net.openwings.security
Class ServicePermission

java.lang.Object
  java.security.Permission
      java.security.BasicPermission
          net.openwings.security.ServicePermission

All Implemented Interfaces:

java.security.Guard, java.io.Serializable

public final class ServicePermission

extends java.security.BasicPermission

This class defines a permission which is used to access services in Openwings. Secure connectors (or other code) create instances of this permission and pass to java.lang.Security Manager.checkPermission() to verify user permissions at runtime. Permissions are defined in a policy file specific to each component. Permissions are granted to Principals, which are then assigned to a user Subject. By verifying that the Subject possesses the Principal required by the ServicePermission, the SecurityManager limits access to a remote call on a service method.

For this permission the actions are not used.

The name of the permission is interpreted as follows:

   <package>.<interface>.<method>

Wildcards are allowed, but only the first occurrence is used.

Here are some examples of permission names and what they mean:

• "*" - provides access to all services. A name of "" (empty string) has the same effect.
• "com.gd.*" - provides access to all service interfaces defined in or beneath the package com.gd.
• "com.gd.MyInterface.*" - provides access to all methods in the com.gd.MyInterface service interface
• "com.gd.MyInterface.myMethod(int)" - provides access to method myMethod(int) in com.gd.MyInterface.

Here is an example grant clause that grants permission to any user with the Openwings role ow_user to view the list of components installed by the Openwings Install Service:

   grant Principal net.openwings.security.OpenwingsRole "ow_user" {
     Permission net.openwings.security.ServicePermission 
       "net.openwings.install.Installer.getComponents()";
   };
 

See Also:

Serialized Form

Constructor Summary

ServicePermission(java.lang.Class cls)
This constructor creates a ServicePermission for all methods in the specified class.

ServicePermission(java.lang.String name)
This constructor creates a ServicePermission with the specified name.

Methods inherited from class java.security.BasicPermission

equals, getActions, hashCode, implies, newPermissionCollection

Methods inherited from class java.security.Permission

checkGuard, getName, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

ServicePermission

public ServicePermission(java.lang.String name)

This constructor creates a ServicePermission with the specified name.

Parameters:

name - name of the service permission.

ServicePermission

public ServicePermission(java.lang.Class cls)

This constructor creates a ServicePermission for all methods in the specified class.

Parameters:

cls - class to be accessed