|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.ecyrd.jspwiki.auth.PolicyLoader
public class PolicyLoader
Initializes JVM configurations for JAAS and Java 2 security policy. Callers
can use the static methods in this class (isJaasConfigured()
and isSecurityPolicyConfigured()
) to inquire whether a JAAS
login configuration exists, or whether a custom Java security policy is in
use. Additional methods allow callers to set the JAAS and security policy
configurations to supplied URLs (setJaasConfiguration(URL)
and setSecurityPolicy(URL)
).
If either the JAAS configuration and security policy are set using methods in
this class, the resulting configuration or policy is global to the
JVM. Thus, in a multi-webapp scenario, this means that the first webapp to be
loaded by the container wins. Thus, for containers hosting multiple wikis,
the administrator will need to manually configure the
java.security.policy
and
java.security.auth.login.config properties
. In other words,
multi-wiki deployments will always require manual (one-time) configuration.
The security policy-related methods isSecurityPolicyConfigured()
and setSecurityPolicy(URL)
) assume that:
sun.security.provider.PolicyFile
. This should be a safe
assumption in most cases, although recent versions of WebSphere and WebLogic
use custom Policy implementations. If the Policy implementation is not of
type PolicyFile, the policy installation fails. This assumption may be
relaxed in the future; the important question is whether the Policy
implementation parses standard policy files (versus XML, for example), not
whether the implementing class is of type PolicyFile per se.-Djava.security.policy==jspwiki.policy
). Note that Tomcat 4
and higher, when run using the "-security" option, does this.To interoperate with any container running a security policy, the container's JVM security policy should include a short set of permission grant similar to the following:
keystore "jspwiki.jks";
...
grant signedBy "jspwiki" {
permission java.security.SecurityPermission, "getPolicy";
permission java.security.SecurityPermission, "setPolicy";
permission java.util.PropertyPermission "java.security.auth.login.config", "write";
permission java.util.PropertyPermission "java.security.policy", "read,write";
permission javax.security.auth.AuthPermission, "getLoginConfiguration";
permission javax.security.auth.AuthPermission, "setLoginConfiguration";
};
The signedBy
value should match the alias of a digital
certificate in the named keystore ( e.g. , jspwiki.jks
).
If the full path to the keystore is not suppled, it is assumed to be in the
same directory as the policy file.
Field Summary | |
---|---|
protected static org.apache.log4j.Logger |
log
|
Method Summary | |
---|---|
static boolean |
isJaasConfigured()
Returns true if the JAAS login configuration exists. |
static boolean |
isSecurityPolicyConfigured()
Returns true if a custom Java security policy configuration
exists. |
static void |
setJaasConfiguration(URL url)
Sets the JAAS login configuration file, overwriting the existing configuration. |
static void |
setSecurityPolicy(URL url)
Sets the Java security policy, overwriting any custom policy settings. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected static final org.apache.log4j.Logger log
Method Detail |
---|
public static boolean isJaasConfigured() throws SecurityException
Returns true
if the JAAS login configuration exists.
Normally, JAAS is configured by setting the system property
java.security.auth.login.config
at JVM startup.
This method attempts to perform a highly privileged operation. If the JVM runs with a SecurityManager, the following permission must be granted to the codesource containing this class:
- permission javax.security.auth.AuthPermission,
"getLoginConfiguration"
true
if
Configuration.getConfiguration()
is not null
; false
otherwise.
SecurityException
- if the codesource containing this class posesses
insufficient permmissions when running with a SecurityManagerpublic static boolean isSecurityPolicyConfigured() throws SecurityException
Returns true
if a custom Java security policy configuration
exists. Normally, the Java security policy is configured by setting the
system property java.security.policy
at JVM startup.
This method attempts to perform a highly privileged operation. If the JVM runs with a SecurityManager, the following permission must be granted to the codesource containing this class:
- permission java.util.PropertyPermission
"java.security.policy", "read"
true
if the system property
java.security.policy
is not null
;
false
otherwise.
SecurityException
- if the codesource containing this class posesses
insufficient permmissions when running with a SecurityManagerpublic static void setJaasConfiguration(URL url) throws SecurityException
This method attempts to perform several highly privileged operations. If the JVM runs with a SecurityManager, the following permissions must be granted to the codesource containing this class:
- permission java.util.PropertyPermission
"java.security.auth.login.config", "write"
- permission javax.security.auth.AuthPermission,
"getLoginConfiguration"
- permission javax.security.auth.AuthPermission,
"setLoginConfiguration"
url
- the URL of the login configuration file. If the URL contains
properties such as ${java.home}
, they will be
expanded.
SecurityException
- if:
null
public static void setSecurityPolicy(URL url) throws SecurityException
Sets the Java security policy, overwriting any custom policy settings. This
method sets the value of the system property
java.security.policy
to the supplied URL, then calls
Policy.setPolicy(java.security.Policy)
with a
newly-instantiated instance of
sun.security.provider.PolicyFile
(the J2SE default
implementation). The new Policy, once set, reloads the default system
policies enumerated by the policy.url.n
entries in
JAVA_HOME/lib/security/java.policy
, followed by the
user-supplied policy file.
This method attempts to perform several highly privileged operations. If the JVM runs with a SecurityManager, the following permissions must be granted to the codesource containing this class:
- permission java.security.SecurityPermission, "getPolicy"
- permission java.security.SecurityPermission, "setPolicy"
- permission java.util.PropertyPermission}
"java.security.policy", "write"
url
- the URL of the security policy file. If the URL contains
properties such as ${java.home}
, they will be
expanded.
SecurityException
- if:
null
sun.security.provider.PolicyFile
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |