FileDocCategorySizeDatePackage
PolicyParser.javaAPI DocJava SE 6 API23807Tue Jun 10 00:23:22 BST 2008com.sun.security.auth

PolicyParser

public class PolicyParser extends Object
The policy for a Java runtime (specifying which permissions are available for code from various principals) is represented as a separate persistent configuration. The configuration may be stored as a flat ASCII file, as a serialized binary file of the Policy class, or as a database.

The Java runtime creates one global Policy object, which is used to represent the static policy configuration file. It is consulted by a ProtectionDomain when the protection domain initializes its set of permissions.

The Policy init method parses the policy configuration file, and then populates the Policy object. The Policy object is agnostic in that it is not involved in making policy decisions. It is merely the Java runtime representation of the persistent policy configuration file.

When a protection domain needs to initialize its set of permissions, it executes code such as the following to ask the global Policy object to populate a Permissions object with the appropriate permissions: 

policy = Policy.getPolicy();
Permissions perms = policy.getPermissions(MyCodeSource)

The protection domain passes in a CodeSource object, which encapsulates its codebase (URL) and public key attributes. The Policy object evaluates the global policy in light of who the principal is and returns an appropriate Permissions object.

deprecated
As of JDK 1.4, replaced by {@link sun.security.provider.PolicyParser}. This class is entirely deprecated.
version
1.43, 04/07/06
author
Roland Schemers
since
1.2

Fields Summary
private static final ResourceBundle
rb
private Vector
grantEntries
private static final Debug
debug
private StreamTokenizer
st
private int
lookahead
private int
linenum
private boolean
expandProp
private String
keyStoreUrlString
private String
keyStoreType
Constructors Summary
public PolicyParser()
Creates a PolicyParser object.

	grantEntries = new Vector();
public PolicyParser(boolean expandProp)

	this();
	this.expandProp = expandProp;
Methods Summary
public voidadd(com.sun.security.auth.PolicyParser$GrantEntry ge)

	grantEntries.addElement(ge);
private java.lang.Stringexpand(java.lang.String value)


       
	 
    
	if (expandProp)
	    return PropertyExpander.expand(value);
	else 
	    return value;
public java.lang.StringgetKeyStoreType()

	return keyStoreType;
public java.lang.StringgetKeyStoreUrl()
Returns the (possibly expanded) keystore location, or null if the expansion fails.

	try {
	    if (keyStoreUrlString!=null && keyStoreUrlString.length()!=0) {
		return expand(keyStoreUrlString).replace(File.separatorChar,
							 '/");
	    }
	} catch (PropertyExpander.ExpandException peee) {
	    return null;
	}
	return null;
public java.util.EnumerationgrantElements()
Enumerate all the entries in the global policy object. This method is used by policy admin tools. The tools should use the Enumeration methods on the returned object to fetch the elements sequentially.

	return grantEntries.elements();
public static voidmain(java.lang.String[] arg)

	PolicyParser pp = new PolicyParser(true);
	pp.read(new FileReader(arg[0]));
	FileWriter fr = new FileWriter(arg[1]);
	pp.write(fr);
        fr.close();
private java.lang.Stringmatch(java.lang.String expect)

	String value = null;

	switch (lookahead) {
	case StreamTokenizer.TT_NUMBER:
	    throw new ParsingException(st.lineno(), expect, 
					rb.getString("number ") +
					String.valueOf(st.nval));
	case StreamTokenizer.TT_EOF:
	   throw new ParsingException
		(rb.getString("expected ") + expect +
		rb.getString(", read end of file"));
	case StreamTokenizer.TT_WORD:
	    if (expect.equalsIgnoreCase(st.sval)) {
		lookahead = st.nextToken();
	    } else if (expect.equalsIgnoreCase("permission type")) {
		value = st.sval;
		lookahead = st.nextToken();
	    } else if (expect.equalsIgnoreCase("principal type")) {
		value = st.sval;
		lookahead = st.nextToken();
	    } else {
		throw new ParsingException(st.lineno(), expect, st.sval);
	    }
	    break;
	case '"":
	    if (expect.equalsIgnoreCase("quoted string")) {
		value = st.sval;
		lookahead = st.nextToken();
	    } else if (expect.equalsIgnoreCase("permission type")) {
		value = st.sval;
		lookahead = st.nextToken();
	    } else if (expect.equalsIgnoreCase("principal type")) {
		value = st.sval;
		lookahead = st.nextToken();
	    } else {
		throw new ParsingException(st.lineno(), expect, st.sval);
	    }
	    break;
	case ',":
	    if (expect.equalsIgnoreCase(","))
		lookahead = st.nextToken();
	    else
		throw new ParsingException(st.lineno(), expect, ",");
	    break;
	case '{":
	    if (expect.equalsIgnoreCase("{"))
		lookahead = st.nextToken();
	    else
		throw new ParsingException(st.lineno(), expect, "{");
	    break;
	case '}":
	    if (expect.equalsIgnoreCase("}"))
		lookahead = st.nextToken();
	    else
		throw new ParsingException(st.lineno(), expect, "}");
	    break;
	case ';":
	    if (expect.equalsIgnoreCase(";"))
		lookahead = st.nextToken();
	    else
		throw new ParsingException(st.lineno(), expect, ";");
	    break;
	case '*":
	    if (expect.equalsIgnoreCase("*"))
		lookahead = st.nextToken();
	    else
		throw new ParsingException(st.lineno(), expect, "*");
	    break;
	default:
	    throw new ParsingException(st.lineno(), expect, 
			       new String(new char[] {(char)lookahead}));
	}
	return value;
private com.sun.security.auth.PolicyParser$GrantEntryparseGrantEntry()
parse a Grant entry

	GrantEntry e = new GrantEntry();
	LinkedList principals = null;
	boolean ignoreEntry = false;

	match("grant");

	while(!peek("{")) {

	    if (peekAndMatch("Codebase")) {
		e.codeBase = match("quoted string");
		peekAndMatch(",");
	    } else if (peekAndMatch("SignedBy")) {
		e.signedBy = match("quoted string");
		peekAndMatch(",");
	    } else if (peekAndMatch("Principal")) {
		if (principals == null) {
		    principals = new LinkedList();
		}

		// check for principalClass wildcard
		String principalClass;
		if (peek("*")) {
		    match("*");
		    principalClass = PrincipalEntry.WILDCARD_CLASS;
		} else {
		    principalClass = match("principal type");
		}

		// check for principalName wildcard
		String principalName;
		if (peek("*")) {
		    match("*");
		    principalName = PrincipalEntry.WILDCARD_NAME;
		} else {
		    principalName = match("quoted string");
		}

		// disallow WILDCARD_CLASS && actual name
		if (principalClass.equals(PrincipalEntry.WILDCARD_CLASS) &&
		    !principalName.equals(PrincipalEntry.WILDCARD_NAME)) {
		    if (debug != null)
			debug.println("disallowing principal that has " +
				"WILDCARD class but no WILDCARD name");
		    throw new ParsingException
			(st.lineno(),
			rb.getString("can not specify Principal with a ") +
			rb.getString("wildcard class without a wildcard name"));
		}

		try {
		    principalName = expand(principalName);
		    principals.add
			(new PrincipalEntry(principalClass, principalName));
		} catch (PropertyExpander.ExpandException peee) {
		    // ignore the entire policy entry 
		    // but continue parsing all the info
		    // so we can get to the next entry
		    if (debug != null)
			debug.println("principal name expansion failed: " +
					principalName);
		    ignoreEntry = true;
		}
		peekAndMatch(",");
	    } else {
		throw new 
		 ParsingException(st.lineno(),
			rb.getString("expected codeBase or SignedBy"));
	    }
	}

	// disallow non principal-based grant entries
	if (principals == null) {
	    throw new ParsingException
		(st.lineno(),
		rb.getString("only Principal-based grant entries permitted"));
	}

	e.principals = principals;
	match("{");

	while(!peek("}")) {
 	    if (peek("Permission")) {
		try {
		    PermissionEntry pe = parsePermissionEntry();
		    e.add(pe);
		} catch (PropertyExpander.ExpandException peee) {
		    // ignore. The add never happened
		    skipEntry();  // BugId 4219343
		}
		match(";");
  	    } else {
		throw new 
		    ParsingException(st.lineno(),
		    rb.getString("expected permission entry"));
	    }
	}
	match("}");

	try {
	    if (e.codeBase != null)
	      e.codeBase = expand(e.codeBase).replace(File.separatorChar, '/");
	    e.signedBy = expand(e.signedBy);
	} catch (PropertyExpander.ExpandException peee) {
	    return null;
	}

	return (ignoreEntry == true) ? null : e;
private voidparseKeyStoreEntry()
parses a keystore entry

	match("keystore");
	keyStoreUrlString = match("quoted string");

	// parse keystore type
	if (!peek(",")) {
	    return; // default type
	}
	match(",");

	if (peek("\"")) {
	    keyStoreType = match("quoted string");
	} else {
	    throw new ParsingException(st.lineno(),
			rb.getString("expected keystore type"));
	}
private com.sun.security.auth.PolicyParser$PermissionEntryparsePermissionEntry()
parse a Permission entry

	PermissionEntry e = new PermissionEntry();

	// Permission
	match("Permission"); 
	e.permission = match("permission type");

	if (peek("\"")) {
	    // Permission name
	    e.name = expand(match("quoted string")); 
	}

	if (!peek(",")) {
	    return e;
	}
	match(",");

	if (peek("\"")) {
		e.action = expand(match("quoted string"));
		if (!peek(",")) {
		    return e;
		}
		match(",");
	}

	if (peekAndMatch("SignedBy")) {
	    e.signedBy = expand(match("quoted string"));
	}
	return e;
private booleanpeek(java.lang.String expect)

	boolean found = false;

	switch (lookahead) {

	case StreamTokenizer.TT_WORD:
	    if (expect.equalsIgnoreCase(st.sval)) 
		found = true;
	    break;
	case ',":
	    if (expect.equalsIgnoreCase(","))
		found = true;
	    break;
	case '{":
	    if (expect.equalsIgnoreCase("{"))
		found = true;
	    break;
	case '}":
	    if (expect.equalsIgnoreCase("}"))
		found = true;
	    break;
	case '"":
	    if (expect.equalsIgnoreCase("\""))
		found = true;
	    break;
	case '*":
	    if (expect.equalsIgnoreCase("*"))
		found = true;
	    break;
	default:
	    
	}	
	return found;
private booleanpeekAndMatch(java.lang.String expect)

	if (peek(expect)) {
	    match(expect);
	    return true;
	} else {
	    return false;
	}
public voidread(java.io.Reader policy)
Reads a policy configuration into the Policy object using a Reader object.

param
policy the policy Reader object.
exception
ParsingException if the policy configuration contains a syntax error.
exception
IOException if an error occurs while reading the policy configuration.

	if (!(policy instanceof BufferedReader)) {
	    policy = new BufferedReader(policy);
	}

	/**
	 * Configure the stream tokenizer:
	 * 	Recognize strings between "..."
	 * 	Don't convert words to lowercase
	 * 	Recognize both C-style and C++-style comments
	 * 	Treat end-of-line as white space, not as a token
	 */
	st   = new StreamTokenizer(policy);

	st.resetSyntax();
	st.wordChars('a", 'z");
	st.wordChars('A", 'Z");
	st.wordChars('.", '.");
	st.wordChars('0", '9");
	st.wordChars('_", '_");
	st.wordChars('$", '$");
	st.wordChars(128 + 32, 255);
	st.whitespaceChars(0, ' ");
	st.commentChar('/");
	st.quoteChar('\'");
	st.quoteChar('"");
	st.lowerCaseMode(false);
	st.ordinaryChar('/");
	st.slashSlashComments(true);
	st.slashStarComments(true);

	/**
	 * The main parsing loop.  The loop is executed once
	 * for each entry in the config file.      The entries
	 * are delimited by semicolons.   Once we've read in
	 * the information for an entry, go ahead and try to
	 * add it to the policy vector. 
	 * 
	 */ 

	lookahead = st.nextToken();
	while (lookahead != StreamTokenizer.TT_EOF) {
	    if (peek("grant")) {
		GrantEntry ge = parseGrantEntry();
		// could be null if we couldn't expand a property
		if (ge != null)
		    add(ge);
	    } else if (peek("keystore") && keyStoreUrlString==null) {
		// only one keystore entry per policy file, others will be
		// ignored
		parseKeyStoreEntry();
	    } else {
		// error?
	    }
	    match(";");
	}
public booleanremove(com.sun.security.auth.PolicyParser$GrantEntry ge)

	return grantEntries.removeElement(ge);
public voidreplace(com.sun.security.auth.PolicyParser$GrantEntry origGe, com.sun.security.auth.PolicyParser$GrantEntry newGe)

	grantEntries.setElementAt(newGe, grantEntries.indexOf(origGe));
public voidsetKeyStoreType(java.lang.String type)

	keyStoreType = type;
public voidsetKeyStoreUrl(java.lang.String url)

	keyStoreUrlString = url;
private voidskipEntry()
skip all tokens for this entry leaving the delimiter ";" in the stream.

      while(lookahead != ';") {
	switch (lookahead) {
	case StreamTokenizer.TT_NUMBER:
	    throw new ParsingException(st.lineno(), ";",
				       rb.getString("number ") +
					String.valueOf(st.nval));
	case StreamTokenizer.TT_EOF:
	  throw new ParsingException
		(rb.getString("expected ';', read end of file"));
	default:
	  lookahead = st.nextToken();
	}
      }
public voidwrite(java.io.Writer policy)
write out the policy

	PrintWriter out = new PrintWriter(new BufferedWriter(policy));

	Enumeration enum_ = grantElements();

	out.println("/* AUTOMATICALLY GENERATED ON "+
		    (new java.util.Date()) + "*/");
	out.println("/* DO NOT EDIT */");
	out.println();

	// write the (unexpanded) keystore entry as the first entry of the
	// policy file
	if (keyStoreUrlString != null) {
	    writeKeyStoreEntry(out);
	}

	// write "grant" entries
	while (enum_.hasMoreElements()) {
	    GrantEntry ge = (GrantEntry) enum_.nextElement();
	    ge.write(out);
	    out.println();
	}
	out.flush();
private voidwriteKeyStoreEntry(java.io.PrintWriter out)
writes the (unexpanded) keystore entry

	out.print("keystore \"");
	out.print(keyStoreUrlString);
	out.print('"");
	if (keyStoreType != null && keyStoreType.length() > 0)
	    out.print(", \"" + keyStoreType + "\"");
	out.println(";");
	out.println();