BEA Systems, Inc.
WebLogic Server 5.1.0 API Reference

weblogic.security.acl
Class Security

java.lang.Object
  |
  +--weblogic.security.acl.Security
public class Security
extends java.lang.Object

The Security class groups static functions for accessing the default realm and authentication contexts for threads. For security reasons, the methods in this class may only be executed from within WebLogic's VM. Each method requires access to a realm and its ACLs, users, and groups, none of which a client application can access.

Author:
Copyright (c) 1997-1998 by WebLogic, Inc. All Rights Reserved., Copyright (c) 1999 by BEA WebXpress. All Rights Reserved.
Copyright © 2000 BEA Systems, Inc. All Rights Reserved.

Field Summary
static weblogic.t3.services.BooleanProperty logAllUsageProp
           
static java.lang.String URLACLNAME
           
 
Constructor Summary
Security()
           
 
Method Summary
static void checkPermission(java.security.Principal principal, java.lang.String aclName, java.security.acl.Permission permission, char sep)
          Determines whether the specified Principal has the specified permission, according to Acls in the WebLogic realm.
static void checkPermission(java.security.Principal principal, java.lang.String aclName, java.security.acl.Permission permission, char sep, java.security.acl.Acl dflt)
          Determines whether the specified Principal has the specified permission, according to Acls in the WebLogic realm.
static void checkPermission(java.lang.String aclName, java.security.acl.Permission permission, char sep)
          Determines whether the current user has the specified permission, according to Acls in the WebLogic realm.
static void checkPermission(java.lang.String subsystem, java.security.Principal principal, java.lang.String aclName, java.security.acl.Permission permission, char sep)
           
static void checkPermission(java.lang.String subsystem, java.security.Principal principal, java.lang.String aclName, java.security.acl.Permission permission, char sep, java.security.acl.Acl dflt)
           
static void checkPermission(java.lang.String subsystem, java.lang.String aclName, java.security.acl.Permission permission, char sep)
           
static java.lang.Object doAsPrivileged(UserInfo newUser, PrivilegedAction action)
          Set a new user to the thread for the running of the input action.
static java.lang.Object doAsPrivileged(UserInfo newUser, PrivilegedExceptionAction action)
          Set a new user to the thread for running of the input action.
static User getCurrentUser()
          Returns the current user, which is either user information associated with the thread or the special user "guest." if no user has been set.
static BasicRealm getRealm()
          Returns the WebLogic realm.
static User getUser(java.lang.String name, java.lang.Object credential)
          Gets the User for the specified username and credential.
static UserInfo getUserInfo(java.lang.String name, java.lang.Object credential)
          Gets the UserInfo for the specified username and credential.
static boolean hasPermission(java.security.Principal principal, java.lang.String aclName, java.security.acl.Permission permission, char sep)
          Determines whether the specified Principal has the specified permission, according to Acls in the WebLogic realm.
static boolean hasPermission(java.security.Principal principal, java.lang.String aclName, java.security.acl.Permission permission, char sep, java.security.acl.Acl dflt)
          Determines whether the specified Principal has the specified permission, according to Acls in the WebLogic realm.
static boolean hasPermission(java.security.Principal principal, java.lang.String aclName, java.lang.String permissionName, char sep)
          Determines whether the specified Principal has a permission of the specified name, according to Acls in the WebLogic realm.
static boolean hasPermission(java.lang.String aclName, java.security.acl.Permission permission, char sep)
          Determines whether the current user has the specified permission, according to Acls in the WebLogic realm.
static boolean hasPermission(java.lang.String aclName, java.security.acl.Permission permission, char sep, java.security.acl.Acl dflt)
          Determines whether the current user has the specified permission, according to Acls in the WebLogic realm.
static boolean hasPermission(java.lang.String subsystem, java.security.Principal principal, java.lang.String aclName, java.security.acl.Permission permission, char sep)
           
static boolean hasPermission(java.lang.String subsystem, java.security.Principal principal, java.lang.String aclName, java.security.acl.Permission permission, char sep, java.security.acl.Acl dflt)
           
static boolean hasPermission(java.lang.String subsystem, java.security.Principal principal, java.lang.String aclName, java.lang.String permissionName, char sep)
           
static void init(BasicRealm aRealm)
          Initializes the specified BasicRealm.
static void logAndThrow(java.lang.String msg)
          Makes an entry in the security log and throws an exception.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

logAllUsageProp

public static weblogic.t3.services.BooleanProperty logAllUsageProp

URLACLNAME

public static final java.lang.String URLACLNAME
Constructor Detail

Security

public Security()
Method Detail

getRealm

public static BasicRealm getRealm()
Returns the WebLogic realm.

hasPermission

public static boolean hasPermission(java.security.Principal principal,
                                    java.lang.String aclName,
                                    java.lang.String permissionName,
                                    char sep)
Determines whether the specified Principal has a permission of the specified name, according to Acls in the WebLogic realm. The Acl is determined by searching for Acls in the WebLogic realm whose names are prefixes of the argument "aclName," delimited by the character specified in the argument "sep."

Parameters:
principal - Principal to be checked
aclName - ACL to be matched
permissionName - Permission to be matched
sep - Character delimiter for ACL
Returns:
True if Principal has permission

hasPermission

public static boolean hasPermission(java.lang.String subsystem,
                                    java.security.Principal principal,
                                    java.lang.String aclName,
                                    java.lang.String permissionName,
                                    char sep)

hasPermission

public static boolean hasPermission(java.security.Principal principal,
                                    java.lang.String aclName,
                                    java.security.acl.Permission permission,
                                    char sep)
Determines whether the specified Principal has the specified permission, according to Acls in the WebLogic realm. The Acl is determined by searching for Acls in the WebLogic realm whose names are prefixes of the argument "aclName," delimited by the character specified in the argument "sep."

Parameters:
principal - Principal to be checked
aclName - ACL to be matched
permissionName - Permission object
sep - Character delimiter for ACL
Returns:
True if Principal has permission

hasPermission

public static boolean hasPermission(java.lang.String subsystem,
                                    java.security.Principal principal,
                                    java.lang.String aclName,
                                    java.security.acl.Permission permission,
                                    char sep)

hasPermission

public static boolean hasPermission(java.security.Principal principal,
                                    java.lang.String aclName,
                                    java.security.acl.Permission permission,
                                    char sep,
                                    java.security.acl.Acl dflt)
Determines whether the specified Principal has the specified permission, according to Acls in the WebLogic realm. The Acl is determined by searching for Acls in the WebLogic realm whose names are prefixes of the argument "aclName," delimited by the character specified in the argument "sep." If no Acl is found, the Acl defined by the "dflt" argument is used. If null is supplied as the "dflt" argument, it is equivalent to but faster than providing an Acl that grants all permissions to everyone.

Parameters:
principal - Principal to be checked
aclName - ACL to be matched
permissionName - Permission object
sep - Character delimiter for ACL
dflt - Default ACL to be used if no ACL is found
Returns:
True if Principal has permission

hasPermission

public static boolean hasPermission(java.lang.String subsystem,
                                    java.security.Principal principal,
                                    java.lang.String aclName,
                                    java.security.acl.Permission permission,
                                    char sep,
                                    java.security.acl.Acl dflt)

hasPermission

public static boolean hasPermission(java.lang.String aclName,
                                    java.security.acl.Permission permission,
                                    char sep)
Determines whether the current user has the specified permission, according to Acls in the WebLogic realm. The Acl is determined by searching for Acls in the WebLogic realm whose names are prefixes of the argument "aclName," delimited by the character specified in the argument "sep."

Parameters:
aclName - ACL to be matched
permissionName - Permission object
sep - Character delimiter for ACL
Returns:
True if current user has permission

hasPermission

public static boolean hasPermission(java.lang.String aclName,
                                    java.security.acl.Permission permission,
                                    char sep,
                                    java.security.acl.Acl dflt)
Determines whether the current user has the specified permission, according to Acls in the WebLogic realm. The Acl is determined by searching for Acls in the WebLogic realm whose names are prefixes of the argument "aclName," delimited by the character specified in the argument "sep." If no Acl is found, the Acl defined by the "dflt" argument is used. If null is supplied as the "dflt" argument, it is equivalent to but faster than providing an Acl that grants all permissions to everyone.

Parameters:
aclName - ACL to be matched
permissionName - Permission object
sep - Character delimiter for ACL
dflt - Default ACL to be used if no ACL is found
Returns:
True if current user has permission

getCurrentUser

public static User getCurrentUser()
Returns the current user, which is either user information associated with the thread or the special user "guest." if no user has been set.

Returns:
User

checkPermission

public static void checkPermission(java.security.Principal principal,
                                   java.lang.String aclName,
                                   java.security.acl.Permission permission,
                                   char sep,
                                   java.security.acl.Acl dflt)
                            throws java.lang.SecurityException
Determines whether the specified Principal has the specified permission, according to Acls in the WebLogic realm. The Acl is determined by searching for Acls in the WebLogic realm whose names are prefixes of the argument "aclName," delimited by the character specified in the argument "sep." If no Acl is found, the Acl defined by the "dflt" argument is used. If null is supplied as the "dflt" argument, it is equivalent to but faster than providing an Acl that grants all permissions to everyone.

Makes an entry in the security log and throws an exception on failure.

Parameters:
principal - Principal to be checked
aclName - ACL to be matched
permissionName - Permission object
sep - Character delimiter for ACL
dflt - Default ACL to be used if no ACL is found
Throws:
java.lang.SecurityException - if the permission check fails

checkPermission

public static void checkPermission(java.lang.String subsystem,
                                   java.security.Principal principal,
                                   java.lang.String aclName,
                                   java.security.acl.Permission permission,
                                   char sep,
                                   java.security.acl.Acl dflt)
                            throws java.lang.SecurityException

checkPermission

public static void checkPermission(java.security.Principal principal,
                                   java.lang.String aclName,
                                   java.security.acl.Permission permission,
                                   char sep)
                            throws java.lang.SecurityException
Determines whether the specified Principal has the specified permission, according to Acls in the WebLogic realm. The Acl is determined by searching for Acls in the WebLogic realm whose names are prefixes of the argument "aclName," delimited by the character specified in the argument "sep." If no Acl is found, the permission check fails. Unless the class variable logAllUsageProp has been set to false, the exception is written to the server log.

Makes an entry in the security log and throws an exception on failure.

Parameters:
principal - Principal to be checked
aclName - ACL to be matched
permissionName - Permission object
sep - Character delimiter for ACL
Throws:
java.lang.SecurityException - if the permission check fails

checkPermission

public static void checkPermission(java.lang.String subsystem,
                                   java.security.Principal principal,
                                   java.lang.String aclName,
                                   java.security.acl.Permission permission,
                                   char sep)
                            throws java.lang.SecurityException

checkPermission

public static void checkPermission(java.lang.String aclName,
                                   java.security.acl.Permission permission,
                                   char sep)
                            throws java.lang.SecurityException
Determines whether the current user has the specified permission, according to Acls in the WebLogic realm. The Acl is determined by searching for Acls in the WebLogic realm whose names are prefixes of the argument "aclName," delimited by the character specified in the argument "sep." If no Acl is found, the permission check fails. Unless the class variable logAllUsageProp has been set to false, the exception is written to the server log.

Makes an entry in the security log and throws an exception on failure.

Parameters:
aclName - ACL to be matched
permissionName - Permission object
sep - Character delimiter for ACL
Throws:
java.lang.SecurityException - if the permission check fails

checkPermission

public static void checkPermission(java.lang.String subsystem,
                                   java.lang.String aclName,
                                   java.security.acl.Permission permission,
                                   char sep)
                            throws java.lang.SecurityException

getUserInfo

public static UserInfo getUserInfo(java.lang.String name,
                                   java.lang.Object credential)
Gets the UserInfo for the specified username and credential.

Parameters:
name - Name of user
credential - Credential of user
Returns:
UserInfo object

getUser

public static User getUser(java.lang.String name,
                           java.lang.Object credential)
Gets the User for the specified username and credential.

Parameters:
name - Name of user
credential - Credential of user
Returns:
User object

logAndThrow

public static void logAndThrow(java.lang.String msg)
                        throws java.lang.SecurityException
Makes an entry in the security log and throws an exception.

Parameters:
msg - Security-related msg to add to the exception
Throws:
java.lang.SecurityException - if the log cannot be accessed

init

public static void init(BasicRealm aRealm)
Initializes the specified BasicRealm.

Parameters:
aRealm - Realm to be initialized

doAsPrivileged

public static java.lang.Object doAsPrivileged(UserInfo newUser,
                                              PrivilegedAction action)
Set a new user to the thread for the running of the input action. User will be popped back off the stack and identity of original caller reinstated at the end of the run.

Parameters:
newUser - UserInfo of the user to be set to the thread
action - runnable action to take on behalf of the user
Returns:
Object object returned by the action's run method

doAsPrivileged

public static java.lang.Object doAsPrivileged(UserInfo newUser,
                                              PrivilegedExceptionAction action)
                                       throws java.lang.Exception
Set a new user to the thread for running of the input action. User will be popped back off the stack and identity of original caller will be reinstated at the end of the run.

Parameters:
newUser - UserInfo of the user to be set to the thread
action - runnable action to execute on behalf of the user
Returns:
Object returned by the action's run method
Throws:
java.lang.Exception -  
java.lang.SecurityException - if unable to authenticate the new User
Documentation is available at
http://www.weblogic.com/docs51