see java.security.Permission#hashCode()
* @return hash code representing this object
*/
public int hashCode() {
return hashCode;
}
/**
* Returns true if this object is equals to <code>o</code>.
*
* @param o
* object fro comparison.
* @return true if both object are similar.
*/
public boolean equals(Object o) {
if (o instanceof ISSecurityPermission) {
ISSecurityPermission p = (ISSecurityPermission) o;
if (p.hashCode() == hashCode) {
return true;
}
}
return false;
}
/**
* @see java.security.Permission#getActions()
* @return String representation of actions supported by
* <code>ISSecurityPermission</code>
*/
public String getActions() {
return convertSetToActionString(actions);
}
private Set convertActionStringToSet(String ac) {
StringTokenizer tzer = new StringTokenizer(ac, ",");
Set res = new HashSet();
while (tzer.hasMoreTokens()) {
String tmp = tzer.nextToken();
res.add(tmp);
}
return res;
}
private String convertSetToActionString(Set a) {
StringBuffer sb = new StringBuffer();
Iterator it = a.iterator();
while (it.hasNext()) {
String t = (String) it.next();
sb.append(t).append(",");
}
String s = sb.toString();
int lastComma = s.lastIndexOf(",");
return s.substring(0, lastComma);
}
}