Examples of java.security.PermissionCollection

• java.security.PermissionCollection
  Abstract class representing a collection of Permission objects.

  With a PermissionCollection, you can:

  • add a permission to the collection using the add method.
  • check to see if a particular permission is implied in the collection, using the implies method.
  • enumerate all the permissions, using the elements method.

  When it is desirable to group together a number of Permission objects of the same type, the newPermissionCollection method on that particular type of Permission object should first be called. The default behavior (from the Permission class) is to simply return null. Subclasses of class Permission override the method if they need to store their permissions in a particular PermissionCollection object in order to provide the correct semantics when the PermissionCollection.implies method is called. If a non-null value is returned, that PermissionCollection must be used. If null is returned, then the caller of newPermissionCollection is free to store permissions of the given type in any PermissionCollection they choose (one that uses a Hashtable, one that uses a Vector, etc).

  The PermissionCollection returned by the Permission.newPermissionCollection method is a homogeneous collection, which stores only Permission objects for a given Permission type. A PermissionCollection may also be heterogeneous. For example, Permissions is a PermissionCollection subclass that represents a collection of PermissionCollections. That is, its members are each a homogeneous PermissionCollection. For example, a Permissions object might have a FilePermissionCollection for all the FilePermission objects, a SocketPermissionCollection for all the SocketPermission objects, and so on. Its add method adds a permission to the appropriate collection.

  Whenever a permission is added to a heterogeneous PermissionCollection such as Permissions, and the PermissionCollection doesn't yet contain a PermissionCollection of the specified permission's type, the PermissionCollection should call the newPermissionCollection method on the permission's class to see if it requires a special PermissionCollection. If newPermissionCollection returns null, the PermissionCollection is free to store the permission in any type of PermissionCollection it desires (one using a Hashtable, one using a Vector, etc.). For example, the Permissions object uses a default PermissionCollection implementation that stores the permission objects in a Hashtable.

  Subclass implementations of PermissionCollection should assume that they may be called simultaneously from multiple threads, and therefore should be synchronized properly. Furthermore, Enumerations returned via the elements method are not fail-fast. Modifications to a collection should not be performed while enumerating over that collection. @see Permission @see Permissions @version 1.36 05/11/17 @author Roland Schemers

        return new ComponentPermissions(excludedPermissions, uncheckedPermissions, rolePermissions);

    }

    protected void addPermissionToRole(String roleName, Permission permission, Map rolePermissions) {
        PermissionCollection permissionsForRole = (PermissionCollection) rolePermissions.get(roleName);
        if (permissionsForRole == null) {
            permissionsForRole = new Permissions();
            rolePermissions.put(roleName, permissionsForRole);
        }
        permissionsForRole.add(permission);
    }

        Map roleDesignates = new HashMap();
        Map principalRoleMap = new HashMap();
        buildPrincipalRoleMap(securityConfig, roleDesignates, principalRoleMap);

        PermissionCollection uncheckedPermissions = new Permissions();

        PermissionCollection excludedPermissions = new Permissions();
        excludedPermissions.add(new WebResourcePermission("/auth/login.html", ""));
        excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));

        Map rolePermissions = new HashMap();
        PermissionCollection permissions = new Permissions();
        permissions.add(new WebUserDataPermission("/protected/*", ""));
        permissions.add(new WebResourcePermission("/protected/*", ""));
        rolePermissions.put("content-administrator", permissions);
        rolePermissions.put("auto-administrator", permissions);

        Set securityRoles = new HashSet();
        securityRoles.add("content-administrator");

        initParams.put("roleClassNames", "org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal");

        RealmGBean realm = new RealmGBean("org.apache.geronimo.tomcat.realm.TomcatJAASRealm", initParams);
        realm.doStart();

        PermissionCollection excludedPermissions = new Permissions();
        PermissionCollection uncheckedPermissions = new Permissions();
        ComponentPermissions componentPermissions = new ComponentPermissions(excludedPermissions, uncheckedPermissions, new HashMap());
        //Force a new realm name and ignore the application name
        SecurityHolder securityHolder = new SecurityHolder();
        securityHolder.setSecurityRealm(securityRealmName);
        setUpSecureAppContext(new HashMap(),

        Map roleDesignates = new HashMap();
        Map principalRoleMap = new HashMap();
        buildPrincipalRoleMap(securityConfig, roleDesignates, principalRoleMap);

        PermissionCollection uncheckedPermissions = new Permissions();

        PermissionCollection excludedPermissions = new Permissions();
        excludedPermissions.add(new WebResourcePermission("/auth/login.html", ""));
        excludedPermissions.add(new WebUserDataPermission("/auth/login.html", ""));

        Map rolePermissions = new HashMap();
        PermissionCollection permissions = new Permissions();
        permissions.add(new WebUserDataPermission("/protected/*", ""));
        permissions.add(new WebResourcePermission("/protected/*", ""));
        rolePermissions.put("content-administrator", permissions);
        rolePermissions.put("auto-administrator", permissions);

        ComponentPermissions componentPermissions = new ComponentPermissions(excludedPermissions, uncheckedPermissions, rolePermissions);

                    RoleResolver roleResolver = SystemInstance.get().getComponent(RoleResolver.class);
                    Set<String> roles = roleResolver.getLogicalRoles(principals, rolePermissionsMap.keySet());

                    for (String role : roles) {
                        PermissionCollection permissions = rolePermissionsMap.get(role);

                        if (permissions != null && permissions.implies(permission)) {
                            actual.set(role);
                            return true;
                        }
                    }

                //String policyContextID = webModuleName.getCanonicalName();
                webModuleData.setAttribute("policyContextID", policyContextID);

                ComponentPermissions componentPermissions = buildSpecSecurityConfig(webApp, securityRoles, rolePermissions);
                webModuleData.setAttribute("excludedPermissions", componentPermissions.getExcludedPermissions());
                PermissionCollection checkedPermissions = new Permissions();
                for (Iterator iterator = rolePermissions.values().iterator(); iterator.hasNext();) {
                    PermissionCollection permissionsForRole = (PermissionCollection) iterator.next();
                    for (Enumeration iterator2 = permissionsForRole.elements(); iterator2.hasMoreElements();) {
                        Permission permission = (Permission) iterator2.nextElement();
                        checkedPermissions.add(permission);
                    }
                }
                webModuleData.setAttribute("checkedPermissions", checkedPermissions);

        AbstractName moduleName = module.getModuleName();
        EARContext earContext = createEARContext(outputPath, defaultEnvironment, repository, configStore, moduleName);
        AbstractName jaccBeanName = kernel.getNaming().createChildName(moduleName, "foo", NameFactory.JACC_MANAGER);
        GBeanData jaccBeanData = new GBeanData(jaccBeanName, ApplicationPolicyConfigurationManager.GBEAN_INFO);
        PermissionCollection excludedPermissions= new Permissions();
        PermissionCollection uncheckedPermissions= new Permissions();
        ComponentPermissions componentPermissions = new ComponentPermissions(excludedPermissions, uncheckedPermissions, new HashMap());
        Map contextIDToPermissionsMap = new HashMap();
        contextIDToPermissionsMap.put("test_J2EEApplication=null_J2EEServer=bar_j2eeType=WebModule_name=org/apache/geronimo/test", componentPermissions);
        jaccBeanData.setAttribute("contextIdToPermissionsMap", contextIDToPermissionsMap);
//        jaccBeanData.setAttribute("principalRoleMap", new HashMap());

            policyConfiguration.addToExcludedPolicy(componentPermissions.getExcludedPermissions());
            policyConfiguration.addToUncheckedPolicy(componentPermissions.getUncheckedPermissions());
            for (Iterator roleIterator = componentPermissions.getRolePermissions().entrySet().iterator(); roleIterator.hasNext();) {
                Map.Entry roleEntry = (Map.Entry) roleIterator.next();
                String roleName = (String) roleEntry.getKey();
                PermissionCollection rolePermissions = (PermissionCollection) roleEntry.getValue();
                for (Enumeration permissions = rolePermissions.elements(); permissions.hasMoreElements();) {
                    Permission permission = (Permission) permissions.nextElement();
                    policyConfiguration.addToRole(roleName, permission);

                }
            }

                String policyContextID = moduleName.toString().replaceAll("[, :]", "_");
                securityHolder.setPolicyContextID(policyContextID);

                ComponentPermissions componentPermissions = buildSpecSecurityConfig(webApp, securityRoles, rolePermissions);
                securityHolder.setExcluded(componentPermissions.getExcludedPermissions());
                PermissionCollection checkedPermissions = new Permissions();
                for (Iterator iterator = rolePermissions.values().iterator(); iterator.hasNext();) {
                    PermissionCollection permissionsForRole = (PermissionCollection) iterator.next();
                    for (Enumeration iterator2 = permissionsForRole.elements(); iterator2.hasMoreElements();) {
                        Permission permission = (Permission) iterator2.nextElement();
                        checkedPermissions.add(permission);
                    }
                }
                securityHolder.setChecked(checkedPermissions);

     * @return PermissionCollection for CodeSource
     */
    protected PermissionCollection getPermissions(CodeSource codeSource) {

        String codeUrl = codeSource.getLocation().toString();
        PermissionCollection pc;
        if ((pc = (PermissionCollection)loaderPC.get(codeUrl)) == null) {
            pc = super.getPermissions(codeSource);
            if (pc != null) {
                Iterator perms = permissionList.iterator();
                while (perms.hasNext()) {
                    Permission p = (Permission)perms.next();
                    pc.add(p);
                }
                loaderPC.put(codeUrl,pc);
            }
        }
        return (pc);