com.novell.security.sso
Class SSPermission

java.lang.Object
  |
  +--java.security.Permission
        |
        +--com.novell.security.sso.SSPermission

All Implemented Interfaces:

Guard, Serializable

public final class SSPermission

extends Permission

Permission class for Novell SecretStore(TM).
This security feature is implemented to ensure that applets/apps do not access a user's SecretStore without being given permission.

NOTE: This feature is completely dependent on the policy file on the local system. If the policy file is managed improperly, security may be breached.

In order for SSPermission to grant permission for an applet/app, the appropriate line must be added to the policy file for that applet/app.
It is possible to give general read, write, and/or admin access to the SecretStore. It is also possible to give read and/or write access to a specific secret in SecretStore. This ability to specify the secret applies to read and write access only. Only general admin access may be given.

Below is the syntax for giving an applet/app permission for accessing the SecretStore in general:

permission com.novell.security.sso.SSPermission "SecretStore", "read";
permission com.novell.security.sso.SSPermission "SecretStore", "write";
permission com.novell.security.sso.SSPermission "SecretStore", "read,write";
permission com.novell.security.sso.SSPermission "SecretStore", "admin";

Below is the syntax for giving an applet/app permission for reading and/or writing a specific secret.

permission com.novell.security.sso.SSPermission "[secretId]", "read";
permission com.novell.security.sso.SSPermission "[secretId]", "write";
permission com.novell.security.sso.SSPermission "[secretId]", "read,write";

Where [secretId] is the identifier of the secret in SecretStore for which the permission was granted.

Example: If the identifier of the secret is '\\Novell.com\Groupwise' and if I want to grant read permission to that specific secret, then the syntax would be:
permission com.novell.security.sso.SSPermission "\\Novell.com\Groupwise", "read";

Example: If I want to grant read permission to SecretStore as a whole then the syntax would be:
permission com.novell.security.sso.SSPermission "SecretStore", "read";

Granting write permission does not imply read permission, but granting admin implies both read and write permission

Since:

2.1

Version:

3.04

Author:

Steve Kinser

See Also:

Serialized Form

Field Summary

static String	ADMIN Action to grant 'admin' access to Secret Store.
static String	DEF_NAME The default SSPermission name.
static String	READ Action to grant 'read' access to Secret Store.
static String	WRITE Action to grant 'write' access to Secret Store.

Constructor Summary

SSPermission(String actions)
Constructs a SSPermission object with a name of "SecretStore"
The Object is also initialized with the supplied actions.

SSPermission(String entry, String actions)
Constructs a SSPermission object.

Method Summary

boolean	equals(Object obj)
String	getActions()
int	hashCode()
boolean	implies(Permission permission)

Methods inherited from class java.security.Permission

checkGuard, getName, newPermissionCollection, toString

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Field Detail

ADMIN

public static final String ADMIN

Action to grant 'admin' access to Secret Store. The value of this is "admin".

DEF_NAME

public static final String DEF_NAME

The default SSPermission name. The value of this is "SecretStore".

READ

public static final String READ

Action to grant 'read' access to Secret Store. The value of this is "read".

WRITE

public static final String WRITE

Action to grant 'write' access to Secret Store. The value of this is "write".

Constructor Detail

SSPermission

public SSPermission(String actions)
             throws IllegalArgumentException

Constructs a SSPermission object with a name of "SecretStore"
The Object is also initialized with the supplied actions.

Possible values:

"read" - SecretStore read permission
"write" - SecretStore write permission
"admin" - SecretStore administer permission

It can also be a combination of permissions:
"read,write" or "write,read"

NOTE: The comma is not mandatory.

The string is not case sensitive. Admin permission automatically assumes read and write permission, so the action "admin,read" is not necessary.

Parameters:

actions - The String of actions

Throws:

IllegalArgumentException - if actions does not contain any valid action.

SSPermission

public SSPermission(String entry,
                    String actions)
             throws IllegalArgumentException

Constructs a SSPermission object. Parses out the secret id. The Object is also initialized with the supplied actions. Admin permission does not apply to specific secrets.

Possible action values:

"read" - SecretStore read permission
"write" - SecretStore write permission
"admin" - SecretStore administer permission

It can also be a combination of permissions:
"read,write" or "write,read"

NOTE: The comma is not mandatory.

The string is not case sensitive. Admin permission automatically assumes read and write permission, so "admin,read" is not necessary.

Parameters:

entry - The entry.

actions - The String of actions

Throws:

IllegalArgumentException - if actions does not contain any valid action.

Method Detail

getActions

public String getActions()

Overrides:

getActions in class Permission

equals

public boolean equals(Object obj)

Overrides:

equals in class Permission

hashCode

public int hashCode()

Overrides:

hashCode in class Permission

implies

public boolean implies(Permission permission)

Overrides:

implies in class Permission