class DefaultPolicyParser extends Object implements PolicyParser
PermissionGrant's
.
For details of policy format, which should be identical to Sun's Java Policy
files see the
default policy description
.
parse()
,
which performs the main task.
Extensions of this parser may redefine specific operations separately,
by overriding corresponding protected methods.
ConcurrentPolicyFile
,
DefaultPolicyScanner
,
PermissionGrant
Modifier and Type | Class and Description |
---|---|
(package private) class |
DefaultPolicyParser.PermissionExpander
Specific handler for expanding self and alias protocols.
|
Modifier and Type | Field and Description |
---|---|
private DefaultPolicyScanner |
scanner |
Constructor and Description |
---|
DefaultPolicyParser()
Default constructor,
DefaultPolicyScanner
is used. |
DefaultPolicyParser(DefaultPolicyScanner s)
Extension constructor for plugging-in custom scanner.
|
Modifier and Type | Method and Description |
---|---|
(package private) Collection<String> |
expandURLs(String s,
Properties p) |
(package private) Principal |
getPrincipalByAlias(KeyStore ks,
String alias)
Returns a subject's X500Principal of an X509Certificate,
which is associated with the specified keystore alias.
|
(package private) String |
getURI(String uriString) |
(package private) KeyStore |
initKeyStore(List<DefaultPolicyScanner.KeystoreEntry> keystores,
URL base,
Properties system,
boolean resolve)
Returns the first successfully loaded KeyStore, from the specified list of
possible locations.
|
Collection<PermissionGrant> |
parse(URL location,
Properties system)
This is the main business method.
|
(package private) PermissionGrant |
resolveGrant(DefaultPolicyScanner.GrantEntry ge,
KeyStore ks,
Properties system,
boolean resolve)
Translates GrantEntry token to PermissionGrant object.
|
(package private) Permission |
resolvePermission(DefaultPolicyScanner.PermissionEntry pe,
DefaultPolicyScanner.GrantEntry ge,
KeyStore ks,
Properties system,
boolean resolve)
Translates PermissionEntry token to Permission object.
|
(package private) Certificate[] |
resolveSigners(KeyStore ks,
String signers)
Takes a comma-separated list of aliases and obtains corresponding
certificates.
|
(package private) Segment |
segment(String s,
Properties p) |
private final DefaultPolicyScanner scanner
DefaultPolicyParser()
DefaultPolicyScanner
is used.DefaultPolicyParser(DefaultPolicyScanner s)
public Collection<PermissionGrant> parse(URL location, Properties system) throws Exception
composite tokens
,
then this set is iterated and each token is translated to a PermissionGrant.
Semantically invalid tokens are ignored, the same as void PermissionGrant's.
parse
in interface PolicyParser
location
- an URL of a policy file to be loadedsystem
- system properties, used for property expansionException
- IO error while reading location or file syntax errorPermissionGrant resolveGrant(DefaultPolicyScanner.GrantEntry ge, KeyStore ks, Properties system, boolean resolve) throws Exception
codebase
is specified, expand it and construct an URL.
signers
is specified, expand it and obtain
corresponding Certificates.
principals
collection is specified, iterate over it.
For each PrincipalEntry, expand name and if no class specified,
resolve actual X500Principal from a KeyStore certificate; otherwise keep it
as UnresolvedPrincipal.
permissions
collection. For each PermissionEntry,
try to resolve (see method
resolvePermission()
)
a corresponding permission. If resolution failed, ignore the PermissionEntry.
ge
- GrantEntry token to be resolvedks
- KeyStore for resolving Certificates, may be null
system
- system properties, used for property expansionresolve
- flag enabling/disabling property expansionException
- if unable to resolve codebase, signers or principals
of the GrantEntryDefaultPolicyScanner.PrincipalEntry
,
DefaultPolicyScanner.PermissionEntry
,
PolicyUtils
String getURI(String uriString) throws MalformedURLException, URISyntaxException
Segment segment(String s, Properties p) throws PolicyUtils.ExpansionFailedException
Collection<String> expandURLs(String s, Properties p) throws PolicyUtils.ExpansionFailedException
Permission resolvePermission(DefaultPolicyScanner.PermissionEntry pe, DefaultPolicyScanner.GrantEntry ge, KeyStore ks, Properties system, boolean resolve) throws Exception
name
and
properties expansion for non-null name
, action
and signers
.
Then, it obtains signing Certificates(if any), tries to find a class specified by
klass
name and instantiate a corresponding permission object.
If class is not found or it is signed improperly, returns UnresolvedPermission.pe
- PermissionEntry token to be resolvedge
- parental GrantEntry of the PermissionEntryks
- KeyStore for resolving Certificates, may be null
system
- system properties, used for property expansionresolve
- flag enabling/disabling property expansionException
- if failed to expand properties,
or to get a Certificate,
or to newBuilder an instance of a successfully found classCertificate[] resolveSigners(KeyStore ks, String signers) throws Exception
ks
- KeyStore for resolving Certificates, may be null
signers
- comma-separated list of certificate aliases,
must be not null
Exception
- if KeyStore is null
or if it failed to provide a certificatePrincipal getPrincipalByAlias(KeyStore ks, String alias) throws KeyStoreException, CertificateException
ks
- KeyStore for resolving Certificate, may be null
alias
- alias to a certificateKeyStoreException
- if KeyStore is null
or if it failed to provide a certificateCertificateException
- if found certificate is not
an X509CertificateKeyStore initKeyStore(List<DefaultPolicyScanner.KeystoreEntry> keystores, URL base, Properties system, boolean resolve)
url
and type
,
tries to construct instances of specified URL and KeyStore and to load
the keystore. If it is loaded, returns the keystore, otherwise proceeds to
the next KeystoreEntry.
keystores
- list of available KeystoreEntriesbase
- the policy file locationsystem
- system properties, used for property expansionresolve
- flag enabling/disabling property expansionnull
Copyright 2007-2013, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.