PDPermission

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.tivoli.pd.jazn
Class PDPermission

java.lang.Object
  java.security.Permission
      com.ibm.IBMPermission
          com.tivoli.pd.jazn.PDPermission

All Implemented Interfaces:: java.io.Serializable, java.security.Guard

public class PDPermission
extends com.ibm.IBMPermission
extends com.ibm.IBMPermission

This class represents an authorization permission for accessing a resource object in the protected domain defined by Security Access Manager.

PDPermission allows usage of Security Access Manager as the authorization backend for normal Java 2 permission checks.

Permissions are created with resource name and actions. They are immutable once they are created.

The actions must correspond to one of the operations for which a Security Access Manager permission has been defined. The actions strings use this format: [action group name]action list. Action group name is optional. Action list consists of one or more action names which are one character in length. Examples of valid actions strings are: "[primary]rwc" "rw" "[java]rc[primary]rwx".

The requested resource to query for must correspond to a resource that has been defined as a protected object within Security Access Manager's protected object namespace.

Modes: Local,Remote

Note that PDPermission's local mode implies method is the most efficient of all methods that determine access decisions since it evaluates the requested permission against the PDPrincipal's access settings using the local database.

See Also:: "Limitations of implies in local mode (see Table)", Serialized Form

Constructor Summary
`PDPermission(PDAuthorizationContext ctxt, java.lang.String rname, java.lang.String actions)` Creates a new `PDPermission` object with the specified context, actions and resource.
`PDPermission(java.lang.String rname, java.lang.String actions)` Creates a new `PDPermission` object with the specified actions and resource.

Method Summary
`boolean`	`equals(java.lang.Object obj)` Determines whether this PDPermission is equivalent to the input object.
`java.lang.String`	`getActions()` Returns a String representation of this object.
`PDException`	`getPDException()` Provides access to any exception information received on the last `implies(Permission)` call.
`int`	`hashCode()` Returns the hash code value for this object.
`boolean`	`implies(PDAuthorizationContext ctxt, PDPrincipal princ)` Determines if Security Access Manager grants the permission(s) in this PDPermission object to the specified PDPrincipal.
`boolean`	`implies(PDAuthorizationContext ctxt, PDPrincipal princ, PDAttrs inputList, PDAttrs outputList)` Determines if Security Access Manager grants the permission(s) in this PDPermission object to the specified PDPrincipal.
`boolean`	`implies(java.security.Permission perm)` Determines if Security Access Manager grants the specified permission to the PDPrincipal(s) in the current Subject.

Methods inherited from class java.security.Permission
`checkGuard, getName, newPermissionCollection, toString`

Methods inherited from class java.lang.Object
`getClass, notify, notifyAll, wait, wait, wait`

Constructor Detail

PDPermission

public PDPermission(PDAuthorizationContext ctxt,
                    java.lang.String rname,
                    java.lang.String actions)
             throws PDException

Creates a new PDPermission object with the specified context, actions and resource.

Parameters:: ctxt - the authorization context. The authorization context represents the application's configuration and connection to the Security Access Manager policy server.; rname - name of the target resource object. Resource names must be specified in the following form: /Container1/Container2/.../Resource. Containers are optional but the resource name must begin with '/'.; actions - name of the requested operations. The actions can be concatenated together to form complex operation strings. The format is
[action group name]action list [[action group name]action list]...
Example action strings: "[primary]rwc", "rw", "[java]rc[primary]rwx". "primary" is the default action group if an action group name is not specified.
Throws:: PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

PDPermission

public PDPermission(java.lang.String rname,
                    java.lang.String actions)
             throws PDException

Creates a new PDPermission object with the specified actions and resource.

Parameters:: rname - name of the target resource object. Resource names must be specified in the following form: /Container1/Container2/.../Resource. Containers are optional but the resource name must begin with '/'.; actions - name of the requested operations. The actions can be concatenated together to form complex operation strings. The format is
[action group name]action list [[action group name]action list]...
Example action strings: "[primary]rwc", "rw", "[java]rc[primary]rwx". "primary" is the default action group if an action group name is not specified.
Throws:: PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

Method Detail

implies

public boolean implies(java.security.Permission perm)

Determines if Security Access Manager grants the specified permission to the PDPrincipal(s) in the current Subject.

More specifically, this method returns true if:

p is an instance of PDPermission
p is a permission granted by Security Access Manager to the PDPrincipal(s) in the current Subject

Specified by:: implies in class com.ibm.IBMPermission

Parameters:: perm - the permission to check. Cannot be null.
Returns:: true, if Security Access Manager grants the specified permission to the principal(s) in the current Subject; false, otherwise. False is also returned if a PDException is generated in the course of the authorization operation. Use the getPDException method to determine if a PDException was thrown.

implies

public boolean implies(PDAuthorizationContext ctxt,
                       PDPrincipal princ)
                throws PDException

Determines if Security Access Manager grants the permission(s) in this PDPermission object to the specified PDPrincipal.

More specifically, this method returns true if:

princ is non-null
this object's permission is granted by Security Access Manager to the specified PDPrincipal

Parameters:: ctxt - the authorization context. The authorization context represents the application's configuration and connection to the Security Access Manager domain.; princ - the PDPrincipal whose permissions will be checked. Cannot be null.
Returns:: true if Security Access Manager grants this object's permission to the principal; false, otherwise.
Throws:: PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

implies

public boolean implies(PDAuthorizationContext ctxt,
                       PDPrincipal princ,
                       PDAttrs inputList,
                       PDAttrs outputList)
                throws PDException

Determines if Security Access Manager grants the permission(s) in this PDPermission object to the specified PDPrincipal.

More specifically, this method returns true if:

princ is non-null
this object's permission is granted by Security Access Manager to the specified PDPrincipal

Parameters:: ctxt - the authorization context. The authorization context represents the application's configuration and connection to the Security Access Manager domain.; princ - the PDPrincipal whose permissions will be checked. Cannot be null.; inputList - the input attribute list passed to the server.; outputList - the output attribute list received from the server.
Returns:: true if Security Access Manager grants this object's permission to the principal; false, otherwise.
Throws:: PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

equals

public boolean equals(java.lang.Object obj)

Determines whether this PDPermission is equivalent to the input object.

Specified by:: equals in class com.ibm.IBMPermission

Parameters:: obj - the object to compare with this object.
Returns:: true if obj is a PDPermission, and has the same name and actions as this PDPermission object.

getActions

public java.lang.String getActions()

Returns a String representation of this object.

Specified by:: getActions in class java.security.Permission

hashCode

public int hashCode()

Returns the hash code value for this object.

Specified by:: hashCode in class com.ibm.IBMPermission

getPDException

public PDException getPDException()

Provides access to any exception information received on the last implies(Permission) call. If no exception was thrown, null is returned.

Returns:: a PDException object describing errors on the last implies(Permission) call, or null.

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.tivoli.pd.jazn Class PDPermission

PDPermission

PDPermission

implies

implies

implies

equals

getActions

hashCode

getPDException

com.tivoli.pd.jazn
Class PDPermission