org.eclipse.jetty.policy
Class JettyPolicy
java.lang.Object
java.security.Policy
org.eclipse.jetty.policy.JettyPolicy
public class JettyPolicy
- extends java.security.Policy
Policy implementation that will load a set of policy files and manage the mapping of permissions and protection domains
The reason I created this class and added this mechanism are:
1) I wanted a way to be able to follow the startup mechanic that jetty uses with jetty-start using OPTIONS=policy,default to be able to startup a security manager and policy implementation without have to rely on the existing JVM cli options 2)
establish a starting point to add on further functionality to permissions based security with jetty like jmx enabled permission tweaking or runtime creation and specification of policies for specific webapps 3) I wanted to have support for specifying
multiple policy files to source permissions from
Possible additions are: - directories of policy file support - jmx enabled a la #2 above - proxying of system security policy where we can proxy access to the system policy should the jvm have been started with one, I had support for this but ripped it
out to add in again later - merging of protection domains if process multiple policy files that declare permissions for the same codebase - an xml policy file parser, had originally added this using modello but tore it out since it would have been a
nightmare to get its dependencies through IP validation, could do this with jvm xml parser instead sometime - check performance of the synch'd map I am using for the protection domain mapping
Nested classes/interfaces inherited from class java.security.Policy |
java.security.Policy.Parameters |
Fields inherited from class java.security.Policy |
UNSUPPORTED_EMPTY_COLLECTION |
Constructor Summary |
JettyPolicy(java.util.Set<java.lang.String> policies,
java.util.Map<java.lang.String,java.lang.String> properties)
|
Method Summary |
java.security.PermissionCollection |
copyOf(java.security.PermissionCollection in)
|
void |
dump(java.io.PrintStream out)
|
java.security.PermissionCollection |
getPermissions(java.security.CodeSource codesource)
|
java.security.PermissionCollection |
getPermissions(java.security.ProtectionDomain domain)
|
boolean |
implies(java.security.ProtectionDomain domain,
java.security.Permission permission)
|
void |
refresh()
|
Methods inherited from class java.security.Policy |
getInstance, getInstance, getInstance, getParameters, getPolicy, getProvider, getType, setPolicy |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
JettyPolicy
public JettyPolicy(java.util.Set<java.lang.String> policies,
java.util.Map<java.lang.String,java.lang.String> properties)
getPermissions
public java.security.PermissionCollection getPermissions(java.security.ProtectionDomain domain)
- Overrides:
getPermissions
in class java.security.Policy
getPermissions
public java.security.PermissionCollection getPermissions(java.security.CodeSource codesource)
- Overrides:
getPermissions
in class java.security.Policy
implies
public boolean implies(java.security.ProtectionDomain domain,
java.security.Permission permission)
- Overrides:
implies
in class java.security.Policy
refresh
public void refresh()
- Overrides:
refresh
in class java.security.Policy
dump
public void dump(java.io.PrintStream out)
copyOf
public java.security.PermissionCollection copyOf(java.security.PermissionCollection in)
Copyright © 1995-2010 Mort Bay Consulting. All Rights Reserved.