org.eclipse.jetty.policy
Class JettyPolicy
java.lang.Object
java.security.Policy
org.eclipse.jetty.policy.JettyPolicy
public class JettyPolicy
- extends Policy
Policy implementation that will load a set of policy files and manage the mapping of permissions and protection domains
Features of JettyPolicy are:
- we are able to follow the startup mechanic that jetty uses with jetty-start using OPTIONS=policy,default to be able to startup a security manager and policy implementation without have to rely on the existing JVM cli options
- support for specifying multiple policy files to source permissions from
- support for merging protection domains across multiple policy files for the same codesource
- support for directories of policy files, just specify directory and all *.policy files will be loaded.
Possible additions are:
- jmx reporting
- proxying of system security policy where we can proxy access to the system policy should the jvm have been started with one, I had support for this but ripped it
out to add in again later
- an xml policy file parser, had originally added this using modello but tore it out since it would have been a
nightmare to get its dependencies through IP validation, could do this with jvm xml parser instead sometime
- check performance of the synch'd map I am using for the protection domain mapping
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
JettyPolicy
public JettyPolicy(Set<String> policies,
Map<String,String> properties)
getPermissions
public PermissionCollection getPermissions(ProtectionDomain domain)
- Overrides:
getPermissions
in class Policy
getPermissions
public PermissionCollection getPermissions(CodeSource codesource)
- Overrides:
getPermissions
in class Policy
implies
public boolean implies(ProtectionDomain domain,
Permission permission)
- Overrides:
implies
in class Policy
refresh
public void refresh()
- This call performs a refresh of the policy system, first processing the associated
files and then replacing the policy cache.
- Overrides:
refresh
in class Policy
dump
public void dump(PrintStream out)
copyOf
public PermissionCollection copyOf(PermissionCollection in)
getKnownPolicyFiles
public Set<String> getKnownPolicyFiles()
- returns the known policy files that are being tracked by this instance of JettyPolicy
- Returns:
- set of known policy files
Copyright © 1995-2011 Mort Bay Consulting. All Rights Reserved.