DefaultPolicyParser Class Reference

Detailed Description

This is a basic loader of policy files.

It delegates lexical analysis to a pluggable scanner and converts received tokens to a set of PolicyEntries. For details of policy format, see the default policy description.
For ordinary uses, this class has just one public method parse(), which performs the main task. Extensions of this parser may redefine specific operations separately, by overriding corresponding protected methods.
This implementation is effectively thread-safe, as it has no field references to data being processed (that is, passes all the data as method parameters).

See also:

org.apache.harmony.security.DefaultPolicy

org.apache.harmony.security.DefaultPolicyScanner

org.apache.harmony.security.PolicyEntry


Public Member Functions
	DefaultPolicyParser ()
	Default constructor, DefaultPolicyScanner is used.
	DefaultPolicyParser (DefaultPolicyScanner s)
	Extension constructor for plugging-in custom scanner.
Collection< PolicyEntry >	parse (URL location, Properties system) throws Exception
	This is the main business method.
Protected Member Functions
PolicyEntry	resolveGrant (DefaultPolicyScanner.GrantEntry ge, KeyStore ks, Properties system, boolean resolve) throws Exception
	Translates GrantEntry token to PolicyEntry object.
Permission	resolvePermission (DefaultPolicyScanner.PermissionEntry pe, DefaultPolicyScanner.GrantEntry ge, KeyStore ks, Properties system, boolean resolve) throws Exception
	Translates PermissionEntry token to Permission object.
Certificate[]	resolveSigners (KeyStore ks, String signers) throws Exception
	Takes a comma-separated list of aliases and obtains corresponding certificates.
Principal	getPrincipalByAlias (KeyStore ks, String alias) throws KeyStoreException, CertificateException
	Returns a subject's X500Principal of an X509Certificate, which is associated with the specified keystore alias.
KeyStore	initKeyStore (List< KeystoreEntry >keystores, URL base, Properties system, boolean resolve)
	Returns the first successfully loaded KeyStore, from the specified list of possible locations.
Private Attributes
final DefaultPolicyScanner	scanner
Classes
class	PermissionExpander
	Specific handler for expanding self and alias protocols. More...

Constructor & Destructor Documentation

DefaultPolicyParser ( )

Default constructor, DefaultPolicyScanner is used.

DefaultPolicyParser ( DefaultPolicyScanner s )

Extension constructor for plugging-in custom scanner.

Member Function Documentation

Collection<PolicyEntry> parse	(	URL	location,
		Properties	system
	)			throws Exception

This is the main business method.

It manages loading process as follows: the associated scanner is used to parse the stream to a set of composite tokens, then this set is iterated and each token is translated to a PolicyEntry. Semantically invalid tokens are ignored, the same as void PolicyEntries.
A policy file may refer to some KeyStore(s), and in this case the first valid reference is initialized and used in processing tokens.

Parameters:

	location	an URL of a policy file to be loaded
	system	system properties, used for property expansion

Returns:: a collection of PolicyEntry objects, may be empty

Exceptions:

Exception

IO error while reading location or file syntax error

PolicyEntry resolveGrant	(	DefaultPolicyScanner.GrantEntry	ge,
		KeyStore	ks,
		Properties	system,
		boolean	resolve
	)			throws Exception `[protected]`

Translates GrantEntry token to PolicyEntry object.

It goes step by step, trying to resolve each component of the GrantEntry:

If codebase is specified, expand it and construct an URL.
If signers is specified, expand it and obtain corresponding Certificates.
If principals collection is specified, iterate over it. For each PrincipalEntry, expand name and if no class specified, resolve actual X500Principal from a KeyStore certificate; otherwise keep it as UnresolvedPrincipal.
Iterate over permissions collection. For each PermissionEntry, try to resolve (see method resolvePermission()) a corresponding permission. If resolution failed, ignore the PermissionEntry.

In fact, property expansion in the steps above is conditional and is ruled by the parameter resolve.
Finally a new PolicyEntry is created, which associates the trinity of resolved URL, Certificates and Principals to a set of granted Permissions.

Parameters:

	ge	GrantEntry token to be resolved
	ks	KeyStore for resolving Certificates, may be `null`
	system	system properties, used for property expansion
	resolve	flag enabling/disabling property expansion

Returns:: resolved PolicyEntry

Exceptions:

Exception

if unable to resolve codebase, signers or principals of the GrantEntry

See also:

DefaultPolicyScanner.PrincipalEntry

DefaultPolicyScanner.PermissionEntry

org.apache.harmony.security.PolicyUtils

Permission resolvePermission	(	DefaultPolicyScanner.PermissionEntry	pe,
		DefaultPolicyScanner.GrantEntry	ge,
		KeyStore	ks,
		Properties	system,
		boolean	resolve
	)			throws Exception `[protected]`

Translates PermissionEntry token to Permission object.

First, it performs general expansion for non-null name and properties expansion for non-null name, action and signers. Then, it obtains signing Certificates(if any), tries to find a class specified by klass name and instantiate a corresponding permission object. If class is not found or it is signed improperly, returns UnresolvedPermission.

Parameters:

	pe	PermissionEntry token to be resolved
	ge	parental GrantEntry of the PermissionEntry
	ks	KeyStore for resolving Certificates, may be `null`
	system	system properties, used for property expansion
	resolve	flag enabling/disabling property expansion

Returns:: resolved Permission object, either of concrete class or UnresolvedPermission

Exceptions:

Exception

if failed to expand properties, or to get a Certificate, or to create an instance of a successfully found class

Certificate [] resolveSigners	(	KeyStore	ks,
		String	signers
	)			throws Exception `[protected]`

Takes a comma-separated list of aliases and obtains corresponding certificates.

Parameters:

	ks	KeyStore for resolving Certificates, may be `null`
	signers	comma-separated list of certificate aliases, must be not `null`

Returns:: an array of signing Certificates

Exceptions:

Exception if KeyStore is null or if it failed to provide a certificate

Principal getPrincipalByAlias	(	KeyStore	ks,
		String	alias
	)			throws KeyStoreException, CertificateException `[protected]`

Returns a subject's X500Principal of an X509Certificate, which is associated with the specified keystore alias.

Parameters:

	ks	KeyStore for resolving Certificate, may be `null`
	alias	alias to a certificate

Returns:: X500Principal with a subject distinguished name

Exceptions:

	KeyStoreException	if KeyStore is `null` or if it failed to provide a certificate
	CertificateException	if found certificate is not an X509Certificate

KeyStore initKeyStore	(	List< KeystoreEntry >	keystores,
		URL	base,
		Properties	system,
		boolean	resolve
	)			`[protected]`

Returns the first successfully loaded KeyStore, from the specified list of possible locations.

This method iterates over the list of KeystoreEntries; for each entry expands url and type, tries to construct instances of specified URL and KeyStore and to load the keystore. If it is loaded, returns the keystore, otherwise proceeds to the next KeystoreEntry.
Note: an url may be relative to the policy file location or absolute.

Parameters:

	keystores	list of available KeystoreEntries
	base	the policy file location
	system	system properties, used for property expansion
	resolve	flag enabling/disabling property expansion

Returns:: the first successfully loaded KeyStore or null

Member Data Documentation

final DefaultPolicyScanner scanner [private]

Ja.NET Standard Edition 5.0

Documentation API Specification

DefaultPolicyParser Class Reference

Detailed Description

Public Member Functions

Protected Member Functions

Private Attributes

Classes

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation