org.eclipse.jetty.policy
Class JettyPolicy
java.lang.Object
java.security.Policy
org.eclipse.jetty.policy.JettyPolicy
public class JettyPolicy
- extends java.security.Policy
Policy implementation that will load a set of policy files and manage the mapping of permissions and protection domains
Features of JettyPolicy are:
- we are able to follow the startup mechanic that jetty uses with jetty-start using OPTIONS=policy,default to be able to startup a security manager and policy implementation without have to rely on the existing JVM cli options
- support for specifying multiple policy files to source permissions from
- support for merging protection domains across multiple policy files for the same codesource
- support for directories of policy files, just specify directory and all *.policy files will be loaded.
Possible additions are:
- scan policy directory for new policy files being added
- jmx reporting
- proxying of system security policy where we can proxy access to the system policy should the jvm have been started with one, I had support for this but ripped it
out to add in again later
- an xml policy file parser, had originally added this using modello but tore it out since it would have been a
nightmare to get its dependencies through IP validation, could do this with jvm xml parser instead sometime
- check performance of the synch'd map I am using for the protection domain mapping
Nested classes/interfaces inherited from class java.security.Policy |
java.security.Policy.Parameters |
Fields inherited from class java.security.Policy |
UNSUPPORTED_EMPTY_COLLECTION |
Constructor Summary |
JettyPolicy(java.lang.String policyDirectory,
java.util.Map<java.lang.String,java.lang.String> properties)
|
Methods inherited from class java.security.Policy |
getInstance, getInstance, getInstance, getParameters, getPolicy, getProvider, getType, setPolicy |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
JettyPolicy
public JettyPolicy(java.lang.String policyDirectory,
java.util.Map<java.lang.String,java.lang.String> properties)
refresh
public void refresh()
- Overrides:
refresh
in class java.security.Policy
initialize
public void initialize()
- required for the jetty policy to start function, initializes the
policy monitor and blocks for a full cycle of policy grant updates
getPermissions
public java.security.PermissionCollection getPermissions(java.security.ProtectionDomain domain)
- Overrides:
getPermissions
in class java.security.Policy
getPermissions
public java.security.PermissionCollection getPermissions(java.security.CodeSource codesource)
- Overrides:
getPermissions
in class java.security.Policy
implies
public boolean implies(java.security.ProtectionDomain domain,
java.security.Permission permission)
- Overrides:
implies
in class java.security.Policy
getContext
public static PolicyContext getContext()
- returns the policy context which contains the map of properties that
can be referenced in policy files and the keystore for validation
- Returns:
- the policy context
dump
public void dump(java.io.PrintStream out)
getCertificateValidator
public CertificateValidator getCertificateValidator()
setCertificateValidator
public void setCertificateValidator(CertificateValidator validator)
Copyright © 2013. All Rights Reserved.