This is an abstract class for representing the system policy for
- * Subject-based authorization. A subclass implementation
- * of this class provides a means to specify a Subject-based
- * access control Policy.
- *
- *
A Policy object can be queried for the set of
- * Permissions granted to code running as a
- * Principal in the following manner:
- *
- *
- * policy = Policy.getPolicy(); - * PermissionCollection perms = policy.getPermissions(subject, - * codeSource); - *- * - * The
Policy object consults the local policy and returns
- * and appropriate Permissions object with the
- * Permissions granted to the Principals associated with the
- * provided subject, and granted to the code specified
- * by the provided codeSource.
- *
- * A Policy contains the following information.
- * Note that this example only represents the syntax for the default
- * Policy implementation. Subclass implementations of this class
- * may implement alternative syntaxes and may retrieve the
- * Policy from any source such as files, databases,
- * or servers.
- *
- *
Each entry in the Policy is represented as
- * a grant entry. Each grant entry
- * specifies a codebase, code signers, and Principals triplet,
- * as well as the Permissions granted to that triplet.
- *
- *
- * grant CodeBase ["URL"], Signedby ["signers"],
- * Principal [Principal_Class] "Principal_Name" {
- * Permission Permission_Class ["Target_Name"]
- * [, "Permission_Actions"]
- * [, signedBy "SignerName"];
- * };
- *
- *
- * The CodeBase and Signedby components of the triplet name/value pairs
- * are optional. If they are not present, then any any codebase will match,
- * and any signer (including unsigned code) will match.
- * For Example,
- *
- *
- * grant CodeBase "foo.com", Signedby "foo",
- * Principal com.sun.security.auth.SolarisPrincipal "duke" {
- * permission java.io.FilePermission "/home/duke", "read, write";
- * };
- *
- *
- * This grant entry specifies that code from "foo.com",
- * signed by "foo', and running as a SolarisPrincipal with the
- * name, duke, has one Permission. This Permission
- * permits the executing code to read and write files in the directory,
- * "/home/duke".
- *
- * To "run" as a particular Principal,
- * code invokes the Subject.doAs(subject, ...) method.
- * After invoking that method, the code runs as all the Principals
- * associated with the specified Subject.
- * Note that this Policy (and the Permissions
- * granted in this Policy) only become effective
- * after the call to Subject.doAs has occurred.
- *
- *
Multiple Principals may be listed within one grant entry.
- * All the Principals in the grant entry must be associated with
- * the Subject provided to Subject.doAs
- * for that Subject to be granted the specified Permissions.
- *
- *
- * grant Principal com.sun.security.auth.SolarisPrincipal "duke",
- * Principal com.sun.security.auth.SolarisNumericUserPrincipal "0" {
- * permission java.io.FilePermission "/home/duke", "read, write";
- * permission java.net.SocketPermission "duke.com", "connect";
- * };
- *
- *
- * This entry grants any code running as both "duke" and "0"
- * permission to read and write files in duke's home directory,
- * as well as permission to make socket connections to "duke.com".
- *
- * Note that non Principal-based grant entries are not permitted
- * in this Policy. Therefore, grant entries such as:
- *
- *
- * grant CodeBase "foo.com", Signedby "foo" {
- * permission java.io.FilePermission "/tmp/scratch", "read, write";
- * };
- *
- *
- * are rejected. Such permission must be listed in the
- * java.security.Policy.
- *
- * The default Policy implementation can be changed by
- * setting the value of the "auth.policy.provider" security property
- * (in the Java security properties file) to the fully qualified name of
- * the desired Policy implementation class.
- * The Java security properties file is located in the file named
- * <JAVA_HOME>/lib/security/java.security.
- * <JAVA_HOME> refers to the value of the java.home system property,
- * and specifies the directory where the JRE is installed.
- *
- * @deprecated as of JDK version 1.4 -- Replaced by java.security.Policy.
- * java.security.Policy has a method:
- *
- * public PermissionCollection getPermissions - * (java.security.ProtectionDomain pd) - * - *- * and ProtectionDomain has a constructor: - *
- * public ProtectionDomain - * (CodeSource cs, - * PermissionCollection permissions, - * ClassLoader loader, - * Principal[] principals) - *- * - * These two APIs provide callers the means to query the - * Policy for Principal-based Permission entries. - * - * - */ -@Deprecated -public abstract class Policy { - - private static Policy policy; - private static ClassLoader contextClassLoader; - - // true if a custom (not com.sun.security.auth.PolicyFile) system-wide - // policy object is set - private static boolean isCustomPolicy; - - static { - contextClassLoader = java.security.AccessController.doPrivileged - (new java.security.PrivilegedAction
SecurityManager.checkPermission with the
- * AuthPermission("getPolicy") permission
- * to ensure the caller has permission to get the Policy object.
- *
- *
- *
- * @return the installed Policy. The return value cannot be
- *
- *
- * @param policy the new system Policy object.
- *
- * @exception java.lang.SecurityException if the current thread does not
- * have permission to set the Policy.
- *
- * @see #getPolicy
- */
- public static void setPolicy(Policy policy) {
- java.lang.SecurityManager sm = System.getSecurityManager();
- if (sm != null) sm.checkPermission(new AuthPermission("setPolicy"));
- Policy.policy = policy;
- // all non-null policy objects are assumed to be custom
- isCustomPolicy = policy != null ? true : false;
- }
-
- /**
- * Returns true if a custom (not com.sun.security.auth.PolicyFile)
- * system-wide policy object has been set or installed. This method is
- * called by SubjectDomainCombiner to provide backwards compatibility for
- * developers that provide their own javax.security.auth.Policy
- * implementations.
- *
- * @return true if a custom (not com.sun.security.auth.PolicyFile)
- * system-wide policy object has been set; false otherwise
- */
- static boolean isCustomPolicySet(Debug debug) {
- if (policy != null) {
- if (debug != null && isCustomPolicy) {
- debug.println("Providing backwards compatibility for " +
- "javax.security.auth.policy implementation: " +
- policy.toString());
- }
- return isCustomPolicy;
- }
- // check if custom policy has been set using auth.policy.provider prop
- String policyClass = java.security.AccessController.doPrivileged
- (new java.security.PrivilegedAction
- *
- * @param subject the
- *
- * @param cs the code specified by its This method causes this object to refresh/reload its current
- * Policy. This is implementation-dependent.
- * For example, if the Policy object is stored in
- * a file, calling
- *
- * @exception SecurityException if the caller does not have permission
- * to refresh the Policy.
- */
- public abstract void refresh();
-}
diff --git a/ojluni/src/main/java/javax/security/auth/login/AppConfigurationEntry.java b/ojluni/src/main/java/javax/security/auth/login/AppConfigurationEntry.java
deleted file mode 100755
index 7c70d580c..000000000
--- a/ojluni/src/main/java/javax/security/auth/login/AppConfigurationEntry.java
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package javax.security.auth.login;
-
-import java.util.Map;
-import java.util.Collections;
-
-/**
- * This class represents a single This entry represents a single
- *
- * @param controlFlag either REQUIRED, REQUISITE, SUFFICIENT,
- * or OPTIONAL.
- *
- * @param options the options configured for this The String has the format, "LoginModuleControlFlag: flag",
- * where flag is either required, requisite,
- * sufficient, or optional.
- *
- * @return a String representation of this controlFlag.
- */
- public String toString() {
- return (sun.security.util.ResourcesMgr.getString
- ("LoginModuleControlFlag.") + controlFlag);
- }
- }
-}
diff --git a/ojluni/src/main/java/javax/security/auth/login/Configuration.java b/ojluni/src/main/java/javax/security/auth/login/Configuration.java
deleted file mode 100755
index 988dc1a3f..000000000
--- a/ojluni/src/main/java/javax/security/auth/login/Configuration.java
+++ /dev/null
@@ -1,624 +0,0 @@
-/*
- * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package javax.security.auth.login;
-
-import javax.security.auth.AuthPermission;
-
-import java.io.*;
-import java.util.*;
-import java.net.URI;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedExceptionAction;
-import java.security.PrivilegedActionException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.Provider;
-import java.security.Security;
-import java.security.SecurityPermission;
-
-import sun.security.jca.GetInstance;
-
-/**
- * A Configuration object is responsible for specifying which LoginModules
- * should be used for a particular application, and in what order the
- * LoginModules should be invoked.
- *
- * A login configuration contains the following information.
- * Note that this example only represents the default syntax for the
- * Each entry in the The Flag value controls the overall behavior as authentication
- * proceeds down the stack. The following represents a description of the
- * valid values for Flag and their respective semantics:
- *
- * The overall authentication succeeds only if all Required and
- * Requisite LoginModules succeed. If a Sufficient
- * ModuleOptions is a space separated list of
- * The following represents an example This Also note that the LoginModule-specific options,
- * useTicketCache="true" and
- * ticketCache=${user.home}${/}tickets",
- * are passed to the Krb5LoginModule.
- * These options instruct the Krb5LoginModule to
- * use the ticket cache at the specified location.
- * The system properties, user.home and /
- * (file.separator), are expanded to their respective values.
- *
- * There is only one Configuration object installed in the runtime at any
- * given time. A Configuration object can be installed by calling the
- * If no Configuration object has been installed in the runtime, a call to
- * Application code can directly subclass Configuration to provide a custom
- * implementation. In addition, an instance of a Configuration object can be
- * constructed by invoking one of the
- *
- * @return the login Configuration. If a Configuration object was set
- * via the
- *
- * @param configuration the new This method traverses the list of registered security providers,
- * starting with the most preferred Provider.
- * A new Configuration object encapsulating the
- * ConfigurationSpi implementation from the first
- * Provider that supports the specified type is returned.
- *
- * Note that the list of registered providers may be retrieved via
- * the {@link Security#getProviders() Security.getProviders()} method.
- *
- * @param type the specified Configuration type. See the Configuration
- * section in the
- * Java Cryptography Architecture Standard Algorithm Name
- * Documentation for a list of standard Configuration types.
- *
- * @param params parameters for the Configuration, which may be null.
- *
- * @return the new Configuration object.
- *
- * @exception SecurityException if the caller does not have permission
- * to get a Configuration instance for the specified type.
- *
- * @exception NullPointerException if the specified type is null.
- *
- * @exception IllegalArgumentException if the specified parameters
- * are not understood by the ConfigurationSpi implementation
- * from the selected Provider.
- *
- * @exception NoSuchAlgorithmException if no Provider supports a
- * ConfigurationSpi implementation for the specified type.
- *
- * @see Provider
- * @since 1.6
- */
- public static Configuration getInstance(String type,
- Configuration.Parameters params)
- throws NoSuchAlgorithmException {
-
- checkPermission(type);
- try {
- GetInstance.Instance instance = GetInstance.getInstance
- ("Configuration",
- ConfigurationSpi.class,
- type,
- params);
- return new ConfigDelegate((ConfigurationSpi)instance.impl,
- instance.provider,
- type,
- params);
- } catch (NoSuchAlgorithmException nsae) {
- return handleException (nsae);
- }
- }
-
- /**
- * Returns a Configuration object of the specified type.
- *
- * A new Configuration object encapsulating the
- * ConfigurationSpi implementation from the specified provider
- * is returned. The specified provider must be registered
- * in the provider list.
- *
- * Note that the list of registered providers may be retrieved via
- * the {@link Security#getProviders() Security.getProviders()} method.
- *
- * @param type the specified Configuration type. See the Configuration
- * section in the
- * Java Cryptography Architecture Standard Algorithm Name
- * Documentation for a list of standard Configuration types.
- *
- * @param params parameters for the Configuration, which may be null.
- *
- * @param provider the provider.
- *
- * @return the new Configuration object.
- *
- * @exception SecurityException if the caller does not have permission
- * to get a Configuration instance for the specified type.
- *
- * @exception NullPointerException if the specified type is null.
- *
- * @exception IllegalArgumentException if the specified provider
- * is null or empty,
- * or if the specified parameters are not understood by
- * the ConfigurationSpi implementation from the specified provider.
- *
- * @exception NoSuchProviderException if the specified provider is not
- * registered in the security provider list.
- *
- * @exception NoSuchAlgorithmException if the specified provider does not
- * support a ConfigurationSpi implementation for the specified
- * type.
- *
- * @see Provider
- * @since 1.6
- */
- public static Configuration getInstance(String type,
- Configuration.Parameters params,
- String provider)
- throws NoSuchProviderException, NoSuchAlgorithmException {
-
- if (provider == null || provider.length() == 0) {
- throw new IllegalArgumentException("missing provider");
- }
-
- checkPermission(type);
- try {
- GetInstance.Instance instance = GetInstance.getInstance
- ("Configuration",
- ConfigurationSpi.class,
- type,
- params,
- provider);
- return new ConfigDelegate((ConfigurationSpi)instance.impl,
- instance.provider,
- type,
- params);
- } catch (NoSuchAlgorithmException nsae) {
- return handleException (nsae);
- }
- }
-
- /**
- * Returns a Configuration object of the specified type.
- *
- * A new Configuration object encapsulating the
- * ConfigurationSpi implementation from the specified Provider
- * object is returned. Note that the specified Provider object
- * does not have to be registered in the provider list.
- *
- * @param type the specified Configuration type. See the Configuration
- * section in the
- * Java Cryptography Architecture Standard Algorithm Name
- * Documentation for a list of standard Configuration types.
- *
- * @param params parameters for the Configuration, which may be null.
- *
- * @param provider the Provider.
- *
- * @return the new Configuration object.
- *
- * @exception SecurityException if the caller does not have permission
- * to get a Configuration instance for the specified type.
- *
- * @exception NullPointerException if the specified type is null.
- *
- * @exception IllegalArgumentException if the specified Provider is null,
- * or if the specified parameters are not understood by
- * the ConfigurationSpi implementation from the specified Provider.
- *
- * @exception NoSuchAlgorithmException if the specified Provider does not
- * support a ConfigurationSpi implementation for the specified
- * type.
- *
- * @see Provider
- * @since 1.6
- */
- public static Configuration getInstance(String type,
- Configuration.Parameters params,
- Provider provider)
- throws NoSuchAlgorithmException {
-
- if (provider == null) {
- throw new IllegalArgumentException("missing provider");
- }
-
- checkPermission(type);
- try {
- GetInstance.Instance instance = GetInstance.getInstance
- ("Configuration",
- ConfigurationSpi.class,
- type,
- params,
- provider);
- return new ConfigDelegate((ConfigurationSpi)instance.impl,
- instance.provider,
- type,
- params);
- } catch (NoSuchAlgorithmException nsae) {
- return handleException (nsae);
- }
- }
-
- private static Configuration handleException(NoSuchAlgorithmException nsae)
- throws NoSuchAlgorithmException {
- Throwable cause = nsae.getCause();
- if (cause instanceof IllegalArgumentException) {
- throw (IllegalArgumentException)cause;
- }
- throw nsae;
- }
-
- /**
- * Return the Provider of this Configuration.
- *
- * This Configuration instance will only have a Provider if it
- * was obtained via a call to This Configuration instance will only have a type if it
- * was obtained via a call to This Configuration instance will only have parameters if it
- * was obtained via a call to
- *
- * @param name the name used to index the Configuration.
- *
- * @return an array of AppConfigurationEntries for the specified name
- * from this Configuration, or null if there are no entries
- * for the specified name
- */
- public abstract AppConfigurationEntry[] getAppConfigurationEntry
- (String name);
-
- /**
- * Refresh and reload the Configuration.
- *
- * This method causes this Configuration object to refresh/reload its
- * contents in an implementation-dependent manner.
- * For example, if this Configuration object stores its entries in a file,
- * calling The default implementation of this method does nothing.
- * This method should be overridden if a refresh operation is supported
- * by the implementation.
- *
- * @exception SecurityException if the caller does not have permission
- * to refresh its Configuration.
- */
- public void refresh() { }
-
- /**
- * This subclass is returned by the getInstance calls. All Configuration
- * calls are delegated to the underlying ConfigurationSpi.
- */
- private static class ConfigDelegate extends Configuration {
-
- private ConfigurationSpi spi;
- private Provider p;
- private String type;
- private Configuration.Parameters params;
-
- private ConfigDelegate(ConfigurationSpi spi, Provider p,
- String type, Configuration.Parameters params) {
- this.spi = spi;
- this.p = p;
- this.type = type;
- this.params = params;
- }
-
- public String getType() { return type; }
-
- public Configuration.Parameters getParameters() { return params; }
-
- public Provider getProvider() { return p; }
-
- public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
- return spi.engineGetAppConfigurationEntry(name);
- }
-
- public void refresh() {
- spi.engineRefresh();
- }
- }
-
- /**
- * This represents a marker interface for Configuration parameters.
- *
- * @since 1.6
- */
- public static interface Parameters { }
-}
diff --git a/ojluni/src/main/java/javax/security/auth/login/ConfigurationSpi.java b/ojluni/src/main/java/javax/security/auth/login/ConfigurationSpi.java
deleted file mode 100755
index d7047d9b8..000000000
--- a/ojluni/src/main/java/javax/security/auth/login/ConfigurationSpi.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-
-package javax.security.auth.login;
-
-/**
- * This class defines the Service Provider Interface (SPI)
- * for the Subclass implementations of this abstract class must provide
- * a public constructor that takes a
- *
- * @param name the name used to index the Configuration.
- *
- * @return an array of AppConfigurationEntries for the specified
- * name, or null if there are no entries.
- */
- protected abstract AppConfigurationEntry[] engineGetAppConfigurationEntry
- (String name);
-
- /**
- * Refresh and reload the Configuration.
- *
- * This method causes this Configuration object to refresh/reload its
- * contents in an implementation-dependent manner.
- * For example, if this Configuration object stores its entries in a file,
- * calling The default implementation of this method does nothing.
- * This method should be overridden if a refresh operation is supported
- * by the implementation.
- *
- * @exception SecurityException if the caller does not have permission
- * to refresh its Configuration.
- */
- protected void engineRefresh() { }
-}
diff --git a/openjdk_java_files.mk b/openjdk_java_files.mk
index d70ca3005..e0652702b 100644
--- a/openjdk_java_files.mk
+++ b/openjdk_java_files.mk
@@ -1002,11 +1002,7 @@ openjdk_javadoc_files := \
ojluni/src/main/java/javax/security/auth/callback/UnsupportedCallbackException.java \
ojluni/src/main/java/javax/security/auth/Destroyable.java \
ojluni/src/main/java/javax/security/auth/DestroyFailedException.java \
- ojluni/src/main/java/javax/security/auth/login/AppConfigurationEntry.java \
- ojluni/src/main/java/javax/security/auth/login/Configuration.java \
- ojluni/src/main/java/javax/security/auth/login/ConfigurationSpi.java \
ojluni/src/main/java/javax/security/auth/login/LoginException.java \
- ojluni/src/main/java/javax/security/auth/Policy.java \
ojluni/src/main/java/javax/security/auth/PrivateCredentialPermission.java \
ojluni/src/main/java/javax/security/auth/SubjectDomainCombiner.java \
ojluni/src/main/java/javax/security/auth/Subject.java \
null.
- *
- * @exception java.lang.SecurityException if the current thread does not
- * have permission to get the Policy object.
- *
- * @see #setPolicy
- */
- public static Policy getPolicy() {
- java.lang.SecurityManager sm = System.getSecurityManager();
- if (sm != null) sm.checkPermission(new AuthPermission("getPolicy"));
- return getPolicyNoCheck();
- }
-
- /**
- * Returns the installed Policy object, skipping the security check.
- *
- * @return the installed Policy.
- *
- */
- static Policy getPolicyNoCheck() {
- if (policy == null) {
-
- synchronized(Policy.class) {
-
- if (policy == null) {
- String policy_class = null;
- policy_class = java.security.AccessController.doPrivileged
- (new java.security.PrivilegedActionSecurityManager.checkPermission with the
- * AuthPermission("setPolicy")
- * permission to ensure the caller has permission to set the Policy.
- *
- * CodeSource.
- *
- * Subject
- * whose associated Principals,
- * in conjunction with the provided
- * CodeSource, determines the Permissions
- * returned by this method. This parameter
- * may be null. CodeSource
- * that determines, in conjunction with the provided
- * Subject, the Permissions
- * returned by this method. This parameter may be
- * null.
- *
- * @return the Collection of Permissions granted to all the
- * Subject and code specified in
- * the provided subject and cs
- * parameters.
- */
- public abstract java.security.PermissionCollection getPermissions
- (Subject subject,
- java.security.CodeSource cs);
-
- /**
- * Refresh and reload the Policy.
- *
- * refresh will cause the file to be re-read.
- *
- * LoginModule entry
- * configured for the application specified in the
- * getAppConfigurationEntry(String appName)
- * method in the Configuration class. Each respective
- * AppConfigurationEntry contains a LoginModule name,
- * a control flag (specifying whether this LoginModule is
- * REQUIRED, REQUISITE, SUFFICIENT, or OPTIONAL), and LoginModule-specific
- * options. Please refer to the Configuration class for
- * more information on the different control flags and their semantics.
- *
- * @see javax.security.auth.login.Configuration
- */
-public class AppConfigurationEntry {
-
- private String loginModuleName;
- private LoginModuleControlFlag controlFlag;
- private MapLoginModule
- * entry configured for the application specified in the
- * getAppConfigurationEntry(String appName)
- * method from the Configuration class.
- *
- * @param loginModuleName String representing the class name of the
- * LoginModule configured for the
- * specified application. LoginModule.
- *
- * @exception IllegalArgumentException if loginModuleName
- * is null, if LoginModuleName
- * has a length of 0, if controlFlag
- * is not either REQUIRED, REQUISITE, SUFFICIENT
- * or OPTIONAL, or if options is null.
- */
- public AppConfigurationEntry(String loginModuleName,
- LoginModuleControlFlag controlFlag,
- MapLoginModule.
- *
- * @return the class name of the configured LoginModule as
- * a String.
- */
- public String getLoginModuleName() {
- return loginModuleName;
- }
-
- /**
- * Return the controlFlag
- * (either REQUIRED, REQUISITE, SUFFICIENT, or OPTIONAL)
- * for this LoginModule.
- *
- * @return the controlFlag
- * (either REQUIRED, REQUISITE, SUFFICIENT, or OPTIONAL)
- * for this LoginModule.
- */
- public LoginModuleControlFlag getControlFlag() {
- return controlFlag;
- }
-
- /**
- * Get the options configured for this LoginModule.
- *
- * @return the options configured for this LoginModule
- * as an unmodifiable Map.
- */
- public MapLoginModule
- * is REQUIRED, REQUISITE, SUFFICIENT or OPTIONAL.
- */
- public static class LoginModuleControlFlag {
-
- private String controlFlag;
-
- /**
- * Required LoginModule.
- */
- public static final LoginModuleControlFlag REQUIRED =
- new LoginModuleControlFlag("required");
-
- /**
- * Requisite LoginModule.
- */
- public static final LoginModuleControlFlag REQUISITE =
- new LoginModuleControlFlag("requisite");
-
- /**
- * Sufficient LoginModule.
- */
- public static final LoginModuleControlFlag SUFFICIENT =
- new LoginModuleControlFlag("sufficient");
-
- /**
- * Optional LoginModule.
- */
- public static final LoginModuleControlFlag OPTIONAL =
- new LoginModuleControlFlag("optional");
-
- private LoginModuleControlFlag(String controlFlag) {
- this.controlFlag = controlFlag;
- }
-
- /**
- * Return a String representation of this controlFlag.
- *
- * Configuration. Subclass implementations of this class
- * may implement alternative syntaxes and may retrieve the
- * Configuration from any source such as files, databases,
- * or servers.
- *
- *
- * Name {
- * ModuleClass Flag ModuleOptions;
- * ModuleClass Flag ModuleOptions;
- * ModuleClass Flag ModuleOptions;
- * };
- * Name {
- * ModuleClass Flag ModuleOptions;
- * ModuleClass Flag ModuleOptions;
- * };
- * other {
- * ModuleClass Flag ModuleOptions;
- * ModuleClass Flag ModuleOptions;
- * };
- *
- *
- * Configuration is indexed via an
- * application name, Name, and contains a list of
- * LoginModules configured for that application. Each LoginModule
- * is specified via its fully qualified class name.
- * Authentication proceeds down the module list in the exact order specified.
- * If an application does not have specific entry,
- * it defaults to the specific entry for "other".
- *
- *
- * 1) Required - The
- *
- * LoginModule is required to succeed.
- * If it succeeds or fails, authentication still continues
- * to proceed down the LoginModule list.
- *
- * 2) Requisite - The LoginModule is required to succeed.
- * If it succeeds, authentication continues down the
- * LoginModule list. If it fails,
- * control immediately returns to the application
- * (authentication does not proceed down the
- * LoginModule list).
- *
- * 3) Sufficient - The LoginModule is not required to
- * succeed. If it does succeed, control immediately
- * returns to the application (authentication does not
- * proceed down the LoginModule list).
- * If it fails, authentication continues down the
- * LoginModule list.
- *
- * 4) Optional - The LoginModule is not required to
- * succeed. If it succeeds or fails,
- * authentication still continues to proceed down the
- * LoginModule list.
- * LoginModule is configured and succeeds,
- * then only the Required and Requisite LoginModules prior to
- * that Sufficient LoginModule need to have succeeded for
- * the overall authentication to succeed. If no Required or
- * Requisite LoginModules are configured for an application,
- * then at least one Sufficient or Optional
- * LoginModule must succeed.
- *
- * LoginModule-specific values which are passed directly to
- * the underlying LoginModules. Options are defined by the
- * LoginModule itself, and control the behavior within it.
- * For example, a LoginModule may define options to support
- * debugging/testing capabilities. The correct way to specify options in the
- * Configuration is by using the following key-value pairing:
- * debug="true". The key and value should be separated by an
- * 'equals' symbol, and the value should be surrounded by double quotes.
- * If a String in the form, ${system.property}, occurs in the value,
- * it will be expanded to the value of the system property.
- * Note that there is no limit to the number of
- * options a LoginModule may define.
- *
- * Configuration entry
- * based on the syntax above:
- *
- *
- * Login {
- * com.sun.security.auth.module.UnixLoginModule required;
- * com.sun.security.auth.module.Krb5LoginModule optional
- * useTicketCache="true"
- * ticketCache="${user.home}${/}tickets";
- * };
- *
- *
- * Configuration specifies that an application named,
- * "Login", requires users to first authenticate to the
- * com.sun.security.auth.module.UnixLoginModule, which is
- * required to succeed. Even if the UnixLoginModule
- * authentication fails, the
- * com.sun.security.auth.module.Krb5LoginModule
- * still gets invoked. This helps hide the source of failure.
- * Since the Krb5LoginModule is Optional, the overall
- * authentication succeeds only if the UnixLoginModule
- * (Required) succeeds.
- *
- * setConfiguration method. The installed Configuration object
- * can be obtained by calling the getConfiguration method.
- *
- * getConfiguration installs an instance of the default
- * Configuration implementation (a default subclass implementation of this
- * abstract class).
- * The default Configuration implementation can be changed by setting the value
- * of the "login.configuration.provider" security property (in the Java
- * security properties file) to the fully qualified name of the desired
- * Configuration subclass implementation. The Java security properties file
- * is located in the file named <JAVA_HOME>/lib/security/java.security.
- * <JAVA_HOME> refers to the value of the java.home system property,
- * and specifies the directory where the JRE is installed.
- *
- * getInstance factory methods
- * with a standard type. The default policy type is "JavaLoginConfig".
- * See the Configuration section in the
- * Java Cryptography Architecture Standard Algorithm Name Documentation
- * for a list of standard Configuration types.
- *
- * @see javax.security.auth.login.LoginContext
- */
-public abstract class Configuration {
-
- private static Configuration configuration;
- private static ClassLoader contextClassLoader;
-
- static {
- contextClassLoader = AccessController.doPrivileged
- (new PrivilegedActionConfiguration.setConfiguration method,
- * then that object is returned. Otherwise, a default
- * Configuration object is returned.
- *
- * @exception SecurityException if the caller does not have permission
- * to retrieve the Configuration.
- *
- * @see #setConfiguration
- */
- public static Configuration getConfiguration() {
-
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(new AuthPermission("getLoginConfiguration"));
-
- synchronized (Configuration.class) {
- if (configuration == null) {
- String config_class = null;
- config_class = AccessController.doPrivileged
- (new PrivilegedActionConfiguration.
- *
- * Configuration
- *
- * @exception SecurityException if the current thread does not have
- * Permission to set the Configuration.
- *
- * @see #getConfiguration
- */
- public static void setConfiguration(Configuration configuration) {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(new AuthPermission("setLoginConfiguration"));
- Configuration.configuration = configuration;
- }
-
- /**
- * Returns a Configuration object of the specified type.
- *
- * Configuration.getInstance.
- * Otherwise this method returns null.
- *
- * @return the Provider of this Configuration, or null.
- *
- * @since 1.6
- */
- public Provider getProvider() {
- return null;
- }
-
- /**
- * Return the type of this Configuration.
- *
- * Configuration.getInstance.
- * Otherwise this method returns null.
- *
- * @return the type of this Configuration, or null.
- *
- * @since 1.6
- */
- public String getType() {
- return null;
- }
-
- /**
- * Return Configuration parameters.
- *
- * Configuration.getInstance.
- * Otherwise this method returns null.
- *
- * @return Configuration parameters, or null.
- *
- * @since 1.6
- */
- public Configuration.Parameters getParameters() {
- return null;
- }
-
- /**
- * Retrieve the AppConfigurationEntries for the specified name
- * from this Configuration.
- *
- * refresh may cause the file to be re-read.
- *
- * Configuration class.
- * All the abstract methods in this class must be implemented by each
- * service provider who wishes to supply a Configuration implementation.
- *
- * Configuration.Parameters
- * object as an input parameter. This constructor also must throw
- * an IllegalArgumentException if it does not understand the
- * Configuration.Parameters input.
- *
- *
- * @since 1.6
- */
-
-public abstract class ConfigurationSpi {
- /**
- * Retrieve the AppConfigurationEntries for the specified name.
- *
- * refresh may cause the file to be re-read.
- *
- *