Top Description Inners Fields Constructors Methods
sun.security.provider

public Class PolicyParser

extends Object
Class Inheritance
Imports
java.io.*, java.security.GeneralSecurityException, .Principal, java.util.*, javax.security.auth.x500.X500Principal, sun.security.util.Debug, .PropertyExpander, .LocalizedMessage
The policy for a Java runtime (specifying which permissions are available for code from various principals) is represented as a separate persistent configuration. The configuration may be stored as a flat ASCII file, as a serialized binary file of the Policy class, or as a database.

The Java runtime creates one global Policy object, which is used to represent the static policy configuration file. It is consulted by a ProtectionDomain when the protection domain initializes its set of permissions.

The Policy init method parses the policy configuration file, and then populates the Policy object. The Policy object is agnostic in that it is not involved in making policy decisions. It is merely the Java runtime representation of the persistent policy configuration file.

When a protection domain needs to initialize its set of permissions, it executes code such as the following to ask the global Policy object to populate a Permissions object with the appropriate permissions: 

 policy = Policy.getPolicy();
 Permissions perms = policy.getPermissions(protectiondomain)

The protection domain contains a CodeSource object, which encapsulates its codebase (URL) and public key attributes. It also contains the principals associated with the domain. The Policy object evaluates the global policy in light of whom the principal is and what the code source is and returns an appropriate Permissions object.

Authors
Roland Schemers, Ram Marti
Since
1.2

Nested and Inner Type Summary

Modifier and TypeClass and Description
pack-priv static class
PolicyParser.DomainEntry

Each domain entry in the keystore domain configuration file is represented by a DomainEntry object.

public static class
PolicyParser.GrantEntry

Each grant entry in the policy configuration file is represented by a GrantEntry object.

pack-priv static class
PolicyParser.KeyStoreEntry

Each keystore entry in the keystore domain configuration file is represented by a KeyStoreEntry object.

public static class
PolicyParser.ParsingException

public static class
PolicyParser.PermissionEntry

Each permission entry in the policy configuration file is represented by a PermissionEntry object.

public static class
PolicyParser.PrincipalEntry

Principal info (class and name) in a grant entry

Field Summary

Modifier and TypeField and Description
private static final Debug
debug

private Map<String, PolicyParser.DomainEntry>
domainEntries

private boolean
expandProp

private final Vector<PolicyParser.GrantEntry>
grantEntries

private String
keyStoreProvider

private String
keyStoreType

private String
keyStoreUrlString

private int
lookahead

private StreamTokenizer
st

private String
storePassURL

Constructor Summary

AccessConstructor and Description
public
PolicyParser()

Creates a PolicyParser object.

public
PolicyParser(boolean expandProp)

Method Summary

Modifier and TypeMethod and Description
public void
add(PolicyParser.GrantEntry ge)

private String
expand(String value)

private String
expand(String value, boolean encodeURL)

public Collection<PolicyParser.DomainEntry>
getDomainEntries()

public String
getKeyStoreProvider()

public String
getKeyStoreType()

public String
getKeyStoreUrl()

Returns the (possibly expanded) keystore location, or null if the expansion fails.

public String
getStorePassURL()

public Enumeration<PolicyParser.GrantEntry>
grantElements()

Enumerate all the entries in the global policy object.

public static void
main(String[] arg)

private String
match(String expect)

private PolicyParser.DomainEntry
parseDomainEntry()

parse a domain entry

private PolicyParser.GrantEntry
parseGrantEntry()

parse a Grant entry

private void
parseKeyStoreEntry()

parses a keystore entry

private PolicyParser.PermissionEntry
parsePermissionEntry()

parse a Permission entry

private Map<String, String>
parseProperties(String terminator)

private void
parseStorePassURL()

private boolean
peek(String expect)

private boolean
peekAndMatch(String expect)

public void
read(Reader
the policy Reader object.
policy)

Reads a policy configuration into the Policy object using a Reader object.

public boolean
remove(PolicyParser.GrantEntry ge)

public void
replace(PolicyParser.GrantEntry origGe, PolicyParser.GrantEntry newGe)

public void
setKeyStoreProvider(String provider)

public void
setKeyStoreType(String type)

public void
setKeyStoreUrl(String url)

public void
setStorePassURL(String storePassURL)

private void
skipEntry()

skip all tokens for this entry leaving the delimiter ";" in the stream.

public void
write(Writer policy)

write out the policy

private void
writeKeyStoreEntry(PrintWriter out)

writes the (unexpanded) keystore entry

private void
writeStorePassURL(PrintWriter out)

Inherited from java.lang.Object:
cloneequalsfinalizegetClasshashCodenotifynotifyAlltoStringwaitwaitwait

Field Detail

debugback to summary
private static final Debug debug
domainEntriesback to summary
private Map<String, PolicyParser.DomainEntry> domainEntries
expandPropback to summary
private boolean expandProp
grantEntriesback to summary
private final Vector<PolicyParser.GrantEntry> grantEntries
keyStoreProviderback to summary
private String keyStoreProvider
keyStoreTypeback to summary
private String keyStoreType
keyStoreUrlStringback to summary
private String keyStoreUrlString
lookaheadback to summary
private int lookahead
stback to summary
private StreamTokenizer st
storePassURLback to summary
private String storePassURL

Constructor Detail

PolicyParserback to summary
public PolicyParser()

Creates a PolicyParser object.

PolicyParserback to summary
public PolicyParser(boolean expandProp)

Method Detail

addback to summary
public void add(PolicyParser.GrantEntry ge)
expandback to summary
private String expand(String value) throws ExpandException
expandback to summary
private String expand(String value, boolean encodeURL) throws ExpandException
getDomainEntriesback to summary
public Collection<PolicyParser.DomainEntry> getDomainEntries()
getKeyStoreProviderback to summary
public String getKeyStoreProvider()
getKeyStoreTypeback to summary
public String getKeyStoreType()
getKeyStoreUrlback to summary
public String getKeyStoreUrl()

Returns the (possibly expanded) keystore location, or null if the expansion fails.

getStorePassURLback to summary
public String getStorePassURL()
grantElementsback to summary
public Enumeration<PolicyParser.GrantEntry> grantElements()

Enumerate all the entries in the global policy object. This method is used by policy admin tools. The tools should use the Enumeration methods on the returned object to fetch the elements sequentially.

mainback to summary
public static void main(String[] arg) throws Exception
matchback to summary
private String match(String expect) throws ParsingException, IOException
parseDomainEntryback to summary
private PolicyParser.DomainEntry parseDomainEntry() throws ParsingException, IOException

parse a domain entry

parseGrantEntryback to summary
private PolicyParser.GrantEntry parseGrantEntry() throws ParsingException, IOException

parse a Grant entry

parseKeyStoreEntryback to summary
private void parseKeyStoreEntry() throws ParsingException, IOException

parses a keystore entry

parsePermissionEntryback to summary
private PolicyParser.PermissionEntry parsePermissionEntry() throws ParsingException, IOException, ExpandException

parse a Permission entry

parsePropertiesback to summary
private Map<String, String> parseProperties(String terminator) throws ParsingException, IOException
parseStorePassURLback to summary
private void parseStorePassURL() throws ParsingException, IOException
peekback to summary
private boolean peek(String expect)
peekAndMatchback to summary
private boolean peekAndMatch(String expect) throws ParsingException, IOException
readback to summary
public void read(Reader policy) throws ParsingException, IOException

Reads a policy configuration into the Policy object using a Reader object.

Parameters
policy:Reader

the policy Reader object.

Exceptions
ParsingException:
if the policy configuration contains a syntax error.
IOException:
if an error occurs while reading the policy configuration.
removeback to summary
public boolean remove(PolicyParser.GrantEntry ge)
replaceback to summary
public void replace(PolicyParser.GrantEntry origGe, PolicyParser.GrantEntry newGe)
setKeyStoreProviderback to summary
public void setKeyStoreProvider(String provider)
setKeyStoreTypeback to summary
public void setKeyStoreType(String type)
setKeyStoreUrlback to summary
public void setKeyStoreUrl(String url)
setStorePassURLback to summary
public void setStorePassURL(String storePassURL)
skipEntryback to summary
private void skipEntry() throws ParsingException, IOException

skip all tokens for this entry leaving the delimiter ";" in the stream.

writeback to summary
public void write(Writer policy)

write out the policy

writeKeyStoreEntryback to summary
private void writeKeyStoreEntry(PrintWriter out)

writes the (unexpanded) keystore entry

writeStorePassURLback to summary
private void writeStorePassURL(PrintWriter out)
sun.security.provider back to summary

pack-priv Class PolicyParser.DomainEntry

extends Object
Class Inheritance
Each domain entry in the keystore domain configuration file is represented by a DomainEntry object.

Field Summary

Modifier and TypeField and Description
private final Map<String, PolicyParser.KeyStoreEntry>
entries

private final String
name

private final Map<String, String>
properties

Constructor Summary

AccessConstructor and Description
pack-priv
DomainEntry(String name, Map<String, String> properties)

Method Summary

Modifier and TypeMethod and Description
pack-priv void
add(PolicyParser.KeyStoreEntry entry)

pack-priv Collection<PolicyParser.KeyStoreEntry>
getEntries()

pack-priv String
getName()

pack-priv Map<String, String>
getProperties()

public String
toString()

Overrides java.lang.Object.toString.

Returns a string representation of the object.

Inherited from java.lang.Object:
cloneequalsfinalizegetClasshashCodenotifynotifyAllwaitwaitwait

Field Detail

entriesback to summary
private final Map<String, PolicyParser.KeyStoreEntry> entries
nameback to summary
private final String name
propertiesback to summary
private final Map<String, String> properties

Constructor Detail

DomainEntryback to summary
pack-priv DomainEntry(String name, Map<String, String> properties)

Method Detail

addback to summary
pack-priv void add(PolicyParser.KeyStoreEntry entry) throws ParsingException
getEntriesback to summary
pack-priv Collection<PolicyParser.KeyStoreEntry> getEntries()
getNameback to summary
pack-priv String getName()
getPropertiesback to summary
pack-priv Map<String, String> getProperties()
toStringback to summary
public String toString()

Overrides java.lang.Object.toString.

Doc from java.lang.Object.toString.

Returns a string representation of the object. Satisfying this method's contract implies a non-null result must be returned.

Returns:String

a string representation of the object

Annotations
@Override
sun.security.provider back to summary

public Class PolicyParser.GrantEntry

extends Object
Class Inheritance
Each grant entry in the policy configuration file is represented by a GrantEntry object.

For example, the entry 

     grant signedBy "Duke" {
         permission java.io.FilePermission "/tmp", "read,write";
     };
is represented internally 

pe = new PermissionEntry("java.io.FilePermission",
                          "/tmp", "read,write");

ge = new GrantEntry("Duke", null);

ge.add(pe);
Author
Roland Schemers version 1.19, 05/21/98

Field Summary

Modifier and TypeField and Description
public String
codeBase

public Vector<PolicyParser.PermissionEntry>
permissionEntries

public LinkedList<PolicyParser.PrincipalEntry>
principals

public String
signedBy

Constructor Summary

AccessConstructor and Description
public
GrantEntry()

public
GrantEntry(String signedBy, String codeBase)

Method Summary

Modifier and TypeMethod and Description
public void
add(PolicyParser.PermissionEntry pe)

public Object
clone()

Overrides java.lang.Object.clone.

Creates and returns a copy of this object.

public boolean
contains(PolicyParser.PrincipalEntry pe)

public boolean
contains(PolicyParser.PermissionEntry pe)

public Enumeration<PolicyParser.PermissionEntry>
permissionElements()

Enumerate all the permission entries in this GrantEntry.

public boolean
remove(PolicyParser.PrincipalEntry pe)

public boolean
remove(PolicyParser.PermissionEntry pe)

public void
write(PrintWriter out)

Inherited from java.lang.Object:
equalsfinalizegetClasshashCodenotifynotifyAlltoStringwaitwaitwait

Field Detail

codeBaseback to summary
public String codeBase
permissionEntriesback to summary
public Vector<PolicyParser.PermissionEntry> permissionEntries
principalsback to summary
public LinkedList<PolicyParser.PrincipalEntry> principals
signedByback to summary
public String signedBy

Constructor Detail

GrantEntryback to summary
public GrantEntry()
GrantEntryback to summary
public GrantEntry(String signedBy, String codeBase)

Method Detail

addback to summary
public void add(PolicyParser.PermissionEntry pe)
cloneback to summary
public Object clone()

Overrides java.lang.Object.clone.

Doc from java.lang.Object.clone.

Creates and returns a copy of this object. The precise meaning of "copy" may depend on the class of the object. The general intent is that, for any object x, the expression: 

x.clone() != x
will be true, and that the expression: 
x.clone().getClass() == x.getClass()
will be true, but these are not absolute requirements. While it is typically the case that: 
x.clone().equals(x)
will be true, this is not an absolute requirement.

By convention, the returned object should be obtained by calling super.clone. If a class and all of its superclasses (except Object) obey this convention, it will be the case that x.clone().getClass() == x.getClass().

By convention, the object returned by this method should be independent of this object (which is being cloned). To achieve this independence, it may be necessary to modify one or more fields of the object returned by super.clone before returning it. Typically, this means copying any mutable objects that comprise the internal "deep structure" of the object being cloned and replacing the references to these objects with references to the copies. If a class contains only primitive fields or references to immutable objects, then it is usually the case that no fields in the object returned by super.clone need to be modified.

Returns:Object

a clone of this instance.

containsback to summary
public boolean contains(PolicyParser.PrincipalEntry pe)
containsback to summary
public boolean contains(PolicyParser.PermissionEntry pe)
permissionElementsback to summary
public Enumeration<PolicyParser.PermissionEntry> permissionElements()

Enumerate all the permission entries in this GrantEntry.

removeback to summary
public boolean remove(PolicyParser.PrincipalEntry pe)
removeback to summary
public boolean remove(PolicyParser.PermissionEntry pe)
writeback to summary
public void write(PrintWriter out)
sun.security.provider back to summary

pack-priv Class PolicyParser.KeyStoreEntry

extends Object
Class Inheritance
Each keystore entry in the keystore domain configuration file is represented by a KeyStoreEntry object.

Field Summary

Modifier and TypeField and Description
private final String
name

private final Map<String, String>
properties

Constructor Summary

AccessConstructor and Description
pack-priv
KeyStoreEntry(String name, Map<String, String> properties)

Method Summary

Modifier and TypeMethod and Description
pack-priv String
getName()

pack-priv Map<String, String>
getProperties()

public String
toString()

Overrides java.lang.Object.toString.

Returns a string representation of the object.

Inherited from java.lang.Object:
cloneequalsfinalizegetClasshashCodenotifynotifyAllwaitwaitwait

Field Detail

nameback to summary
private final String name
propertiesback to summary
private final Map<String, String> properties

Constructor Detail

KeyStoreEntryback to summary
pack-priv KeyStoreEntry(String name, Map<String, String> properties)

Method Detail

getNameback to summary
pack-priv String getName()
getPropertiesback to summary
pack-priv Map<String, String> getProperties()
toStringback to summary
public String toString()

Overrides java.lang.Object.toString.

Doc from java.lang.Object.toString.

Returns a string representation of the object. Satisfying this method's contract implies a non-null result must be returned.

Returns:String

a string representation of the object

Annotations
@Override
sun.security.provider back to summary

public Class PolicyParser.ParsingException

extends GeneralSecurityException
Class Inheritance

Field Summary

Modifier and TypeField and Description
private String
i18nMessage

private LocalizedMessage
localizedMsg

private static final long
serialVersionUID

Hides java.security.GeneralSecurityException.serialVersionUID.

private Object[]
source

Constructor Summary

AccessConstructor and Description
public
ParsingException(String
the detail message.
msg)

Constructs a ParsingException with the specified detail message.

public
ParsingException(String msg, LocalizedMessage localizedMsg, Object[] source)

public
ParsingException(int line, String msg)

public
ParsingException(int line, String expect, String actual)

Method Summary

Modifier and TypeMethod and Description
public String
getNonlocalizedMessage()

Field Detail

i18nMessageback to summary
private String i18nMessage
localizedMsgback to summary
private LocalizedMessage localizedMsg
Annotations
@SuppressWarnings:serial
serialVersionUIDback to summary
private static final long serialVersionUID

Hides java.security.GeneralSecurityException.serialVersionUID.

Annotations
@Serial
sourceback to summary
private Object[] source
Annotations
@SuppressWarnings:serial

Constructor Detail

ParsingExceptionback to summary
public ParsingException(String msg)

Constructs a ParsingException with the specified detail message. A detail message is a String that describes this particular exception, which may, for example, specify which algorithm is not available.

Parameters
msg:String

the detail message.

ParsingExceptionback to summary
public ParsingException(String msg, LocalizedMessage localizedMsg, Object[] source)
ParsingExceptionback to summary
public ParsingException(int line, String msg)
ParsingExceptionback to summary
public ParsingException(int line, String expect, String actual)

Method Detail

getNonlocalizedMessageback to summary
public String getNonlocalizedMessage()
sun.security.provider back to summary

public Class PolicyParser.PermissionEntry

extends Object
Class Inheritance
Each permission entry in the policy configuration file is represented by a PermissionEntry object.

For example, the entry 

         permission java.io.FilePermission "/tmp", "read,write";
is represented internally 

pe = new PermissionEntry("java.io.FilePermission",
                          "/tmp", "read,write");
Author
Roland Schemers version 1.19, 05/21/98

Field Summary

Modifier and TypeField and Description
public String
action

public String
name

public String
permission

public String
signedBy

Constructor Summary

AccessConstructor and Description
public
PermissionEntry()

public
PermissionEntry(String permission, String name, String action)

Method Summary

Modifier and TypeMethod and Description
public boolean
equals(Object
the reference object with which to compare.
obj)

Overrides java.lang.Object.equals.

Indicates whether some other object is "equal to" this one.

public int
hashCode()

Overrides java.lang.Object.hashCode.

Calculates a hash code value for the object.

public void
write(PrintWriter out)

Inherited from java.lang.Object:
clonefinalizegetClassnotifynotifyAlltoStringwaitwaitwait

Field Detail

actionback to summary
public String action
nameback to summary
public String name
permissionback to summary
public String permission
signedByback to summary
public String signedBy

Constructor Detail

PermissionEntryback to summary
public PermissionEntry()
PermissionEntryback to summary
public PermissionEntry(String permission, String name, String action)

Method Detail

equalsback to summary
public boolean equals(Object obj)

Overrides java.lang.Object.equals.

Doc from java.lang.Object.equals.

Indicates whether some other object is "equal to" this one.

The equals method implements an equivalence relation on non-null object references:

  • It is reflexive: for any non-null reference value x, x.equals(x) should return true.
  • It is symmetric: for any non-null reference values x and y, x.equals(y) should return true if and only if y.equals(x) returns true.
  • It is transitive: for any non-null reference values x, y, and z, if x.equals(y) returns true and y.equals(z) returns true, then x.equals(z) should return true.
  • It is consistent: for any non-null reference values x and y, multiple invocations of x.equals(y) consistently return true or consistently return false, provided no information used in equals comparisons on the objects is modified.
  • For any non-null reference value x, x.equals(null) should return false.

An equivalence relation partitions the elements it operates on into equivalence classes; all the members of an equivalence class are equal to each other. Members of an equivalence class are substitutable for each other, at least for some purposes.

Parameters
obj:Object

the reference object with which to compare.

Returns:boolean

true if this object is the same as the obj argument; false otherwise.

Annotations
@Override
hashCodeback to summary
public int hashCode()

Overrides java.lang.Object.hashCode.

Calculates a hash code value for the object. Objects which are equal will also have the same hashcode.

Returns:int

Doc from java.lang.Object.hashCode.

a hash code value for this object

Annotations
@Override
writeback to summary
public void write(PrintWriter out)
sun.security.provider back to summary

public Class PolicyParser.PrincipalEntry

extends Object
implements Principal
Class Inheritance
All Implemented Interfaces
java.security.Principal
Principal info (class and name) in a grant entry

Field Summary

Modifier and TypeField and Description
pack-priv String
principalClass

pack-priv String
principalName

public static final String
REPLACE_NAME

public static final String
WILDCARD_CLASS

public static final String
WILDCARD_NAME

Constructor Summary

AccessConstructor and Description
public
PrincipalEntry(String
the Principal class
principalClass, String
the Principal name
principalName)

A PrincipalEntry consists of the Principal class and Principal name.

Method Summary

Modifier and TypeMethod and Description
public boolean

Returns:

true if the objects are equal, false otherwise
equals(Object
the object to test for equality with this object
obj)

Overrides java.lang.Object.equals.

Implements java.security.Principal.equals.

Test for equality between the specified object and this object.

public String
getDisplayClass()

public String
getDisplayName()

public String
getDisplayName(boolean addQuote)

public String
getName()

Implements java.security.Principal.getName.

Returns the name of this Principal.

public String
getPrincipalClass()

public String
getPrincipalName()

public int

Returns:

a hashcode for this PrincipalEntry
hashCode()

Overrides java.lang.Object.hashCode.

Implements java.security.Principal.hashCode.

Returns a hashcode for this PrincipalEntry.

pack-priv boolean
isReplaceName()

pack-priv boolean
isWildcardClass()

pack-priv boolean
isWildcardName()

public String
toString()

Overrides java.lang.Object.toString.

Implements java.security.Principal.toString.

Returns a string representation of this Principal.

public void
write(PrintWriter out)

Inherited from java.lang.Object:
clonefinalizegetClassnotifynotifyAllwaitwaitwait

Field Detail

principalClassback to summary
pack-priv String principalClass
principalNameback to summary
pack-priv String principalName
REPLACE_NAMEback to summary
public static final String REPLACE_NAME
WILDCARD_CLASSback to summary
public static final String WILDCARD_CLASS
WILDCARD_NAMEback to summary
public static final String WILDCARD_NAME

Constructor Detail

PrincipalEntryback to summary
public PrincipalEntry(String principalClass, String principalName)

A PrincipalEntry consists of the Principal class and Principal name.

Parameters
principalClass:String

the Principal class

principalName:String

the Principal name

Exceptions
NullPointerException:
if principalClass or principalName are null

Method Detail

equalsback to summary
public boolean equals(Object obj)

Overrides java.lang.Object.equals.

Implements java.security.Principal.equals.

Test for equality between the specified object and this object. Two PrincipalEntries are equal if their class and name values are equal.

Parameters
obj:Object

the object to test for equality with this object

Returns:boolean

true if the objects are equal, false otherwise

Annotations
@Override
getDisplayClassback to summary
public String getDisplayClass()
getDisplayNameback to summary
public String getDisplayName()
getDisplayNameback to summary
public String getDisplayName(boolean addQuote)
getNameback to summary
public String getName()

Implements java.security.Principal.getName.

Doc from java.security.Principal.getName.

Returns the name of this Principal.

Returns:String

the name of this Principal.

Annotations
@Override
getPrincipalClassback to summary
public String getPrincipalClass()
getPrincipalNameback to summary
public String getPrincipalName()
hashCodeback to summary
public int hashCode()

Overrides java.lang.Object.hashCode.

Implements java.security.Principal.hashCode.

Returns a hashcode for this PrincipalEntry.

Returns:int

a hashcode for this PrincipalEntry

Annotations
@Override
isReplaceNameback to summary
pack-priv boolean isReplaceName()
isWildcardClassback to summary
pack-priv boolean isWildcardClass()
isWildcardNameback to summary
pack-priv boolean isWildcardName()
toStringback to summary
public String toString()

Overrides java.lang.Object.toString.

Implements java.security.Principal.toString.

Doc from java.security.Principal.toString.

Returns a string representation of this Principal.

Returns:String

a string representation of this Principal.

Annotations
@Override
writeback to summary
public void write(PrintWriter out)