|
| |
|
| javax.security.jacc.PolicyConfiguration
| PolicyConfiguration | | public interface PolicyConfiguration (Code) | | The methods of this interface are used by containers to
create policy statements in a Policy provider.
An object that implements the PolicyConfiguration interface provides the
policy statement configuration interface for a corresponding policy context
within the corresponding Policy provider.
The life cycle of a policy context is defined by three states; "open",
"inService", and "deleted". A policy context is in one of these three states.
A policy context in the "open" state is in the process of being
configured, and may be operated on by any of the methods of the
PolicyConfiguration interface. A policy context in the "open" state
must not be assimilated at Policy.refresh into the policy
statements used by the Policy provider in performing its access decisions.
In order for the policy statements of a policy context to be assimilated
by the associated provider, the policy context must be in the
"inService" state. A policy context in the "open" state is transitioned to
the "inService" state by calling the commit method.
A policy context in the "inService" state is available for assimilation
into the policy statements being used to perform access decisions by the
associated Policy provider. Providers assimilate policy contexts containing
policy statements when the refresh method of the provider is called. When
a provider's refresh method is called, it must assimilate only those policy
contexts whose state is "inService" and it must ensure that the policy
statements put into service for each policy context are only those defined
in the context at the time of the call to refresh. A policy context in the
"inService" state is not available for additional configuration and may be
returned to the "open" state by calling the getPolicyConfiguration method
of the PolicyConfigurationFactory.
A policy context in the "deleted" state is neither available for
configuration, nor is it available for assimilation into the Provider. A
policy context whose state is "deleted" may be reclaimed for subsequent
processing by calling the getPolicyConfiguration method of the associated
PolicyConfigurationFactory. A "deleted" policy context
is transitioned to the "open" state when it it returned as a result of
a call to getPolicyConfiguration.
The following table captures the correspondence between the policy context
life cycle and the methods of the PolicyConfiguration interface.
The rightmost 3 columns of the table correspond to the
PolicyConfiguration state identified at the head of the column.
The values in the cells of these columns indicate
the next state resulting from a call to the method
identifed in the leftmost column of the corresponding row, or that
calling the method is unsupported in the state
represented by the column (in which case the state will remain unchanged).
PolicyConfiguration State Table
|
Method |
Current State to Next State |
| deleted |
open |
inService |
| addToExcludedPolicy |
Unsupported Operation |
open |
Unsupported Operation |
| addToRole |
Unsupported Operation |
open |
Unsupported Operation |
| addToUncheckedPolicy |
Unsupported Operation |
open |
Unsupported Operation |
| commit |
Unsupported Operation |
inService |
inService |
| delete |
deleted |
deleted |
deleted |
| getContextID |
deleted |
open |
inService |
| inService |
deleted |
open |
inService |
| linkConfiguration |
Unsupported Operation |
open |
Unsupported Operation |
| removeExcludedPolicy |
Unsupported Operation |
open |
Unsupported Operation |
| removeRole |
Unsupported Operation |
open |
Unsupported Operation |
| removeUncheckedPolicy |
Unsupported Operation |
open |
Unsupported Operation |
For a provider implementation to be compatible with multi-threaded
environments, it may be necessary to synchronize the refresh method of
the provider with the methods of its PolicyConfiguration interface and
with the getPolicyConfiguration and inService methods of its
PolicyConfigurationFactory.
See Also: http://java.sun.com/j2ee/1.4/docs/api/
author:
Scott.Stark@jboss.org
author:
Ron Monzillo, Gary Ellison (javadoc)
version:
$Revision: 57196 $ |
| Method Summary | |
| public void | addToExcludedPolicy(Permission permission)
Adds a single excluded permission to the PolicyConfiguration. | | public void | addToExcludedPolicy(PermissionCollection permissions)
| | public void | addToRole(String roleName, Permission permission)
Add a single permission to a named role in the PolicyConfiguration. | | public void | addToRole(String roleName, PermissionCollection permissions)
Add permissions to a named role in the PolicyConfiguration. | | public void | addToUncheckedPolicy(Permission permission)
Add a single unchecked permission to the PolicyConfiguration. | | public void | addToUncheckedPolicy(PermissionCollection permissions)
Add unchecked permissions to the PolicyConfiguration. | | public void | commit()
This method is used to set to "inService" the state of the policy context
whose interface is this PolicyConfiguration Object. | | public void | delete()
Causes all policy statements to be deleted from this PolicyConfiguration
and sets its internal state such that calling any method, other than
delete, getContextID, or inService on the PolicyConfiguration will be
rejected and cause an UnsupportedOperationException to be thrown.
This operation has no affect on any linked PolicyConfigurations other than
removing any links involving the deleted PolicyConfiguration. | | public String | getContextID()
This method returns this object's policy context identifier. | | public boolean | inService()
This method is used to determine if the policy context whose interface is
this PolicyConfiguration Object is in the "inService" state. | | public void | linkConfiguration(PolicyConfiguration link)
Creates a relationship between this configuration and another such that
they share the same principal-to-role mappings. | | public void | removeExcludedPolicy()
| | public void | removeRole(String roleName)
Used to remove a role and all its permissions from this PolicyConfiguration. | | public void | removeUncheckedPolicy()
Used to remove any unchecked policy statements from this PolicyConfiguration. |
| addToRole | | public void addToRole(String roleName, Permission permission) throws PolicyContextException(Code) | | Add a single permission to a named role in the PolicyConfiguration. If
the named Role does not exist in the PolicyConfiguration, it is created
as a result of the call to this function.
Parameters:
roleName -
Parameters:
permission -
throws:
PolicyContextException - |
| commit | | public void commit() throws PolicyContextException(Code) | | This method is used to set to "inService" the state of the policy context
whose interface is this PolicyConfiguration Object. Only those policy
contexts whose state is "inService" will be included in the policy
contexts processed by the Policy.refresh method. A policy context whose
state is "inService" may be returned to the "open" state by calling the
getPolicyConfiguration method of the PolicyConfiguration factory with the
policy context identifier of the policy context.
When the state of a policy context is "inService", calling any method other
than commit, delete, getContextID, or inService on its PolicyConfiguration
Object will cause an UnsupportedOperationException to be thrown.
throws:
SecurityException - - when the caller does not have aSecurityPermission("setPolicy") permission.
throws:
UnsupportedOperationException - - if the state of the policy contextwhose interface is this PolicyConfiguration Object is "deleted" when thismethod is called.
throws:
PolicyContextException - - if the implementation throws a checkedexception that has not been accounted for by the commit method signature. |
| delete | | public void delete() throws PolicyContextException(Code) | | Causes all policy statements to be deleted from this PolicyConfiguration
and sets its internal state such that calling any method, other than
delete, getContextID, or inService on the PolicyConfiguration will be
rejected and cause an UnsupportedOperationException to be thrown.
This operation has no affect on any linked PolicyConfigurations other than
removing any links involving the deleted PolicyConfiguration.
throws:
SecurityException - - when the caller does not have aSecurityPermission("setPolicy") permission.
throws:
PolicyContextException - |
| inService | | public boolean inService() throws PolicyContextException(Code) | | This method is used to determine if the policy context whose interface is
this PolicyConfiguration Object is in the "inService" state.
true if the state of the associated policy context is "inService",false otherwise.
throws:
PolicyContextException - |
| linkConfiguration | | public void linkConfiguration(PolicyConfiguration link) throws PolicyContextException(Code) | | Creates a relationship between this configuration and another such that
they share the same principal-to-role mappings. PolicyConfigurations are
linked to apply a common principal-to-role mapping to multiple seperately
manageable PolicyConfigurations, as is required when an application is
composed of multiple modules.
Parameters:
link - - a reference to a different PolicyConfiguration than thisPolicyConfiguration. The relationship formed by this method is symetric,transitive and idempotent. If the argument PolicyConfiguration does nothave a different Policy context identifier than this PolicyConfigurationno relationship is formed, and an IllegalArgumentException is thrown.
throws:
SecurityException - - when the caller does not have aSecurityPermission("setPolicy") permission.
throws:
IllegalArgumentException - - if called with an argumentPolicyConfiguration whose Policy context is equivalent to that of thisPolicyConfiguration.
throws:
PolicyContextException - |
| removeExcludedPolicy | | public void removeExcludedPolicy() throws PolicyContextException(Code) | | Used to remove any excluded policy statements from this PolicyConfiguration
throws:
SecurityException - - when the caller does not have aSecurityPermission("setPolicy") permission.
throws:
UnsupportedOperationException - - if the state of the policy contextwhose interface is this PolicyConfiguration Object is "deleted" or"inService" when this method is called.
throws:
PolicyContextException - |
| removeRole | | public void removeRole(String roleName) throws PolicyContextException(Code) | | Used to remove a role and all its permissions from this PolicyConfiguration.
Parameters:
roleName - - the name of the Role to remove from this PolicyConfiguration.
throws:
SecurityException - - when the caller does not have aSecurityPermission("setPolicy") permission.
throws:
UnsupportedOperationException - - if the state of the policy contextwhose interface is this PolicyConfiguration Object is "deleted" or"inService" when this method is called.
throws:
PolicyContextException - |
| removeUncheckedPolicy | | public void removeUncheckedPolicy() throws PolicyContextException(Code) | | Used to remove any unchecked policy statements from this PolicyConfiguration.
throws:
SecurityException - - when the caller does not have aSecurityPermission("setPolicy") permission.
throws:
UnsupportedOperationException - - if the state of the policy contextwhose interface is this PolicyConfiguration Object is "deleted" or"inService" when this method is called.
throws:
PolicyContextException - |
|
|
|