org.eclipse.jetty.policy
Class JettyPolicy
java.lang.Object
java.security.Policy
org.eclipse.jetty.policy.JettyPolicy
public class JettyPolicy
- extends Policy
Policy implementation that will load a set of policy files and manage the mapping of permissions and protection domains
Features of JettyPolicy are:
- we are able to follow the startup mechanic that jetty uses with jetty-start using OPTIONS=policy,default to be able to startup a security manager and policy implementation without have to rely on the existing JVM cli options
- support for specifying multiple policy files to source permissions from
- support for merging protection domains across multiple policy files for the same codesource
- support for directories of policy files, just specify directory and all *.policy files will be loaded.
Possible additions are:
- scan policy directory for new policy files being added
- jmx reporting
- proxying of system security policy where we can proxy access to the system policy should the jvm have been started with one, I had support for this but ripped it
out to add in again later
- an xml policy file parser, had originally added this using modello but tore it out since it would have been a
nightmare to get its dependencies through IP validation, could do this with jvm xml parser instead sometime
- check performance of the synch'd map I am using for the protection domain mapping
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
JettyPolicy
public JettyPolicy(String policyDirectory,
Map<String,String> properties)
refresh
public void refresh()
- Overrides:
refresh
in class Policy
initialize
public void initialize()
- required for the jetty policy to start function, initializes the
policy monitor and blocks for a full cycle of policy grant updates
getPermissions
public PermissionCollection getPermissions(ProtectionDomain domain)
- Overrides:
getPermissions
in class Policy
getPermissions
public PermissionCollection getPermissions(CodeSource codesource)
- Overrides:
getPermissions
in class Policy
implies
public boolean implies(ProtectionDomain domain,
Permission permission)
- Overrides:
implies
in class Policy
getContext
public static PolicyContext getContext()
- returns the policy context which contains the map of properties that
can be referenced in policy files and the keystore for validation
- Returns:
- the policy context
dump
public void dump(PrintStream out)
getCertificateValidator
public CertificateValidator getCertificateValidator()
setCertificateValidator
public void setCertificateValidator(CertificateValidator validator)
Copyright © 1995-2011 Mort Bay Consulting. All Rights Reserved.