com.novell.security.sso
Class SSPermission
java.lang.Object
|
+--java.security.Permission
|
+--com.novell.security.sso.SSPermission
- All Implemented Interfaces:
- Guard, Serializable
- public final class SSPermission
- extends Permission
Permission class for Novell SecretStore(TM).
This security feature is implemented to ensure that applets/apps do not access
a user's SecretStore without being given permission.
NOTE: This feature is completely dependent on the policy file on the local
system. If the policy file is managed improperly, security may be breached.
In order for SSPermission to grant permission for an applet/app, the
appropriate line must be added to the policy file for that applet/app.
It is possible to give general read, write, and/or admin access to the SecretStore.
It is also possible to give read and/or write access to a specific secret in
SecretStore. This ability to specify the secret applies to read and write access
only. Only general admin access may be given.
Below is the syntax for giving an applet/app permission for accessing the
SecretStore in general:
permission com.novell.security.sso.SSPermission "SecretStore", "read";
permission com.novell.security.sso.SSPermission "SecretStore", "write";
permission com.novell.security.sso.SSPermission "SecretStore", "read,write";
permission com.novell.security.sso.SSPermission "SecretStore", "admin";
Below is the syntax for giving an applet/app permission for reading and/or writing
a specific secret.
permission com.novell.security.sso.SSPermission "[secretId]", "read";
permission com.novell.security.sso.SSPermission "[secretId]", "write";
permission com.novell.security.sso.SSPermission "[secretId]", "read,write";
Where [secretId] is the identifier of the secret in SecretStore for which the permission
was granted.
Example: If the identifier of the secret is '\\Novell.com\Groupwise' and if I want to grant
read permission to that specific secret, then the syntax would be:
permission com.novell.security.sso.SSPermission "\\Novell.com\Groupwise", "read";
Example: If I want to grant read permission to SecretStore as a whole then the
syntax would be:
permission com.novell.security.sso.SSPermission "SecretStore", "read";
Granting write permission does not imply read permission, but granting
admin implies both read and write permission
- Since:
- 2.1
- Version:
- 3.04
- Author:
- Steve Kinser
- See Also:
- Serialized Form
Field Summary |
static String |
ADMIN
Action to grant 'admin' access to Secret Store. |
static String |
DEF_NAME
The default SSPermission name. |
static String |
READ
Action to grant 'read' access to Secret Store. |
static String |
WRITE
Action to grant 'write' access to Secret Store. |
Constructor Summary |
SSPermission(String actions)
Constructs a SSPermission object with a name of "SecretStore"
The Object is also initialized with the supplied actions. |
SSPermission(String entry,
String actions)
Constructs a SSPermission object. |
ADMIN
public static final String ADMIN
- Action to grant 'admin' access to Secret Store. The value of this is "admin".
DEF_NAME
public static final String DEF_NAME
- The default SSPermission name. The value of this is "SecretStore".
READ
public static final String READ
- Action to grant 'read' access to Secret Store. The value of this is "read".
WRITE
public static final String WRITE
- Action to grant 'write' access to Secret Store. The value of this is "write".
SSPermission
public SSPermission(String actions)
throws IllegalArgumentException
- Constructs a SSPermission object with a name of "SecretStore"
The Object is also initialized with the supplied actions.
Possible values:
"read" - SecretStore read permission
"write" - SecretStore write permission
"admin" - SecretStore administer permission
It can also be a combination of permissions:
"read,write" or "write,read"
NOTE: The comma is not mandatory.
The string is not case sensitive. Admin permission automatically assumes
read and write permission, so the action "admin,read" is not necessary.
- Parameters:
actions
- The String of actions- Throws:
IllegalArgumentException
- if actions does not contain any valid action.
SSPermission
public SSPermission(String entry,
String actions)
throws IllegalArgumentException
- Constructs a SSPermission object. Parses out the secret id.
The Object is also initialized with the supplied actions. Admin permission
does not apply to specific secrets.
Possible action values:
"read" - SecretStore read permission
"write" - SecretStore write permission
"admin" - SecretStore administer permission
It can also be a combination of permissions:
"read,write" or "write,read"
NOTE: The comma is not mandatory.
The string is not case sensitive. Admin permission automatically assumes
read and write permission, so "admin,read" is not necessary.
- Parameters:
entry
- The entry.actions
- The String of actions- Throws:
IllegalArgumentException
- if actions does not contain any valid action.
getActions
public String getActions()
- Overrides:
getActions
in class Permission
equals
public boolean equals(Object obj)
- Overrides:
equals
in class Permission
hashCode
public int hashCode()
- Overrides:
hashCode
in class Permission
implies
public boolean implies(Permission permission)
- Overrides:
implies
in class Permission
Copyright © 1997-2003 Novell, Inc. All Rights Reserved.