| java.lang.Object
 com.ecyrd.jspwiki.auth.PolicyLoader
| PolicyLoader | | final public class PolicyLoader (Code) | |
Initializes JVM configurations for JAAS and Java 2 security policy. Callers
can use the static methods in this class (
PolicyLoader.isJaasConfigured() and
PolicyLoader.isSecurityPolicyConfigured() ) to inquire whether a JAAS
login configuration exists, or whether a custom Java security policy is in
use. Additional methods allow callers to set the JAAS and security policy
configurations to supplied URLs (
PolicyLoader.setJaasConfiguration(URL) and
PolicyLoader.setSecurityPolicy(URL) ).
If either the JAAS configuration and security policy are set using methods in
this class, the resulting configuration or policy is global to the
JVM. Thus, in a multi-webapp scenario, this means that the first webapp to be
loaded by the container wins. Thus, for containers hosting multiple wikis,
the administrator will need to manually configure the
java.security.policy and
java.security.auth.login.config properties. In other words,
multi-wiki deployments will always require manual (one-time) configuration.
The security policy-related methods
PolicyLoader.isSecurityPolicyConfigured() and
PolicyLoader.setSecurityPolicy(URL) ) assumes that the web container
doesn't use a "double-equals" command-line assignment
to override the security policy ( e.g. ,
-Djava.security.policy==jspwiki.policy). Note that Tomcat 4
and higher, when run using the "-security" option, does this.
To interoperate with any container running with a security manager, the
container's JVM security policy should include a short set of permission
grant similar to the following:
keystore "jspwiki.jks";
...
grant signedBy "jspwiki" {
permission java.security.SecurityPermission, "getPolicy";
permission java.security.SecurityPermission, "setPolicy";
permission java.util.PropertyPermission "java.security.auth.login.config", "write";
permission java.util.PropertyPermission "java.security.policy", "read,write";
permission javax.security.auth.AuthPermission, "getLoginConfiguration";
permission javax.security.auth.AuthPermission, "setLoginConfiguration";
};
The signedBy value should match the alias of a digital
certificate in the named keystore ( e.g. , jspwiki.jks).
If the full path to the keystore is not suppled, it is assumed to be in the
same directory as the policy file.
author:
Andrew Jaquith
since:
2.3 |
| Field Summary | |
| final protected static Logger | log
|
| Method Summary | |
| final public static boolean | isJaasConfigured()
Returns true if the JAAS login configuration exists.
Normally, JAAS is configured by setting the system property
java.security.auth.login.config at JVM startup.
This method attempts to perform a highly privileged operation. | | final public static boolean | isSecurityPolicyConfigured()
Returns true if a custom Java security policy configuration
exists. | | final public static void | setJaasConfiguration(URL url)
Sets the JAAS login configuration file, overwriting the existing
configuration. | | final public static void | setSecurityPolicy(URL url)
Sets the Java security policy, overwriting any custom policy settings. |
| log | | final protected static Logger log(Code) | | |
| isJaasConfigured | | final public static boolean isJaasConfigured() throws SecurityException(Code) | |
Returns true if the JAAS login configuration exists.
Normally, JAAS is configured by setting the system property
java.security.auth.login.config at JVM startup.
This method attempts to perform a highly privileged operation. If the JVM
runs with a SecurityManager, the following permission must be granted to
the codesource containing this class:
- permission javax.security.auth.AuthPermission,
"getLoginConfiguration"
true ifjavax.security.auth.login.Configuration.getConfigurationis not null ; false otherwise.
throws:
SecurityException - if the codesource containing this class posessesinsufficient permmissions when running with a SecurityManager |
| isSecurityPolicyConfigured | | final public static boolean isSecurityPolicyConfigured() throws SecurityException(Code) | |
Returns true if a custom Java security policy configuration
exists. Normally, the Java security policy is configured by setting the
system property java.security.policy at JVM startup.
This method attempts to perform a highly privileged operation. If the JVM
runs with a SecurityManager, the following permission must be granted to
the codesource containing this class:
- permission java.util.PropertyPermission
"java.security.policy", "read"
true if the system propertyjava.security.policy is not null; false otherwise.
throws:
SecurityException - if the codesource containing this class posessesinsufficient permmissions when running with a SecurityManager |
| setJaasConfiguration | | final public static void setJaasConfiguration(URL url) throws SecurityException(Code) | | Sets the JAAS login configuration file, overwriting the existing
configuration. If the configuration file pointed to by the URL does not
exist, a SecurityException is thrown.
This method attempts to perform several highly privileged operations. If
the JVM runs with a SecurityManager, the following permissions must be
granted to the codesource containing this class:
- permission java.util.PropertyPermission
"java.security.auth.login.config", "write"
- permission javax.security.auth.AuthPermission,
"getLoginConfiguration"
- permission javax.security.auth.AuthPermission,
"setLoginConfiguration"
Parameters:
url - the URL of the login configuration file. If the URL containsproperties such as ${java.home}, they will beexpanded.
throws:
SecurityException - if:- the supplied URL is
null - properties cannot be expanded
- the codesource containing this class does not posessessufficient permmissions when running with a SecurityManager
|
| setSecurityPolicy | | final public static void setSecurityPolicy(URL url) throws SecurityException(Code) | |
Sets the Java security policy, overwriting any custom policy settings. This
method sets the value of the system property
java.security.policy to the supplied URL, then calls
java.security.Policy.setPolicy(java.security.Policy) with a
newly-instantiated instance of
sun.security.provider.PolicyFile (the J2SE default
implementation). The new Policy, once set, reloads the default system
policies enumerated by the policy.url.n entries in
JAVA_HOME/lib/security/java.policy, followed by the
user-supplied policy file.
This method attempts to perform several highly privileged operations. If
the JVM runs with a SecurityManager, the following permissions must be
granted to the codesource containing this class:
- permission java.security.SecurityPermission, "getPolicy"
- permission java.security.SecurityPermission, "setPolicy"
- permission java.util.PropertyPermission}
"java.security.policy", "write"
Parameters:
url - the URL of the security policy file. If the URL containsproperties such as ${java.home}, they will beexpanded.
throws:
SecurityException - if:- the supplied URL is
null - properties cannot be expanded
- the codesource containing this class does not posessessufficient permmissions when running with a SecurityManager
- the JVM's current Policy implementation is not of type
sun.security.provider.PolicyFile
|
|
|