org.eclipse.jetty.policy
Class JettyPolicy

java.lang.Object
  java.security.Policy
      org.eclipse.jetty.policy.JettyPolicy

public class JettyPolicy
extends Policy

Policy implementation that will load a set of policy files and manage the mapping of permissions and protection domains Features of JettyPolicy are: - we are able to follow the startup mechanic that jetty uses with jetty-start using OPTIONS=policy,default to be able to startup a security manager and policy implementation without have to rely on the existing JVM cli options - support for specifying multiple policy files to source permissions from - support for merging protection domains across multiple policy files for the same codesource - support for directories of policy files, just specify directory and all *.policy files will be loaded. Possible additions are: - scan policy directory for new policy files being added - jmx reporting - proxying of system security policy where we can proxy access to the system policy should the jvm have been started with one, I had support for this but ripped it out to add in again later - an xml policy file parser, had originally added this using modello but tore it out since it would have been a nightmare to get its dependencies through IP validation, could do this with jvm xml parser instead sometime - check performance of the synch'd map I am using for the protection domain mapping

Nested Class Summary

Nested classes/interfaces inherited from class java.security.Policy

Policy.Parameters

Field Summary

Fields inherited from class java.security.Policy

UNSUPPORTED_EMPTY_COLLECTION

Constructor Summary

JettyPolicy(String policyDirectory, Map<String,String> properties)

Method Summary

void	dump(PrintStream out)
CertificateValidator	getCertificateValidator()
static PolicyContext	getContext() returns the policy context which contains the map of properties that can be referenced in policy files and the keystore for validation
PermissionCollection	getPermissions(CodeSource codesource)
PermissionCollection	getPermissions(ProtectionDomain domain)
boolean	implies(ProtectionDomain domain, Permission permission)
void	initialize() required for the jetty policy to start function, initializes the policy monitor and blocks for a full cycle of policy grant updates
void	refresh()
void	setCertificateValidator(CertificateValidator validator)

Methods inherited from class java.security.Policy

getInstance, getInstance, getInstance, getParameters, getPolicy, getProvider, getType, setPolicy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JettyPolicy

public JettyPolicy(String policyDirectory,
                   Map<String,String> properties)

Method Detail

refresh

public void refresh()

Overrides:

refresh in class Policy

initialize

public void initialize()

required for the jetty policy to start function, initializes the policy monitor and blocks for a full cycle of policy grant updates

getPermissions

public PermissionCollection getPermissions(ProtectionDomain domain)

Overrides:

getPermissions in class Policy

getPermissions

public PermissionCollection getPermissions(CodeSource codesource)

Overrides:

getPermissions in class Policy

implies

public boolean implies(ProtectionDomain domain,
                       Permission permission)

Overrides:

implies in class Policy

getContext

public static PolicyContext getContext()

returns the policy context which contains the map of properties that can be referenced in policy files and the keystore for validation

Returns:

the policy context

dump

public void dump(PrintStream out)

getCertificateValidator

public CertificateValidator getCertificateValidator()

setCertificateValidator

public void setCertificateValidator(CertificateValidator validator)