Examples of javax.security.jacc.PolicyConfigurationFactory

• javax.security.jacc.PolicyConfigurationFactory
  Abstract factory and finder class for obtaining the instance of the class that implements the PolicyConfigurationFactory of a provider. The factory will be used to instantiate PolicyConfiguration objects that will be used by the deployment tools of the container to create and manage policy contexts within the Policy Provider. Implementation classes must have a public no argument constructor that may be used to create an operational instance of the factory implementation class. @see java.security.Permission @see PolicyConfiguration @see PolicyContextException @version $Rev: 240324 $ $Date: 2005-08-26 13:50:35 -0600 (Fri, 26 Aug 2005) $

    public ApplicationPolicyConfigurationManager(Map contextIdToPermissionsMap, Map principalRoleMap, Map roleDesignates, ClassLoader cl) throws PolicyContextException, ClassNotFoundException {
        Thread currentThread = Thread.currentThread();
        ClassLoader oldClassLoader = currentThread.getContextClassLoader();
        currentThread.setContextClassLoader(cl);
        PolicyConfigurationFactory policyConfigurationFactory;
        try {
            policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
        } finally {
            currentThread.setContextClassLoader(oldClassLoader);
        }

        for (Iterator iterator = contextIdToPermissionsMap.entrySet().iterator(); iterator.hasNext();) {
            Map.Entry entry = (Map.Entry) iterator.next();
            String contextID = (String) entry.getKey();
            ComponentPermissions componentPermissions = (ComponentPermissions) entry.getValue();

            PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(contextID, false);
//            if (policyConfiguration != policyConfigurationFactory.getPolicyConfiguration(contextID, false)) {
//                throw new IllegalStateException("JACC implementation is invalid: returns different instances of PolicyConfiguration for the same contextID");
//            }
            contextIdToPolicyConfigurationMap.put(contextID, policyConfiguration);
            policyConfiguration.addToExcludedPolicy(componentPermissions.getExcludedPermissions());

   @Override
   public void deploy(DeploymentUnit unit, JBossAppMetaData deployment) throws DeploymentException
   {
      //Perform JACC Policy Configuration
      String contextID =  shortNameFromDeploymentName(unit.getSimpleName());
      PolicyConfigurationFactory pcFactory = null;
      try
      {
         pcFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
         PolicyConfiguration pc = pcFactory.getPolicyConfiguration(contextID, true);
         unit.addAttachment(PolicyConfiguration.class, pc);
      }
      catch (PolicyContextException e)
      {
         throw new DeploymentException("PolicyContextException generated in deploy", e);

   public void create()
   {
      try
      {
         PolicyConfigurationFactory pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
         policyConfiguration = pcf.getPolicyConfiguration(this.jaccContextId, false);

         createPermissions(metaData, policyConfiguration);
      }
      catch (ClassNotFoundException e)
      {

    *
    * @throws Exception
    */
   public void testPolicyConfiguration() throws Exception
   {
      PolicyConfigurationFactory pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
      PolicyConfiguration pc = pcf.getPolicyConfiguration("context-a", false);
      EJBMethodPermission someEJB = new EJBMethodPermission("someEJB", null);
      pc.addToExcludedPolicy(someEJB);
      pc.commit();

      Policy sysPolicy = Policy.getPolicy();
      assertTrue("Policy isa DelegatingPolicy", sysPolicy instanceof DelegatingPolicy);
      sysPolicy.refresh();

      // Act like the ejb container and check a permission
      PolicyContext.setContextID("context-a");
      EJBMethodPermission methodX = new EJBMethodPermission("someEJB", "methodX,,int");
      assertTrue("methodX denied", sysPolicy.implies(null, methodX) == false);

      pc = pcf.getPolicyConfiguration("context-a", true);
      pc.addToUncheckedPolicy(someEJB);
      pc.commit();
      sysPolicy.refresh();
      assertTrue("methodX allowed", sysPolicy.implies(null, methodX) == true);

      pc.delete();
      pc = pcf.getPolicyConfiguration("context-a", false);
      pc.addToRole("callerX", someEJB);
      pc.commit();
      sysPolicy.refresh();
      SimplePrincipal[] callers = {new SimplePrincipal("callerX")};
      ProtectionDomain pd = new ProtectionDomain(null, null, null, callers);

    *
    * @throws Exception
    */
   public void testOpenConfigurations() throws Exception
   {
      PolicyConfigurationFactory pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
      PolicyConfiguration pc = pcf.getPolicyConfiguration("context-a", false);
      EJBMethodPermission someEJB = new EJBMethodPermission("someEJB", null);
      pc.addToRole("callerX", someEJB);
      Policy sysPolicy = Policy.getPolicy();

      pc = pcf.getPolicyConfiguration("context-a", true);
      pc.addToUncheckedPolicy(someEJB);
      sysPolicy.refresh();
      EJBMethodPermission methodX = new EJBMethodPermission("someEJB", "methodX,,int");
      // This perm should be denied since the policy config has not been comitted
      boolean implied = sysPolicy.implies(null, methodX);

      assertTrue("methodX allowed", implied  == true);
   }

   public void testSubjectDoAs() throws Exception
   {
      PolicyConfigurationFactory pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
      PolicyConfiguration pc = pcf.getPolicyConfiguration("context-a", true);
      EJBMethodPermission someEJB = new EJBMethodPermission("someEJB", null);
      pc.addToRole("callerX", someEJB);
      pc.commit();

      log.debug("EJBMethodPermission.CS: "+EJBMethodPermission.class.getProtectionDomain());

             * cannot be linked. So we bring them to the open state by getting
             * the policy configuration from the factory and then we commit.
             */
            String jaccContextIdChild = pcfm.getJaccContextID();

            PolicyConfigurationFactory policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
            PolicyConfiguration pcChild = policyConfigurationFactory.getPolicyConfiguration(jaccContextIdChild, false);
            if(pcChild != null)
            {
               parentPC.linkConfiguration(pcChild);
               //Commit the linked PC
               pcChild.commit();

   private void createPolicyConfiguration() throws PolicyContextException, ClassNotFoundException
   {
      if(parentPC == null)
      {
         PolicyConfigurationFactory pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
         parentPC = pcf.getPolicyConfiguration(contextID, false);
      }
   }

      String contextID = unit.getName();
      PolicyConfiguration pc = null;
      try
      {
         PolicyConfigurationFactory pcFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
         pc = pcFactory.getPolicyConfiguration(contextID, true);
      }
      catch (Exception e)
      {
         throw new RuntimeException("failed to initialize JACC for unit: " + unit.getName(), e);
      }

    */
   void createMissingPermissions(Container con, BeanMetaData bean) throws ClassNotFoundException,
         PolicyContextException
   {
      String contextID = con.getJaccContextID();
      PolicyConfigurationFactory pcFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
      PolicyConfiguration pc = pcFactory.getPolicyConfiguration(contextID, false);
      Class clazz = con.getHomeClass();
      // If there is no security domain mark all methods as unchecked
      boolean hasSecurityDomain = con.getSecurityManager() != null;
      boolean exclude = hasSecurityDomain ? bean.isExcludeMissingMethods() : false;