Removed duplicate JACC (Jakarta Authorization) module.
This module used code incompatible with JDK 11. Activated the other
module by default now.
Signed-off-by: arjantijms <arjan.tijms@gmail.com>
diff --git a/appserver/admin/admin-core/src/test/resources/UpgradeTest.xml b/appserver/admin/admin-core/src/test/resources/UpgradeTest.xml
index f790b84..89baf0c 100644
--- a/appserver/admin/admin-core/src/test/resources/UpgradeTest.xml
+++ b/appserver/admin/admin-core/src/test/resources/UpgradeTest.xml
@@ -147,7 +147,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider>
diff --git a/appserver/admin/template/src/main/resources/config/domain.xml b/appserver/admin/template/src/main/resources/config/domain.xml
index 016f165..ff0e42b 100644
--- a/appserver/admin/template/src/main/resources/config/domain.xml
+++ b/appserver/admin/template/src/main/resources/config/domain.xml
@@ -103,7 +103,7 @@
<property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default">
+ <jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default">
<property value="${com.sun.aas.instanceRoot}/generated/policy" name="repository" />
</jacc-provider>
<jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" />
@@ -300,7 +300,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/appserver/admingui/common/src/main/help/en/help/task-jaccprovidernew.html b/appserver/admingui/common/src/main/help/en/help/task-jaccprovidernew.html
index c0659f0..e6d98d5 100644
--- a/appserver/admingui/common/src/main/help/en/help/task-jaccprovidernew.html
+++ b/appserver/admingui/common/src/main/help/en/help/task-jaccprovidernew.html
@@ -45,11 +45,11 @@
</li>
<li>
<p>In the Policy Configuration field, type the name of the class that implements the policy configuration factory.</p>
-<p>The <code>default</code> provider uses <code>com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl</code>. The <code>simple</code> provider uses <code>com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory</code>.</p>
+<p>The <code>default</code> provider uses <code>com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory</code>. The <code>simple</code> provider uses <code>com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory</code>.</p>
</li>
<li>
<p>In the Policy Provider field, type the name of the class that implements the policy factory.</p>
-<p>The <code>default</code> provider uses <code>com.sun.enterprise.security.provider.PolicyWrapper</code>. The <code>simple</code> provider uses <code>com.sun.enterprise.security.jacc.provider.SimplePolicyProvider</code>.</p>
+<p>The <code>default</code> provider uses <code>com.sun.enterprise.security.jacc.provider.SimplePolicyProvider</code>. The <code>simple</code> provider uses <code>com.sun.enterprise.security.jacc.provider.SimplePolicyProvider</code>.</p>
</li>
<li>
<p>In the Additional Properties section, specify additional properties.</p>
diff --git a/appserver/connectors/admin/src/test/resources/DomainTest.xml b/appserver/connectors/admin/src/test/resources/DomainTest.xml
index 0e9429d..cbf7a8b 100644
--- a/appserver/connectors/admin/src/test/resources/DomainTest.xml
+++ b/appserver/connectors/admin/src/test/resources/DomainTest.xml
@@ -83,7 +83,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/appserver/connectors/connectors-internal-api/src/test/resources/DomainTest.xml b/appserver/connectors/connectors-internal-api/src/test/resources/DomainTest.xml
index 81e6116..1483d13 100644
--- a/appserver/connectors/connectors-internal-api/src/test/resources/DomainTest.xml
+++ b/appserver/connectors/connectors-internal-api/src/test/resources/DomainTest.xml
@@ -77,7 +77,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/appserver/connectors/connectors-internal-api/src/test/resources/PasswordAliasTest.xml b/appserver/connectors/connectors-internal-api/src/test/resources/PasswordAliasTest.xml
index 9224925..6be8d68 100644
--- a/appserver/connectors/connectors-internal-api/src/test/resources/PasswordAliasTest.xml
+++ b/appserver/connectors/connectors-internal-api/src/test/resources/PasswordAliasTest.xml
@@ -85,7 +85,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/appserver/jdbc/admin/src/test/resources/DomainTest.xml b/appserver/jdbc/admin/src/test/resources/DomainTest.xml
index ed36202..f525855 100644
--- a/appserver/jdbc/admin/src/test/resources/DomainTest.xml
+++ b/appserver/jdbc/admin/src/test/resources/DomainTest.xml
@@ -70,7 +70,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
diff --git a/appserver/jdbc/jdbc-runtime/src/test/resources/DomainTest.xml b/appserver/jdbc/jdbc-runtime/src/test/resources/DomainTest.xml
index 47a2415..74d889d 100644
--- a/appserver/jdbc/jdbc-runtime/src/test/resources/DomainTest.xml
+++ b/appserver/jdbc/jdbc-runtime/src/test/resources/DomainTest.xml
@@ -91,7 +91,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/appserver/orb/orb-connector/src/test/resources/DomainTest.xml b/appserver/orb/orb-connector/src/test/resources/DomainTest.xml
index ebf7266..01d6990 100644
--- a/appserver/orb/orb-connector/src/test/resources/DomainTest.xml
+++ b/appserver/orb/orb-connector/src/test/resources/DomainTest.xml
@@ -78,7 +78,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/appserver/resources/mail/mail-connector/src/test/resources/DomainTest.xml b/appserver/resources/mail/mail-connector/src/test/resources/DomainTest.xml
index 0e9429d..cbf7a8b 100644
--- a/appserver/resources/mail/mail-connector/src/test/resources/DomainTest.xml
+++ b/appserver/resources/mail/mail-connector/src/test/resources/DomainTest.xml
@@ -83,7 +83,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/appserver/resources/resources-connector/src/test/resources/DomainTest.xml b/appserver/resources/resources-connector/src/test/resources/DomainTest.xml
index cd5d85c..952665b 100644
--- a/appserver/resources/resources-connector/src/test/resources/DomainTest.xml
+++ b/appserver/resources/resources-connector/src/test/resources/DomainTest.xml
@@ -83,7 +83,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/BasePolicyWrapper.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/BasePolicyWrapper.java
deleted file mode 100644
index 986064b..0000000
--- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/BasePolicyWrapper.java
+++ /dev/null
@@ -1,647 +0,0 @@
-/*
- * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v. 2.0, which is available at
- * http://www.eclipse.org/legal/epl-2.0.
- *
- * This Source Code may also be made available under the following Secondary
- * Licenses when the conditions for such availability set forth in the
- * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
- * version 2 with the GNU Classpath Exception, which is available at
- * https://www.gnu.org/software/classpath/license.html.
- *
- * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
- */
-
-/*
- * BasePolicyWrapper.java
- *
- * @author Harpreet Singh (harpreet.singh@sun.com)
- * @author Ron Monzillo
- * @version
- *
- * Created on May 23, 2002, 1:56 PM
- */
-
-package com.sun.enterprise.security.provider;
-
-import java.io.File;
-import java.net.URI;
-import java.net.URL;
-import java.security.AccessController;
-import java.security.CodeSource;
-import java.security.NoSuchAlgorithmException;
-import java.security.Permission;
-import java.security.PermissionCollection;
-import java.security.Permissions;
-import java.security.Policy;
-import java.security.PrivilegedAction;
-import java.security.ProtectionDomain;
-import java.security.Security;
-import java.util.Enumeration;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import javax.management.MBeanPermission;
-
-import com.sun.enterprise.util.LocalStringManagerImpl;
-import com.sun.logging.LogDomains;
-import com.sun.xml.txw2.IllegalSignatureException;
-
-import jakarta.security.jacc.EJBRoleRefPermission;
-import jakarta.security.jacc.PolicyContext;
-import jakarta.security.jacc.PolicyContextException;
-import jakarta.security.jacc.WebResourcePermission;
-import jakarta.security.jacc.WebRoleRefPermission;
-
-/**
- * This class is a wrapper around the default jdk policy file
- * implementation. BasePolicyWrapper is installed as the JRE policy object
- * It multiples policy decisions to the context specific instance of
- * sun.security.provider.PolicyFile.
- * Although this Policy provider is implemented using another Policy class,
- * this class is not a "delegating Policy provider" as defined by JACC, and
- * as such it SHOULD not be configured using the JACC system property
- * jakarta.security.jacc.policy.provider.
- * @author Harpreet Singh (harpreet.singh@sun.com)
- * @author Jean-Francois Arcand
- * @author Ron Monzillo
- *
- */
-public class BasePolicyWrapper extends java.security.Policy {
-
- private static final String FACTORY_NAME =
- "jakarta.security.jacc.PolicyConfigurationFactory.provider";
- private static final String myFactoryName =
- "com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl";
- // this is the jdk policy file instance
- private java.security.Policy policy = null;
-
- private static Logger logger = Logger.getLogger(LogDomains.SECURITY_LOGGER);
- private static LocalStringManagerImpl localStrings =
- new LocalStringManagerImpl(BasePolicyWrapper.class);
-
- static String logMsg(Level level,String key,Object[] params,String defMsg){
- String msg = (key == null ? defMsg : localStrings.getLocalString
- (key,defMsg == null ? key : defMsg, params));
- logger.log(level,msg);
- return msg;
- }
-
- private static final String REUSE = "java.security.Policy.supportsReuse";
-
- /**
- * Name of the system property to enable detecting and avoiding reentrancy.
- * This property can be set using <jvm-options> in domain.xml. If not set
- * or set to false, this class will detect or avoid reentrancy in policy
- * evaluation. Note that if SecurityManager is turned off, this feature is
- * always turned off.
- * Another design approach is to name the property differently
- * and use a list of context ids as its value, so that this feature may be
- * enabled for selected contexts.
- */
- private static final String IGNORE_REENTRANCY_PROP_NAME =
- "com.sun.enterprise.security.provider.PolicyWrapper.ignoreReentrancy";
-
- /**
- * Flag to indicate if detecting and avoiding reentrancy is enabled.
- * If SecurityManager is turned off, reentrancy is less likely to occur and
- * this feature is always off; else if the system property IGNORE_REENTRANCY_PROP_NAME
- * is not set, or set to false in domain.xml, this feature is on;
- *
- */
- private static final boolean avoidReentrancy =
- (!Boolean.getBoolean(IGNORE_REENTRANCY_PROP_NAME)) &&
- (System.getSecurityManager() != null);
-
- /**
- * ThreadLocal object to keep track of the reentrancy status of each thread.
- * It contains a byte[] object whose single element is either 0 (initial
- * value or no reentrancy), or 1 (current thread is reentrant). When a
- * thread exists the implies method, byte[0] is alwasy reset to 0.
- */
- private static ThreadLocal reentrancyStatus;
-
- static {
- if(avoidReentrancy) {
- reentrancyStatus = new ThreadLocal() {
- protected synchronized Object initialValue() {
- return new byte[]{0};
- }
- };
- }
- }
-
-
- /** Creates a new instance of BasePolicyWrapper */
- public BasePolicyWrapper() {
- // the jdk policy file implementation
- policy = getNewPolicy();
- refreshTime = 0L;
- // call the following routine to compute the actual refreshTime
- defaultContextChanged();
- }
-
- /** gets the underlying PolicyFile implementation
- * can be overridden by Subclass
- */
- protected java.security.Policy getNewPolicy() {
- try {
- return Policy.getInstance("JavaPolicy", null);
- } catch (NoSuchAlgorithmException e) {
- // TODO Auto-generated catch block
- throw new IllegalSignatureException(e);
- }
- }
-
- /**
- * Evaluates the global policy and returns a
- * PermissionCollection object specifying the set of
- * permissions allowed for code from the specified
- * code source.
- *
- * @param codesource the CodeSource associated with the caller.
- * This encapsulates the original location of the code (where the code
- * came from) and the public key(s) of its signer.
- *
- * @return the set of permissions allowed for code from <i>codesource</i>
- * according to the policy.The returned set of permissions must be
- * a new mutable instance and it must support heterogeneous
- * Permission types.
- *
- */
- public PermissionCollection getPermissions(CodeSource codesource) {
- String contextId = PolicyContext.getContextID();
- PolicyConfigurationImpl pci = getPolicyConfigForContext(contextId);
- Policy appPolicy = getPolicy(pci);
- PermissionCollection perms = appPolicy.getPermissions(codesource);
- if (perms != null) {
- perms = removeExcludedPermissions(pci,perms);
- }
- if (logger.isLoggable(Level.FINEST)){
- logger.finest("JACC Policy Provider: PolicyWrapper.getPermissions(cs), context ("+contextId+") codesource ("+codesource+") permissions: "+perms);
- }
- return perms;
- }
-
- /**
- * Evaluates the global policy and returns a
- * PermissionCollection object specifying the set of
- * permissions allowed given the characteristics of the
- * protection domain.
- *
- * @param domain the ProtectionDomain associated with the caller.
- *
- * @return the set of permissions allowed for the <i>domain</i>
- * according to the policy.The returned set of permissions must be
- * a new mutable instance and it must support heterogeneous
- * Permission types.
- *
- * @see java.security.ProtectionDomain
- * @see java.security.SecureClassLoader
- * @since 1.4
- */
- public PermissionCollection getPermissions(ProtectionDomain domain) {
- String contextId = PolicyContext.getContextID();
- PolicyConfigurationImpl pci = getPolicyConfigForContext(contextId);
- Policy appPolicy = getPolicy(pci);
- PermissionCollection perms = appPolicy.getPermissions(domain);
- if (perms != null) {
- perms = removeExcludedPermissions(pci,perms);
- }
- if (logger.isLoggable(Level.FINEST)){
- logger.finest("JACC Policy Provider: PolicyWrapper.getPermissions(d), context ("+contextId+") permissions: "+perms);
- }
- return perms;
- }
-
- /**
- * Evaluates the global policy for the permissions granted to
- * the ProtectionDomain and tests whether the permission is
- * granted.
- *
- * @param domain the ProtectionDomain to test
- * @param permission the Permission object to be tested for implication.
- *
- * @return true if "permission" is a proper subset of a permission
- * granted to this ProtectionDomain.
- *
- * @see java.security.ProtectionDomain
- * @since 1.4
- */
- public boolean implies(ProtectionDomain domain, Permission permission) {
- if(avoidReentrancy) {
- byte[] alreadyCalled = (byte[]) reentrancyStatus.get();
- if(alreadyCalled[0] == 1) {
- return true;
- } else {
- alreadyCalled[0] = 1;
- try {
- return doImplies(domain, permission);
- } finally {
- alreadyCalled[0] = 0;
- }
- }
- } else {
- return doImplies(domain, permission);
- }
- }
-
-
- /**
- * Refreshes/reloads the policy configuration. The behavior of this method
- * depends on the implementation. For example, calling <code>refresh</code>
- * on a file-based policy will cause the file to be re-read.
- *
- */
- public void refresh() {
- if (logger.isLoggable(Level.FINE)){
- logger.fine("JACC Policy Provider: Refreshing Policy files!");
- }
-
- // always refreshes default policy context, but refresh
- // of application context depends on PolicyConfigurationImpl
- // this could result in an inconsistency since default context is
- // included in application contexts.
- policy.refresh();
-
- // try to determine if default policy context has changed.
- // if so, force refresh of application contexts.
- // if the following code is not robust enough to detect
- // changes to the policy files read by the default context,
- // then you can configure the provider to force on every refresh
- // (see FORCE_APP_REFRESH_PROP_NAME).
-
- boolean force = defaultContextChanged();
- PolicyConfigurationImpl pciArray[] = null;
- PolicyConfigurationFactoryImpl pcf = getPolicyFactory();
- if (pcf != null) {
- pciArray = pcf.getPolicyConfigurationImpls();
- }
- if (pciArray != null) {
-
- for (PolicyConfigurationImpl pci : pciArray) {
-
- if (pci != null) {
- // false means don't force refresh if no update since
- // last refresh.
- pci.refresh(force);
- }
- }
- }
- try {
- if (PolicyContext.getHandlerKeys().contains(REUSE)) {
- PolicyContext.getContext(REUSE);
- }
- } catch (PolicyContextException pe) {
- throw new IllegalStateException(pe.toString());
- }
-
- }
-
- private PolicyConfigurationImpl getPolicyConfigForContext(String contextId) {
- PolicyConfigurationImpl pci = null;
- PolicyConfigurationFactoryImpl pcf = getPolicyFactory();
- if (contextId != null && pcf != null) {
- pci = pcf.getPolicyConfigurationImpl(contextId);
- }
- return pci;
- }
-
- private Policy getPolicy(PolicyConfigurationImpl pci) {
- Policy result = null;
- if (pci == null) {
- result = policy;
- } else {
- result = pci.getPolicy();
- if (result == null) {
- // the pc is not in service so use the default context
- result = policy;
- }
- }
- return result;
- }
-
- private static Permissions getExcludedPolicy(PolicyConfigurationImpl pci) {
- Permissions result = null;
- if (pci != null) {
- result = pci.getExcludedPolicy();
- }
- return result;
- }
-
- // should find a way to do this that preserves the argument PermissionCollection
- // safe for now, becauuse on EJBMethodPermission, WebResourcePermission, and
- // WebUserDatePermissions are excluded, and none of these classes implement a
- // custom collection.
- private static PermissionCollection removeExcludedPermissions
- (PolicyConfigurationImpl pci, PermissionCollection perms) {
- PermissionCollection result = perms;
- boolean noneRemoved = true;
- Permissions excluded = getExcludedPolicy(pci);
- if (excluded != null && excluded.elements().hasMoreElements()) {
- result = null;
- Enumeration e = perms.elements();
- while (e.hasMoreElements()) {
- Permission granted = (Permission) e.nextElement();
- if (!grantedIsExcluded(granted,excluded)) {
- if (result == null) result = new Permissions();
- result.add(granted);
- } else {
- noneRemoved = false;
- }
- }
- if (noneRemoved) {
- result = perms;
- }
- }
- return result;
- }
-
- private static boolean grantedIsExcluded(Permission granted, Permissions excluded) {
- boolean isExcluded = false;
- if (excluded != null) {
- if (!excluded.implies(granted)) {
- Enumeration e = excluded.elements();
- while (!isExcluded && e.hasMoreElements()) {
- Permission excludedPerm = (Permission) e.nextElement();
- if (granted.implies(excludedPerm)) {
- isExcluded = true;
- }
- }
- } else {
- isExcluded = true;
- }
- }
- if (logger.isLoggable(Level.FINEST)){
- if (isExcluded) {
- logger.finest("JACC Policy Provider: permission is excluded: "+granted);
- }
- }
- return isExcluded;
- }
-
- private boolean doImplies(ProtectionDomain domain, Permission permission) {
- String contextId = PolicyContext.getContextID();
- PolicyConfigurationImpl pci = getPolicyConfigForContext(contextId);
- Policy appPolicy = getPolicy(pci);
-
- boolean result = appPolicy.implies(domain,permission);
-
- //log failures but skip failures that occurred prior to redirecting to
- //login pages, and javax.management.MBeanPermission
- if (!result) {
- if(!(permission instanceof WebResourcePermission) &&
- !(permission instanceof MBeanPermission) &&
- !(permission instanceof WebRoleRefPermission) &&
- !(permission instanceof EJBRoleRefPermission)) {
-
- final String contextId2 = contextId;
- final Permission permission2 = permission;
- final ProtectionDomain domain2 = domain;
- if (logger.isLoggable(Level.FINE)) {
- Exception ex = new Exception();
- ex.fillInStackTrace();
- logger.log(Level.FINE, "JACC Policy Provider, failed Permission Check at :", ex);
- }
- AccessController.doPrivileged(new PrivilegedAction() {
- public Object run() {
- logger.info("JACC Policy Provider: Failed Permission Check, context(" + contextId2 + ")- permission(" + permission2 + ")");
- if (logger.isLoggable(Level.FINE)) {
- logger.fine("Domain that failed(" + domain2 + ")");
- }
- return null;
- }
- });
- }
- } else {
- Permissions excluded = getExcludedPolicy(pci);
- if (excluded != null) {
- result = !grantedIsExcluded(permission,excluded);
- }
- }
-
- // at FINEST: log only denies
- if (!result && logger.isLoggable(Level.FINEST)){
- logger.finest("JACC Policy Provider: PolicyWrapper.implies, context ("+
- contextId+")- result was("+result+") permission ("
- +permission+")");
- }
-
- return result;
- }
-
- /**
- * This method repeats the policy file loading algorithm of
- * sun.security.provider.Policyfile to determine if the refresh
- * resulted in a change to the loaded policy.
- *
- * Note:
- * For backward compatibility with JAAS 1.0 it loads
- * both java.auth.policy and java.policy. However it
- * is recommended that java.auth.policy be not used
- * and the java.policy contain all grant entries including
- * that contain principal-based entries.
- *
- *
- * <p> This object stores the policy for entire Java runtime,
- * and is the amalgamation of multiple static policy
- * configurations that resides in files.
- * The algorithm for locating the policy file(s) and reading their
- * information into this <code>Policy</code> object is:
- *
- * <ol>
- * <li>
- * Loop through the <code>java.security.Security</code> properties,
- * <i>policy.url.1</i>, <i>policy.url.2</i>, ...,
- * <i>policy.url.X</i>" and
- * <i>auth.policy.url.1</i>, <i>auth.policy.url.2</i>, ...,
- * <i>auth.policy.url.X</i>". These properties are set
- * in the Java security properties file, which is located in the file named
- * <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME>
- * refers to the directory where the JDK was installed.
- * Each property value specifies a <code>URL</code> pointing to a
- * policy file to be loaded. Read in and load each policy.
- *
- * <i>auth.policy.url</i> is supported only for backward compatibility.
- *
- * <li>
- * The <code>java.lang.System</code> property <i>java.security.policy</i>
- * may also be set to a <code>URL</code> pointing to another policy file
- * (which is the case when a user uses the -D switch at runtime).
- * If this property is defined, and its use is allowed by the
- * security property file (the Security property,
- * <i>policy.allowSystemProperty</i> is set to <i>true</i>),
- * also load that policy.
- *
- * <li>
- * The <code>java.lang.System</code> property
- * <i>java.security.auth.policy</i> may also be set to a
- * <code>URL</code> pointing to another policy file
- * (which is the case when a user uses the -D switch at runtime).
- * If this property is defined, and its use is allowed by the
- * security property file (the Security property,
- * <i>policy.allowSystemProperty</i> is set to <i>true</i>),
- * also load that policy.
- *
- * <i>java.security.auth.policy</i> is supported only for backward
- * compatibility.
- *
- * If the <i>java.security.policy</i> or
- * <i>java.security.auth.policy</i> property is defined using
- * "==" (rather than "="), then ignore all other specified
- * policies and only load this policy.
- * </ol>
- */
- private static final String POLICY = "java.security.policy";
- private static final String POLICY_URL = "policy.url.";
- private static final String AUTH_POLICY = "java.security.auth.policy";
- private static final String AUTH_POLICY_URL = "auth.policy.url.";
-
- /**
- * Name of the system property that effects whether or not application
- * policy objects are forced to refresh whenever the default context
- * policy object is refreshed. Normally app policy objects only refresh
- * when their app sepcifc policy files have changes. Since app policy
- * objects alos include the rules of the default context; so they should
- * be refreshed whenever the default context files are changed, but the
- * algorithm by which a policy module finds its policy files is complex;
- * and dependent on configuration; so this force switch is provided to
- * ensure refresh of the app contexts (when the performace cost of doing
- * so is acceptable). When this switch is not set, it may be necessary
- * to restart the appserver to force changes in the various policy files to
- * be in effect for specific applications.
- */
- private static final String FORCE_APP_REFRESH_PROP_NAME =
- "com.sun.enterprise.security.provider.PolicyWrapper.force_app_refresh";
-
- /**
- * Flag to indicate if application specific policy objects are forced
- * to refresh (independent of whether or not their app specific policy
- * files have changed).
- */
- private static final boolean forceAppRefresh =
- Boolean.getBoolean(FORCE_APP_REFRESH_PROP_NAME);
-
- private long refreshTime;
-
- synchronized boolean defaultContextChanged() {
-
- if (forceAppRefresh) {
- return true;
- }
-
- long newTime = getTimeStamp(POLICY,POLICY_URL);
- newTime += getTimeStamp(AUTH_POLICY,AUTH_POLICY_URL);
- boolean rvalue = refreshTime != newTime;
- refreshTime = newTime;
- return rvalue;
- }
-
- private static long
- getTimeStamp(final String propname, final String urlname) {
- Long l = (Long) AccessController.doPrivileged(new PrivilegedAction() {
- public Long run() {
- long sum = 0L;
- boolean allowSystemProperties = "true".equalsIgnoreCase
- (Security.getProperty("policy.allowSystemProperty"));
- if (allowSystemProperties) {
- String extra_policy = System.getProperty(propname);
- if (extra_policy != null) {
- boolean overrideAll = false;
- if (extra_policy.startsWith("=")) {
- overrideAll = true;
- extra_policy = extra_policy.substring(1);
- }
- try {
- String path =PropertyExpander.expand(extra_policy);
- File policyFile = new File(path);
- boolean found = policyFile.exists();
- if (!found) {
- URL policy_url = new URL(path);
- if ("file".equals(policy_url.getProtocol())) {
- path = policy_url.getFile().
- replace('/', File.separatorChar);
- path = sun.net.www.ParseUtil.decode(path);
- policyFile = new File(path);
- found = policyFile.exists();
- }
- }
- if (found) {
- sum += policyFile.lastModified();
- if (logger.isLoggable(Level.FINE)) {
- logMsg(Level.FINE,"pc.file_refreshed",
- new Object[]{path},null);
- }
- } else {
- if (logger.isLoggable(Level.FINE)) {
- logMsg(Level.FINE,"pc.file_not_refreshed",
- new Object[]{path},null);
- }
- }
- } catch (Exception e) {
- // ignore.
- }
- if (overrideAll) {
- return Long.valueOf(sum);
- }
- }
- }
- int n = 1;
- String policy_uri;
- while ((policy_uri = Security.getProperty(urlname+n)) != null){
- try {
- URL policy_url = null;
- String expanded_uri = PropertyExpander.expand
- (policy_uri).replace(File.separatorChar, '/');
- if (policy_uri.startsWith("file:${java.home}/") ||
- policy_uri.startsWith("file:${user.home}/")) {
- // this special case accommodates
- // the situation java.home/user.home
- // expand to a single slash, resulting in
- // a file://foo URI
- policy_url = new File
- (expanded_uri.substring(5)).toURI().toURL();
- } else {
- policy_url = new URI(expanded_uri).toURL();
- }
- if ("file".equals(policy_url.getProtocol())) {
- String path = policy_url.getFile().
- replace('/', File.separatorChar);
- path = sun.net.www.ParseUtil.decode(path);
- File policyFile = new File(path);
- if (policyFile.exists()) {
- sum += policyFile.lastModified();
- if (logger.isLoggable(Level.FINE)) {
- logMsg(Level.FINE,"pc.file_refreshed",
- new Object[]{path},null);
- }
- } else {
- if (logger.isLoggable(Level.FINE)) {
- logMsg(Level.FINE,"pc.file_not_refreshed",
- new Object[]{path},null);
- }
- }
- } else {
- if (logger.isLoggable(Level.FINE)) {
- logMsg(Level.FINE,"pc.file_not_refreshed",
- new Object[]{policy_url},null);
- }
- }
- } catch (Exception e) {
- // ignore that policy
- }
- n++;
- }
- return Long.valueOf(sum);
- }
- });
- return l.longValue();
- }
-
- // obtains PolicyConfigurationFactory
- private PolicyConfigurationFactoryImpl getPolicyFactory() {
- return PolicyConfigurationFactoryImpl.getInstance();
- }
-}
diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/LocalStrings.properties b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/LocalStrings.properties
deleted file mode 100644
index 8f7c2a1..0000000
--- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/LocalStrings.properties
+++ /dev/null
@@ -1,47 +0,0 @@
-#
-# Copyright (c) 2011, 2018 Oracle and/or its affiliates. All rights reserved.
-#
-# This program and the accompanying materials are made available under the
-# terms of the Eclipse Public License v. 2.0, which is available at
-# http://www.eclipse.org/legal/epl-2.0.
-#
-# This Source Code may also be made available under the following Secondary
-# Licenses when the conditions for such availability set forth in the
-# Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
-# version 2 with the GNU Classpath Exception, which is available at
-# https://www.gnu.org/software/classpath/license.html.
-#
-# SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
-#
-
-pc.commit_failure="commit failed for policy context [{0}] caught {1}.
-pc.excluded_grant_context_ignored=Codebase, SignedBy, or Principals ignored in excluded rules [{0}]
-pc.file_close_error=Unable to close policy file [{0}] caught {1}.
-pc.file_delete_error=Unable to delete policy file [{0}].
-pc.file_error=Unable to create policy file [{0}] caught {1}.
-pc.file_not_found=Unable to find policy file [{0}].
-pc.file_read_error=Error reading policy file [{0}] caught {1}.
-pc.file_to_url=unable to convert Policy file to URL - filename: [{0}] caught {1}.
-pc.file_write_error=Error writing to policy file [{0}] caught {1}.
-pc.file_refreshed=Policy refresh timestamp calculation included policy file [{0}].
-pc.file_not_refreshed=Policy refresh timestamp calculation did not include policy file [{0}].
-pc.granted_imply_exclude=One or more granted permissions imply the following excluded permissions: {0}.
-pc.invalid_link_target=linked policy configuration unknown to factory - ContextId [{0}].
-pc.invalid_op_for_state_delete=Cannot perform operation on deleted PolicyConfiguration.
-pc.op_requires_state_open=Operation invoked on closed or deleted PolicyConfiguration.
-pc.invalue_policy_file_name=invalid policy filename: [{0}].
-pc.linked_with_different_role_maps=Linked policy contexts have different roleToSubjectMaps [{0}] [{1}].
-pc.no_principals_mapped_to_role=No Principals mapped to Role [{0}].
-pc.no_repository=The repository for the default JACC policy provider is not set in domain.xml. Unable to initialize policy provider.
-pc.non_principal_mapped_to_role=The non-principal object [{0}] was mapped to the role [{1}].
-pc.permission_load_error=Exception occurred while loading Permission of type [{0}] exception was {1}
-pc.role_map_not_defined_at_commit=Principal to Role mappings not defined before commit [{0}].
-pc.unable_to_create_context_directory=Unable to directory for policy context: [{0}]
-pc.unable_to_create_repostory=Unable to create policy file repository, because there is an existing (non-directory) file [{0}].
-pc.unable_to_init_repostory=Unable to initialize policy file repository. caught {0}
-pc.unable_to_read_repository=Unable to read policy file repository in {0}.
-pc.unknown_policy_context=Unknown policy context - [{0}].
-pc.unsupported_link_operation=Cannot link PolicyConfiguration to itself.
-pc.unable_to_read_repostory=unable to read repository for context - [{0}]
-
-
diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/PolicyConfigurationFactoryImpl.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/PolicyConfigurationFactoryImpl.java
deleted file mode 100644
index 4ccd0d1..0000000
--- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/PolicyConfigurationFactoryImpl.java
+++ /dev/null
@@ -1,373 +0,0 @@
-/*
- * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v. 2.0, which is available at
- * http://www.eclipse.org/legal/epl-2.0.
- *
- * This Source Code may also be made available under the following Secondary
- * Licenses when the conditions for such availability set forth in the
- * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
- * version 2 with the GNU Classpath Exception, which is available at
- * https://www.gnu.org/software/classpath/license.html.
- *
- * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
- */
-
-package com.sun.enterprise.security.provider;
-
-import com.sun.enterprise.util.LocalStringManagerImpl;
-import jakarta.security.jacc.*;
-
-import java.io.IOException;
-import java.util.logging.*;
-import com.sun.logging.LogDomains;
-
-import java.util.*;
-import java.io.File;
-
-import java.io.FileFilter;
-import java.security.Permission;
-import java.util.concurrent.locks.Lock;
-import java.util.concurrent.locks.ReadWriteLock;
-import java.util.concurrent.locks.ReentrantReadWriteLock;
-
-import org.jvnet.hk2.annotations.Service;
-import org.jvnet.hk2.annotations.ContractsProvided;
-
-/**
- * Implementation of jacc PolicyConfigurationFactory class
- * @author Harpreet Singh
- * @author Ron Monzillo
- * @version
- */
-@Service
-@ContractsProvided({PolicyConfigurationFactoryImpl.class, PolicyConfigurationFactory.class})
-public class PolicyConfigurationFactoryImpl extends PolicyConfigurationFactory {
-
- private static LocalStringManagerImpl localStrings =
- new LocalStringManagerImpl(PolicyConfigurationFactoryImpl.class);
- // Table of ContextId->PolicyConfiguration
- private Map polConfTable = new HashMap();
-
- //brought from PolicyConfigurationImpl
- // used to represent configuration linkages
- private /*TODO: static */ HashMap linkTable = new HashMap();
-
- private static Logger logger =
- Logger.getLogger(LogDomains.SECURITY_LOGGER);
-
- private ReadWriteLock rwLock = new ReentrantReadWriteLock(true);
- private Lock rLock = rwLock.readLock();
- private Lock wLock = rwLock.writeLock();
- private String repository = null;
-
- private static PolicyConfigurationFactoryImpl singleton = null;
-
- // set in PolicyLoader from domain.xml
- private static final String REPOSITORY_HOME_PROP =
- "com.sun.enterprise.jaccprovider.property.repository";
-
- public PolicyConfigurationFactoryImpl(){
- repository = initializeRepository();
- setInstance(this);
- }
-
- private static void setInstance(PolicyConfigurationFactoryImpl impl) {
- singleton = impl;
- }
-
- /**
- * This method is used to obtain an instance of the provider specific
- * class that implements the PolicyConfiguration interface that
- * corresponds to the identified policy context within the provider.
- * The methods of the PolicyConfiguration interface are used to
- * define the policy statements of the identified policy context.
- * <P>
- * If at the time of the call, the identified policy context does not
- * exist in the provider, then the policy context will be created
- * in the provider and the Object that implements the context's
- * PolicyConfiguration Interface will be returned. If the state of the
- * identified context is "deleted" or "inService" it will be transitioned to
- * the "open" state as a result of the call. The states in the lifecycle
- * of a policy context are defined by the PolicyConfiguration interface.
- * <P>
- * For a given value of policy context identifier, this method
- * must always return the same instance of PolicyConfiguration
- * and there must be at most one actual instance of a
- * PolicyConfiguration with a given policy context identifier
- * (during a process context).
- * <P>
- * To preserve the invariant that there be at most one
- * PolicyConfiguration object for a given policy context,
- * it may be necessary for this method to be thread safe.
- * <P>
- * @param contextID A String identifying the policy context whose
- * PolicyConfiguration interface is to be returned. The value passed to
- * this parameter must not be null.
- * <P>
- * @param remove A boolean value that establishes whether or not the
- * policy statements of an existing policy context are to be
- * removed before its PolicyConfiguration object is returned. If the value
- * passed to this parameter is true, the policy statements of
- * an existing policy context will be removed. If the value is false,
- * they will not be removed.
- *
- * @return an Object that implements the PolicyConfiguration
- * Interface matched to the Policy provider and corresponding to the
- * identified policy context.
- *
- * @throws java.lang.SecurityException
- * when called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the getPolicyConfiguration method signature.
- * The exception thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public PolicyConfiguration getPolicyConfiguration(String contextId, boolean remove)
- throws PolicyContextException {
-
- checkSetPolicyPermission();
- if(logger.isLoggable(Level.FINE)){
- logger.fine("JACC Policy Provider: Getting PolicyConfiguration object with id = "+ contextId);
- }
- PolicyConfigurationImpl pci = getPolicyConfigImpl(contextId);
-
- // if the pc is not in the table, see if it was copied into the
- // filesystem (e.g. by the DAS)
- if (pci == null){
- pci = getPolicyConfigurationImplFromDirectory(contextId,true,remove);
- if (pci == null) {
- pci = new PolicyConfigurationImpl(contextId, this);
- putPolicyConfigurationImpl(contextId,pci);
- }
- } else {
- // return the policy configuration to the open state, value of
- // remove will determine if statements are removed
- pci.initialize(true,remove,false);
- //according to JACC spec we should not remove
- // if (remove) {
- // this.removePolicyConfigurationImpl(contextId);
- // }
- }
- return pci;
- }
-
- /**
- * This method determines if the identified policy context
- * exists with state "inService" in the Policy provider
- * associated with the factory.
- * <P>
- * @param contextID A string identifying a policy context
- *
- * @return true if the identified policy context exists within the
- * provider and its state is "inService", false otherwise.
- *
- * @throws java.lang.SecurityException
- * when called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the inService method signature. The exception thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public boolean inService(String contextID) throws PolicyContextException{
- checkSetPolicyPermission();
- PolicyConfiguration pc = getPolicyConfigImpl(contextID);
-
- // if the pc is not in the table, see if it was copied into the
- // filesystem (e.g. by the DAS)
- if (pc == null) {
- pc = getPolicyConfigurationImplFromDirectory(contextID,false,false);
- }
- return pc == null ? false : pc.inService();
- }
-
- // finds pc copied into the filesystem (by DAS) after the repository was
- // initialized. Will only open pc if remove is true (otherwise pc will
- // remain in service);
-
- private PolicyConfigurationImpl
- getPolicyConfigurationImplFromDirectory(String contextId, boolean open, boolean remove) {
- PolicyConfigurationImpl pci = null;
- File f = new File(getContextDirectoryName(contextId));
- if (f.exists()) {
- pci = new PolicyConfigurationImpl(f, open, remove, this);
- if (pci != null) {
- putPolicyConfigurationImpl(contextId, pci);
- }
-
- }
- return pci;
- }
-
- String getContextDirectoryName(String contextId) {
- if (repository == null) {
- throw new RuntimeException("JACC Policy provider: repository not initialized");
- }
- return repository+File.separator+contextId;
- }
-
- // The following package protected methods are needed to support the
- // PolicyCongigurationImpl class.
-
- protected PolicyConfigurationImpl[] getPolicyConfigurationImpls() {
-
- PolicyConfigurationImpl[] rvalue = null;
- rLock.lock();
- try {
- Collection c = polConfTable.values();
- if (c != null) {
- rvalue = (PolicyConfigurationImpl[])
- c.toArray( new PolicyConfigurationImpl[c.size()] );
- }
- } finally {
- rLock.unlock();
- }
- return rvalue;
- }
-
- protected PolicyConfigurationImpl
- putPolicyConfigurationImpl(String contextID, PolicyConfigurationImpl pci) {
- wLock.lock();
- try {
- return (PolicyConfigurationImpl) polConfTable.put(contextID,pci);
- } finally {
- wLock.unlock();
- }
- }
-
- private PolicyConfigurationImpl
- getPolicyConfigImpl(String contextId) {
- rLock.lock();
- try {
- return (PolicyConfigurationImpl) polConfTable.get(contextId);
- } finally {
- rLock.unlock();
- }
- }
-
- protected PolicyConfigurationImpl
- removePolicyConfigurationImpl(String contextID) {
- wLock.lock();
- try {
- return (PolicyConfigurationImpl) polConfTable.remove(contextID);
- } finally {
- wLock.unlock();
- }
- }
-
- // does not reopen PC
- protected PolicyConfigurationImpl getPolicyConfigurationImpl(String contextId) {
- PolicyConfigurationImpl pci = getPolicyConfigImpl(contextId);
- if (pci == null) {
- // check if pc was copied into the filesystem after the repository
- // was initialized (do not open pc or remove policy statements).
- pci = getPolicyConfigurationImplFromDirectory(contextId,false,false);
- if (pci == null) {
- logger.log(Level.WARNING,"pc.unknown_policy_context",
- new Object[]{contextId});
- }
- }
- return pci;
- }
-
- private Permission setPolicyPermission = null;
- protected void checkSetPolicyPermission() {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null) {
- if (setPolicyPermission == null) {
- setPolicyPermission = new java.security.SecurityPermission("setPolicy");
- }
- sm.checkPermission(setPolicyPermission);
- }
- }
-
- HashMap getLinkTable() {
- return this.linkTable;
- }
-
- String getRepository() {
- return repository;
- }
-
- /**
- * Read the repository directory name, create the directory, and
- * save the name in 'repository'
- */
- private String initializeRepository() {
-
- try {
- //TODO: remove the use of system property here
- repository = System.getProperty(REPOSITORY_HOME_PROP);
- if (repository == null) {
- String msg=localStrings.getLocalString("pc.no_repository","no repository");
- logger.log(Level.SEVERE,msg);
- } else {
-
- if (logger.isLoggable(Level.FINE)) {
- logger.fine("JACC policy provider: repository set to: "+repository);
- }
-
- File rf = new File(repository);
- if (rf.exists()) {
- if(!rf.isDirectory()) {
- String msg=localStrings.getLocalString("pc.unable_to_create_repository",
- "unable to create repository"+repository,new Object []{repository});
- logger.log(Level.SEVERE,msg);
- } else {
- // read deployed policy contextes
- File[] appsInService = rf.listFiles();
- if (appsInService != null) {
- for (int i = 0; i <appsInService.length; i++) {
- File[] contextsInService =
- appsInService[i].listFiles(new FileFilter() {
- public boolean accept(File pathname) {
- return pathname.isDirectory();
- }
- });
- if (contextsInService != null) {
- for (int j = 0; j < contextsInService.length; j++) {
- try {
- PolicyConfigurationImpl pc = new PolicyConfigurationImpl(contextsInService[j],false,false, this);
- putPolicyConfigurationImpl(pc.CONTEXT_ID,pc);
-
- } catch(Exception ex) {
- String msg=localStrings.getLocalString("pc.unable_to_read_repostory",
- "unable to read repository" ,new Object []{contextsInService[i].toString()});
- logger.log(Level.WARNING,msg, ex);
- }
- }
- }
- }
- }
- }
- } else {
- if(logger.isLoggable(Level.FINE)){
- logger.fine("JACC Policy Provider: creating new policy repository");
- }
- if(!rf.mkdirs()) {
- throw new IOException();
- }
- }
- }
- } catch (Exception e) {
- String msg=localStrings.getLocalString("pc.unable_to_init_repository",
- "unable to init repository",new Object []{e});
- logger.log(Level.SEVERE,msg);
- repository = null;
- }
-
- return repository;
- }
-
- static PolicyConfigurationFactoryImpl getInstance() {
- return singleton;
- }
-}
diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/PolicyConfigurationImpl.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/PolicyConfigurationImpl.java
deleted file mode 100644
index f7df524..0000000
--- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/PolicyConfigurationImpl.java
+++ /dev/null
@@ -1,1489 +0,0 @@
-/*
- * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v. 2.0, which is available at
- * http://www.eclipse.org/legal/epl-2.0.
- *
- * This Source Code may also be made available under the following Secondary
- * Licenses when the conditions for such availability set forth in the
- * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
- * version 2 with the GNU Classpath Exception, which is available at
- * https://www.gnu.org/software/classpath/license.html.
- *
- * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
- */
-
-package com.sun.enterprise.security.provider;
-
-import jakarta.security.jacc.*;
-
-import java.io.*;
-import java.util.concurrent.locks.Lock;
-import java.util.concurrent.locks.ReentrantReadWriteLock;
-
-import java.util.Map;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-import java.lang.reflect.Constructor;
-import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.net.URL;
-import java.security.*;
-import javax.security.auth.Subject;
-
-import java.util.logging.*;
-import com.sun.logging.LogDomains;
-import com.sun.xml.txw2.IllegalSignatureException;
-import com.sun.enterprise.util.LocalStringManagerImpl;
-
-import com.sun.enterprise.security.SecurityRoleMapperFactoryGen;
-import com.sun.enterprise.security.provider.PolicyParser.GrantEntry;
-import com.sun.enterprise.security.provider.PolicyParser.ParsingException;
-import com.sun.enterprise.security.provider.PolicyParser.PermissionEntry;
-import com.sun.enterprise.security.provider.PolicyParser.PrincipalEntry;
-import org.glassfish.deployment.common.SecurityRoleMapper;
-import org.glassfish.deployment.common.SecurityRoleMapperFactory;
-
-/**
- * Implementation of Jacc PolicyConfiguration Interface
- * @author Harpreet Singh (harpreet.singh@sun.com)
- * @author Ron Monzillo
- */
-public class PolicyConfigurationImpl implements PolicyConfiguration {
-
- private static Logger logger =
- Logger.getLogger(LogDomains.SECURITY_LOGGER);
-
- private static LocalStringManagerImpl localStrings =
- new LocalStringManagerImpl(PolicyConfigurationImpl.class);
-
- //package access
- String CONTEXT_ID = null;
-
- // Excluded permissions
- private Permissions excludedPermissions = null;
- // Unchecked permissions
- private Permissions uncheckedPermissions = null;
- // permissions mapped to roles.
- private HashMap rolePermissionsTable = null;
-
- //private /*TODO: static */ SecurityRoleMapperFactory factory = SecurityRoleMapperFactoryGen.getSecurityRoleMapperFactory();
-
- private static String policySuffix = ".policy";
-
- private static String PROVIDER_URL = "policy.url.";
-
- private static final Class[] permissionParams = { String.class, String.class};
-
- // These are the 3 possible states that this object can be in.
- public static final int OPEN_STATE = 0;
- public static final int INSERVICE_STATE = 2;
- public static final int DELETED_STATE = 3;
-
- // new instances are created in the open state.
- protected int state = OPEN_STATE;
-
- private ReentrantReadWriteLock rwLock = new ReentrantReadWriteLock(true);
- private Lock rLock = rwLock.readLock();
- private Lock wLock = rwLock.writeLock();
-
- // this bit is used to optimize commit processing
- private boolean writeOnCommit = true;
-
- // this bit is used to optimize refresh processing
- private boolean wasRefreshed = false;
-
- private Policy policy = null;
- private String policyUrlValue = null;
-
- // policy file mod times
- private long[] lastModTimes = new long[2];
- private final Object refreshLock = new Object();
- private String repository = null;
- private Permission setPolicyPermission = null;
- private PolicyConfigurationFactoryImpl fact=null;
-
- protected PolicyConfigurationImpl(String contextId, PolicyConfigurationFactoryImpl fact){
- CONTEXT_ID = contextId;
- this.fact = fact;
- repository = fact.getRepository();
- // initialize(open,remove,!fromFile)
-// initializeRepository();
- initialize(true,true,false);
- }
-
- /**
- * @param applicationPolicyDirectory, need to have absolute path
- * @param open, then mark state as open
- * @param remove, then remove any existing policy statements
- */
- protected PolicyConfigurationImpl
- (File applicationPolicyDirectory, boolean open, boolean remove, PolicyConfigurationFactoryImpl fact) {
-
- this.fact = fact;
- CONTEXT_ID = applicationPolicyDirectory.getParentFile().getName() +
- '/' + applicationPolicyDirectory.getName();
-
- repository = fact.getRepository();
- //initializeRepository();
- String name = getPolicyFileName(true);
- File f = new File(name);
- if (!f.exists()) {
- String defMsg="Unable to open Policy file: "+name;
- String msg= localStrings.getLocalString("pc.file_not_found",defMsg,new Object []{ name});
- logger.log(Level.SEVERE,msg);
- throw new RuntimeException(defMsg);
- }
-
- // initialize(open,remove,fromFile)
- initialize(open,remove,true);
- }
-
- /**
- * This method returns this object's policy context identifier.
- * @return this object's policy context identifier.
- *
- * @throws java.lang.SecurityException
- * if called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the getContextID method signature. The exception thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public String getContextID() throws PolicyContextException {
- checkSetPolicyPermission();
- return this.CONTEXT_ID;
- }
-
- /**
- * Used to add permissions to a named role in this PolicyConfiguration.
- * If the named Role does not exist in the PolicyConfiguration, it is
- * created as a result of the call to this function.
- * <P>
- * It is the job of the Policy provider to ensure that all the permissions
- * added to a role are granted to principals "mapped to the role".
- * <P>
- * @param roleName the name of the Role to which the permissions are
- * to be added.
- * <P>
- * @param permissions the collection of permissions to be added
- * to the role. The collection may be either a homogenous or
- * heterogenous collection.
- *
- * @throws java.lang.SecurityException
- * if called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission.
- *
- * @throws java.lang.UnsupportedOperationException
- * if the state of the policy context whose interface is this
- * PolicyConfiguration Object is "deleted" or "inService" when this
- * method is called.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the addToRole method signature. The exception thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public void addToRole(String roleName, PermissionCollection permissions)
- throws PolicyContextException
- {
- assertStateIsOpen();
-
- if (roleName != null && permissions != null) {
- checkSetPolicyPermission();
- for(Enumeration e = permissions.elements(); e.hasMoreElements();) {
- this.getRolePermissions(roleName).add((Permission)e.nextElement());
- writeOnCommit = true;
- }
- }
- }
-
- /**
- * Used to add a single permission to a named role in this
- * PolicyConfiguration.
- * If the named Role does not exist in the PolicyConfiguration, it is
- * created as a result of the call to this function.
- * <P>
- * It is the job of the Policy provider to ensure that all the permissions
- * added to a role are granted to principals "mapped to the role".
- * <P>
- * @param roleName the name of the Role to which the permission is
- * to be added.
- * <P>
- * @param permission the permission to be added
- * to the role.
- *
- * @throws java.lang.SecurityException
- * if called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission.
- *
- * @throws java.lang.UnsupportedOperationException
- * if the state of the policy context whose interface is this
- * PolicyConfiguration Object is "deleted" or "inService" when this
- * method is called.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the addToRole method signature. The exception thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public void addToRole(String roleName, Permission permission)
- throws PolicyContextException {
-
- assertStateIsOpen();
-
- if (roleName != null && permission != null) {
- checkSetPolicyPermission();
- this.getRolePermissions(roleName).add(permission);
- writeOnCommit = true;
- }
- }
-
- /**
- * Used to add unchecked policy statements to this PolicyConfiguration.
- * <P>
- * @param permissions the collection of permissions to be added
- * as unchecked policy statements. The collection may be either
- * a homogenous or heterogenous collection.
- *
- * @throws java.lang.SecurityException
- * if called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission.
- *
- * @throws java.lang.UnsupportedOperationException
- * if the state of the policy context whose interface is this
- * PolicyConfiguration Object is "deleted" or "inService" when this
- * method is called.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the addToUncheckedPolicy method signature.
- * The exception thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public void addToUncheckedPolicy(PermissionCollection permissions)
- throws PolicyContextException {
-
- assertStateIsOpen();
-
- if (permissions != null) {
- checkSetPolicyPermission();
- for(Enumeration e = permissions.elements(); e.hasMoreElements();){
- this.getUncheckedPermissions().add((Permission) e.nextElement());
- writeOnCommit = true;
- }
- }
- }
-
- /**
- * Used to add a single unchecked policy statement to this
- * PolicyConfiguration.
- * <P>
- * @param permission the permission to be added
- * to the unchecked policy statements.
- *
- * @throws java.lang.SecurityException
- * if called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission.
- *
- * @throws java.lang.UnsupportedOperationException
- * if the state of the policy context whose interface is this
- * PolicyConfiguration Object is "deleted" or "inService" when this
- * method is called.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the addToUncheckedPolicy method signature.
- * The exception thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public void addToUncheckedPolicy(Permission permission)
- throws PolicyContextException{
-
- assertStateIsOpen();
-
-
- if (permission != null) {
- checkSetPolicyPermission();
- this.getUncheckedPermissions().add(permission);
- writeOnCommit = true;
- }
- }
-
- /**
- * Used to add excluded policy statements to this PolicyConfiguration.
- * <P>
- * @param permissions the collection of permissions to be added
- * to the excluded policy statements. The collection may be either
- * a homogenous or heterogenous collection.
- *
- * @throws java.lang.SecurityException
- * if called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission.
- *
- * @throws java.lang.UnsupportedOperationException
- * if the state of the policy context whose interface is this
- * PolicyConfiguration Object is "deleted" or "inService" when this
- * method is called.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the addToExcludedPolicy method signature.
- * The exception thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public void addToExcludedPolicy(PermissionCollection permissions)
- throws PolicyContextException {
-
- assertStateIsOpen();
-
- if (permissions != null) {
- checkSetPolicyPermission();
- for(Enumeration e = permissions.elements(); e.hasMoreElements();){
- this.getExcludedPermissions().add((Permission) e.nextElement());
- writeOnCommit = true;
- }
- }
- }
-
- /**
- * Used to add a single excluded policy statement to this
- * PolicyConfiguration.
- * <P>
- * @param permission the permission to be added
- * to the excluded policy statements.
- *
- * @throws java.lang.SecurityException
- * if called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission. fa
- *
- * @throws java.lang.UnsupportedOperationException
- * if the state of the policy context whose interface is this
- * PolicyConfiguration Object is "deleted" or "inService" when this
- * method is called.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the addToExcludedPolicy method signature.
- * The exception thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public void addToExcludedPolicy(Permission permission)
- throws PolicyContextException{
-
- assertStateIsOpen();
-
-
- if (permission != null) {
- checkSetPolicyPermission();
- this.getExcludedPermissions().add(permission);
- writeOnCommit = true;
- }
- }
-
- /**
- * Used to remove a role and all its permissions from this
- * PolicyConfiguration.
- * <P>
- * @param roleName the name of the role to remove from this
- * PolicyConfiguration. If the value of the roleName parameter is "*"
- * and no role with name "*" exists in this PolicyConfiguration,
- * then all roles must be removed from this PolicyConfiguration.
- *
- * @throws java.lang.SecurityException
- * if called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission.
- *
- * @throws java.lang.UnsupportedOperationException
- * if the state of the policy context whose interface is this
- * PolicyConfiguration Object is "deleted" or "inService" when this
- * method is called.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the removeRole method signature. The exception thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public void removeRole(String roleName)
- throws PolicyContextException{
-
- assertStateIsOpen();
-
- if(roleName != null && rolePermissionsTable != null) {
- checkSetPolicyPermission();
- if (rolePermissionsTable.remove(roleName) != null) {
- if (rolePermissionsTable.isEmpty()) {
- rolePermissionsTable = null;
- }
- writeOnCommit = true;
- } else if (roleName.equals("*")) {
- boolean wasEmpty = rolePermissionsTable.isEmpty();
- if (!wasEmpty) {
- rolePermissionsTable.clear();
- }
- rolePermissionsTable = null;
- if (!wasEmpty) {
- writeOnCommit = true;
- }
- }
- }
- }
-
- /**
- * Used to remove any unchecked policy statements from this
- * PolicyConfiguration.
- *
- * @throws java.lang.SecurityException
- * if called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission.
- *
- * @throws java.lang.UnsupportedOperationException
- * if the state of the policy context whose interface is this
- * PolicyConfiguration Object is "deleted" or "inService" when this
- * method is called.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the removeUncheckedPolicy method signature.
- * The exception thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public void removeUncheckedPolicy()
- throws PolicyContextException{
-
- assertStateIsOpen();
-
- checkSetPolicyPermission();
-
- if (uncheckedPermissions != null) {
- uncheckedPermissions = null;
- writeOnCommit = true;
- }
- }
-
- /**
- * Used to remove any excluded policy statements from this
- * PolicyConfiguration.
- *
- * @throws java.lang.SecurityException
- * if called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission.
- *
- * @throws java.lang.UnsupportedOperationException
- * if the state of the policy context whose interface is this
- * PolicyConfiguration Object is "deleted" or "inService" when this
- * method is called.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the removeExcludedPolicy method signature.
- * The exception thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public void removeExcludedPolicy()
- throws PolicyContextException{
-
- assertStateIsOpen();
-
- checkSetPolicyPermission();
-
- if (excludedPermissions != null) {
- excludedPermissions = null;
- writeOnCommit = true;
- }
- }
-
- /**
- * This method is used to set to "inService" the state of the policy context
- * whose interface is this PolicyConfiguration Object. Only those policy
- * contexts whose state is "inService" will be included in the policy
- * contexts processed by the Policy.refresh method. A policy context whose
- * state is "inService" may be returned to the "open" state by calling the
- * getPolicyConfiguration method of the PolicyConfiguration factory
- * with the policy context identifier of the policy context.
- * <P>
- * When the state of a policy context is "inService", calling any method
- * other than commit, delete, getContextID, or inService on its
- * PolicyConfiguration Object will cause an UnsupportedOperationException
- * to be thrown.
- *
- * @throws java.lang.SecurityException
- * if called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission.
- *
- * @throws java.lang.UnsupportedOperationException
- * if the state of the policy context whose interface is this
- * PolicyConfiguration Object is "deleted" when this
- * method is called.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the commit method signature. The exception thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public void commit() throws PolicyContextException{
-
- synchronized(refreshLock) {
- if(stateIs(DELETED_STATE)){
- String defMsg="Cannot perform Operation on a deleted PolicyConfiguration";
- String msg=localStrings.getLocalString("pc.invalid_op_for_state_delete",defMsg);
- logger.log(Level.WARNING,msg);
- throw new UnsupportedOperationException(defMsg);
-
- } else {
-
- try {
-
- checkSetPolicyPermission();
-
- if (stateIs(OPEN_STATE)) {
-
- generatePermissions();
-
- setState(INSERVICE_STATE);
- }
- } catch(Exception e){
- String defMsg="commit fail for contextod "+CONTEXT_ID;
- String msg=localStrings.getLocalString("pc.commit_failure",defMsg,new Object[]{CONTEXT_ID,e});
- logger.log(Level.SEVERE,msg);
- throw new PolicyContextException(e);
- }
- if (logger.isLoggable(Level.FINE)){
- logger.fine("JACC Policy Provider: PC.commit "+CONTEXT_ID);
- }
- }
-
- }
- }
-
- /**
- * Creates a relationship between this configuration and another
- * such that they share the same principal-to-role mappings.
- * PolicyConfigurations are linked to apply a common principal-to-role
- * mapping to multiple seperately manageable PolicyConfigurations,
- * as is required when an application is composed of multiple
- * modules.
- * <P>
- * Note that the policy statements which comprise a role, or comprise
- * the excluded or unchecked policy collections in a PolicyConfiguration
- * are unaffected by the configuration being linked to another.
- * <P>
- * @param link a reference to a different PolicyConfiguration than this
- * PolicyConfiguration.
- * <P>
- * The relationship formed by this method is symetric, transitive
- * and idempotent. If the argument PolicyConfiguration does not have a
- * different Policy context identifier than this PolicyConfiguration
- * no relationship is formed, and an exception, as described below, is
- * thrown.
- *
- * @throws java.lang.SecurityException
- * if called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission.
- *
- * @throws java.lang.UnsupportedOperationException
- * if the state of the policy context whose interface is this
- * PolicyConfiguration Object is "deleted" or "inService" when this
- * method is called.
- *
- * @throws java.lang.IllegalArgumentException
- * if called with an argument PolicyConfiguration whose Policy context
- * is equivalent to that of this PolicyConfiguration.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the linkConfiguration method signature. The exception
- * thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public void linkConfiguration(PolicyConfiguration link) throws PolicyContextException {
-
- assertStateIsOpen();
-
- String linkId = link.getContextID();
- if (this.CONTEXT_ID.equals(linkId)) {
- String defMsg="Operation attempted to link PolicyConfiguration to itself.";
- String msg=localStrings.getLocalString("pc.unsupported_link_operation",defMsg);
- logger.log(Level.WARNING,msg);
- throw new IllegalArgumentException(defMsg);
- }
-
- checkSetPolicyPermission();
-
- updateLinkTable(linkId);
-
- }
-
- /**
- * Causes all policy statements to be deleted from this PolicyConfiguration
- * and sets its internal state such that calling any method, other than
- * delete, getContextID, or inService on the PolicyConfiguration will
- * be rejected and cause an UnsupportedOperationException to be thrown.
- * <P>
- * This operation has no affect on any linked PolicyConfigurations
- * other than removing any links involving the deleted PolicyConfiguration.
- *
- * @throws java.lang.SecurityException
- * if called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the delete method signature. The exception thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public void delete() throws PolicyContextException
- {
- checkSetPolicyPermission();
- synchronized(refreshLock) {
- try {
- removePolicy();
- } finally {
- setState(DELETED_STATE);
- }
- }
- }
-
- /**
- * This method is used to determine if the policy context whose interface is
- * this PolicyConfiguration Object is in the "inService" state.
- *
- * @return true if the state of the associated policy context is
- * "inService"; false otherwise.
- *
- * @throws java.lang.SecurityException
- * if called by an AccessControlContext that has not been
- * granted the "setPolicy" SecurityPermission.
- *
- * @throws jakarta.security.jacc.PolicyContextException
- * if the implementation throws a checked exception that has not been
- * accounted for by the inService method signature. The exception thrown
- * by the implementation class will be encapsulated (during construction)
- * in the thrown PolicyContextException.
- */
- public boolean inService() throws PolicyContextException{
- checkSetPolicyPermission();
- boolean rvalue = stateIs(INSERVICE_STATE);
-
- if (logger.isLoggable(Level.FINE)) {
- logger.fine("JACC Policy Provider: inService: " +
- (rvalue ? "true " : "false ") +
- CONTEXT_ID);
- }
-
- return rvalue;
- }
-
- // The following methods are implementation specific
-
- protected void checkSetPolicyPermission() {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null) {
- if (setPolicyPermission == null) {
- setPolicyPermission = new java.security.SecurityPermission("setPolicy");
- }
- sm.checkPermission(setPolicyPermission);
- }
- }
-
- // get the policy object
- protected java.security.Policy getPolicy(){
- if (stateIs(INSERVICE_STATE)) {
- return this.policy;
- }
- if (logger.isLoggable(Level.FINEST)) {
- logger.finest("JACC Policy Provider: getPolicy ("+CONTEXT_ID+") is NOT in service");
- }
- return null;
- }
-
- // get the policy object
- protected Permissions getExcludedPolicy(){
- return stateIs(INSERVICE_STATE) ? this.excludedPermissions : null;
- }
-
- // called by PolicyWrapper to refresh context specific policy object.
- protected void refresh(boolean force){
-
- synchronized(refreshLock){
- if (stateIs(INSERVICE_STATE) &&
- (wasRefreshed == false || force || filesChanged())) {
-
- // find open policy.url
- int i = 0;
- String value = null;
- String urlKey = null;
- while (true) {
- urlKey = PROVIDER_URL+(++i);
- value = getSecurityProperty(urlKey);
- if (value == null || value.equals("")) {
- break;
- }
- }
-
- try {
- setSecurityProperty(urlKey, policyUrlValue);
-
- if (fileChanged(false)) {
- excludedPermissions = loadExcludedPolicy();
- }
-
- // capture time before load, to ensure that we
- // have a time that precedes load
- captureFileTime(true);
-
- if (policy == null) {
- policy = getNewPolicy();
- } else {
- policy.refresh();
- if (logger.isLoggable(Level.FINE)){
- logger.fine("JACC Policy Provider: Called Policy.refresh on contextId: "+CONTEXT_ID+" policyUrlValue was "+policyUrlValue);
- }
- }
- wasRefreshed = true;
- } finally {
- // can't setProperty back to null, workaround is to
- // use empty string
- setSecurityProperty(urlKey, "");
- }
- }
- }
- }
-
- private java.security.Policy getNewPolicy() {
- Object wrapper = java.security.Policy.getPolicy();
- if (wrapper != null && wrapper instanceof BasePolicyWrapper) {
- return ((BasePolicyWrapper) wrapper).getNewPolicy();
- } else {
- try {
- return Policy.getInstance("JavaPolicy", null);
- } catch (NoSuchAlgorithmException e) {
- // TODO Auto-generated catch block
- throw new IllegalSignatureException(e);
- }
- }
- }
-
- private void captureFileTime(boolean granted) {
- String name = getPolicyFileName(granted);
- File f = new File(name);
- lastModTimes[(int) (granted ? 1 : 0)] = f.lastModified();
- }
-
- private boolean _fileChanged(boolean granted, File f) {
- return !(lastModTimes[(int) (granted ? 1 : 0)] == f.lastModified());
- }
-
- private boolean fileChanged(boolean granted) {
- String name = getPolicyFileName(granted);
- File f = new File(name);
- return _fileChanged(granted,f);
- }
-
- private boolean filesChanged() {
- return (fileChanged(true) || fileChanged(false));
- }
-
- /**
- * tests if policy file has arrived (via synchronization system).
- * if File exists, also checks last modified time, in case file was
- * not deleted on transition out of inservice state. Called when context
- * is not inService to determine if it was needs to be transitioned
- * because of file distribution.
- * @param granted selects granted or excluded policy file
- * @return true if new file has arrived.
- */
- private boolean fileArrived(boolean granted) {
- String name = getPolicyFileName(granted);
- File f = new File(name);
- boolean rvalue = ( f.exists() && _fileChanged(granted,f) );
-
- if (logger.isLoggable(Level.FINE)){
- logger.fine("JACC Policy Provider: file arrival check" +
- " type: " + (granted? "granted " : "excluded ") +
- " arrived: " + rvalue +
- " exists: " + f.exists() +
- " lastModified: " + f.lastModified() +
- " storedTime: " + lastModTimes[(int) (granted ? 1 : 0)] +
- " state: " + (this.state == OPEN_STATE ? "open " : "deleted ") +
- CONTEXT_ID);
- }
-
- return rvalue;
- }
-
- // initilaize the internal data structures.
- // if open, then mark state as open
- // if remove, then remove any existing policy statements
- // if fromFile (and not remove), then mark state as in service,
- // and not requiring write on commit
- // if fromFile (and remove), then remove and mark state as open
- protected void initialize(boolean open, boolean remove, boolean fromFile) {
- synchronized(refreshLock) {
- String name = getPolicyFileName(true);
- if (open || remove) {
- setState(OPEN_STATE);
- } else {
- setState(INSERVICE_STATE);
- }
- try {
- if (remove) {
- removePolicy();
- }
-
- policyUrlValue =
- fileToEncodedURL(new File(name));
- if (fromFile && !remove) {
- uncheckedPermissions = null;
- rolePermissionsTable = null;
- excludedPermissions = loadExcludedPolicy();
- initLinkTable();
- captureFileTime(true);
- writeOnCommit = false;
- }
- wasRefreshed = false;
- } catch (java.net.MalformedURLException mue) {
- String defMsg="Unable to convert Policy file Name to URL: "+name;
- String msg=localStrings.getLocalString("pc.file_to_url",defMsg, new Object[]{name,mue});
- logger.log(Level.SEVERE,msg);
- throw new RuntimeException(defMsg);
- }
- }
- }
-
- public static String fileToEncodedURL(File file) throws MalformedURLException {
- try {
- String filePath = new URI("file", file.getAbsolutePath(), null)
- .toASCIIString()
- .substring("file:".length());
-
- if (!filePath.startsWith("/")) {
- filePath = "/" + filePath;
- }
-
- if (file.isDirectory() && !filePath.endsWith("/")) {
- filePath = filePath + "/";
- }
-
- return new URL("file", "", filePath).toString();
- } catch (URISyntaxException e) {
- throw new IllegalStateException(e);
- }
- }
-
- private String getPolicyFileName(boolean granted) {
- return granted ?
- getContextDirectoryName()+File.separator+"granted"+policySuffix :
- getContextDirectoryName()+File.separator+"excluded"+policySuffix;
- }
-
- private String getContextDirectoryName() {
- if (repository == null) {
- throw new RuntimeException("JACC Policy provider: repository not initialized");
- }
- return fact.getContextDirectoryName(CONTEXT_ID);
- }
-
-
-
- // remove the directory used ot hold the context's policy files
- private void removePolicyContextDirectory(){
- String directoryName = getContextDirectoryName();
- File f = new File(directoryName);
- if(f.exists()){
-
- // WORKAROUND: due to existence of timestamp file in given directory
- // for SE/EE synchronization
- File[] files = f.listFiles();
- if (files != null && files.length > 0) {
- for (int i = 0; i < files.length; i++) {
- if(!files[i].delete()) {
- String msg = localStrings.getLocalString("pc.file_delete_error","Error while deleting policy file");
- logger.log(Level.SEVERE,msg);
- throw new RuntimeException(msg);
- }
- }
- }
- //WORKAROUND: End
-
- if (!f.delete()) {
- String defMsg = "Failure removing policy context directory: "+directoryName;
- String msg=localStrings.getLocalString("pc.file_delete_error", defMsg);
- logger.log(Level.SEVERE,msg);
- throw new RuntimeException(defMsg);
- } else if(logger.isLoggable(Level.FINE)){
- logger.fine("JACC Policy Provider: Policy context directory removed: "+directoryName);
- }
-
- File appDir = f.getParentFile();
- // WORKAROUND: due to existence of timestamp file in given directory
- // for SE/EE synchronization
- File[] fs = appDir.listFiles();
- if (fs != null && fs.length > 0) {
- boolean hasDir = false;
- for (int i = 0; i < fs.length; i++) {
- if (fs[i].isDirectory()) {
- hasDir = true;
- break;
- }
- }
- if (!hasDir) {
- for (int i = 0; i < fs.length; i++) {
- fs[i].delete();
- }
- }
- }
- //WORKAROUND: End
-
- File[] moduleDirs = appDir.listFiles();
- if (moduleDirs == null || moduleDirs.length == 0) {
- if (!appDir.delete()) {
- String defMsg = "Failure removing policy context directory: " + appDir;
- String msg = localStrings.getLocalString("pc.file_delete_error", defMsg);
- logger.log(Level.SEVERE,msg);
- throw new RuntimeException(defMsg);
- }
- }
- }
- }
-
- // remove the external (file) policy statements.
- private void removePolicyFile(boolean granted){
- String fileName = getPolicyFileName(granted);
- File f = new File(fileName);
- if(f.exists()){
- if (!f.delete()) {
- String defMsg = "Failure removing policy file: "+fileName;
- String msg=localStrings.getLocalString("pc.file_delete_error", defMsg,new Object []{ fileName} );
- logger.log(Level.SEVERE,msg);
- throw new RuntimeException(defMsg);
- } else if(logger.isLoggable(Level.FINE)){
- logger.fine("JACC Policy Provider: Policy file removed: "+fileName);
- }
- }
- }
-
- // remove the internal and external (file) policy statements.
- private void removePolicy(){
- excludedPermissions = null;
- uncheckedPermissions = null;
- rolePermissionsTable = null;
- removePolicyFile(true);
- removePolicyFile(false);
- removePolicyContextDirectory();
- initLinkTable();
- policy = null;
- writeOnCommit = true;
- }
-
- private void initLinkTable() {
-
- synchronized(refreshLock) {
- // get the linkSet corresponding to this context.
- Set linkSet = (Set) fact.getLinkTable().get(CONTEXT_ID);
- // remobe this context id from the linkSet (which may be shared
- // with other contexts), and unmap the linkSet form this context.
- if (linkSet != null) {
- linkSet.remove(CONTEXT_ID);
- fact.getLinkTable().remove(CONTEXT_ID);
- }
-
- // create a new linkSet with onlythis context id, and put it in the table.
- linkSet = new HashSet();
- linkSet.add(CONTEXT_ID);
- fact.getLinkTable().put(CONTEXT_ID,linkSet);
- }
- }
-
- private void updateLinkTable(String otherId) {
-
- synchronized(refreshLock) {
-
- // get the linkSet corresponding to this context
- Set linkSet = (Set) fact.getLinkTable().get(CONTEXT_ID);
- // get the linkSet corresponding to the context being linked to this
- Set otherLinkSet = (Set) fact.getLinkTable().get(otherId);
-
- if (otherLinkSet == null) {
- String defMsg="Linked policy configuration ("+otherId+") does not exist";
- //String msg = localStrings.getLocalString("pc.invalid_link_target",defMsg, new Object []{otherId});
- logger.log(Level.SEVERE,"pc.invalid_link_target",otherId);
- throw new RuntimeException(defMsg);
- } else {
- Iterator it = otherLinkSet.iterator();
- // for each context (id) linked to the context being linked to this
- while (it.hasNext()) {
- String id = (String) it.next();
- //add the id to this linkSet
- linkSet.add(id);
- //replace the linkset mapped to all the contexts being linked
- //to this context, with this linkset.
- fact.getLinkTable().put(id,linkSet);
- }
- }
- }
- }
-
- private void setState(int stateValue) {
- wLock.lock();
- try {
- this.state = stateValue;
- } finally {
- wLock.unlock();
- }
- }
-
-
- private boolean _stateIs(int stateValue) {
- rLock.lock();
- try {
- return (this.state == stateValue);
- } finally {
- rLock.unlock();
- }
- }
-
- /**
- * checks if PolicyContex is in agrument state.
- * Detects implicpit state changes resulting from
- * distribution of policy files by synchronization
- * system.
- * @param stateValue state the context is tested for
- * @return true if in state.
- */
- private boolean stateIs(int stateValue) {
- boolean inState = _stateIs(stateValue);
- if (stateValue == INSERVICE_STATE && !inState) {
- if (fileArrived(true) || fileArrived(false)) {
-
- if (logger.isLoggable(Level.FINE)){
- logger.fine("JACC Policy Provider: file arrived transition to inService: " +
- " state: " + (this.state == OPEN_STATE ? "open " : "deleted ") +
- CONTEXT_ID);
- }
-
- // initialize(!open,!remove,fromFile)
- initialize(false,false,true);
- }
- inState = _stateIs(INSERVICE_STATE);
- }
-
- return inState;
- }
-
-
- private void assertStateIsOpen() {
-
- if (!stateIs(OPEN_STATE)){
- String defMsg="Operation invoked on closed or deleted PolicyConfiguration.";
- String msg = localStrings.getLocalString("pc.op_requires_state_open",defMsg);
- logger.log(Level.WARNING, msg);
- throw new UnsupportedOperationException(defMsg);
- }
- }
-
-
-
- private Permissions getUncheckedPermissions() {
- if (uncheckedPermissions == null) {
- uncheckedPermissions = new Permissions();
- }
- return uncheckedPermissions;
- }
-
- private Permissions getExcludedPermissions() {
- if (excludedPermissions == null) {
- excludedPermissions = new Permissions();
- }
- return excludedPermissions;
- }
-
- private Permissions getRolePermissions(String roleName) {
- if (rolePermissionsTable == null) rolePermissionsTable = new HashMap();
- Permissions rolePermissions = (Permissions) rolePermissionsTable.get(roleName);
- if (rolePermissions == null) {
- rolePermissions = new Permissions();
- rolePermissionsTable.put(roleName,rolePermissions);
- }
- return rolePermissions;
- }
-
- // This method workarounds a bug in PolicyParser.write(...).
- private String escapeName(String name) {
- return (name != null && name.indexOf('"') > 0) ?
- name.replaceAll("\"", "\\\\\"") : name;
- }
-
- private void generatePermissions()
-
- throws java.io.FileNotFoundException, java.io.IOException {
-
- // optimization - return if the rules have not changed
-
- if (!writeOnCommit) return;
-
- // otherwise proceed to write policy file
-
- Map roleToSubjectMap = null;
- SecurityRoleMapperFactory factory=SecurityRoleMapperFactoryGen.getSecurityRoleMapperFactory();
- if (rolePermissionsTable != null) {
- // Make sure a role to subject map has been defined for the Policy Context
- if (factory != null) {
- // the rolemapper is stored against the
- // appname, for a web app get the appname for this contextid
- SecurityRoleMapper srm = factory.getRoleMapper(CONTEXT_ID);
- if (srm != null) {
- roleToSubjectMap = srm.getRoleToSubjectMapping();
- }
- if (roleToSubjectMap != null) {
- // make sure all liked PC's have the same roleToSubjectMap
- Set linkSet = (Set) fact.getLinkTable().get(CONTEXT_ID);
- if (linkSet != null) {
- Iterator it = linkSet.iterator();
- while (it.hasNext()) {
- String contextId = (String)it.next();
- if (!CONTEXT_ID.equals(contextId)) {
- SecurityRoleMapper otherSrm = factory.getRoleMapper(contextId);
- Map otherRoleToSubjectMap = null;
-
- if (otherSrm != null) {
- otherRoleToSubjectMap = otherSrm.getRoleToSubjectMapping();
- }
-
- if (otherRoleToSubjectMap != roleToSubjectMap) {
- String defMsg="Linked policy contexts have different roleToSubjectMaps ("+CONTEXT_ID+")<->("+contextId+")";
- String msg=localStrings.getLocalString("pc.linked_with_different_role_maps",defMsg,new Object []{CONTEXT_ID,contextId});
- logger.log(Level.SEVERE,msg);
- throw new RuntimeException(defMsg);
- }
- }
- }
- }
- }
- }
- }
-
- if (roleToSubjectMap == null && rolePermissionsTable != null) {
- String defMsg="This application has no role mapper factory defined";
- String msg=localStrings.getLocalString("pc.role_map_not_defined_at_commit",defMsg,new Object []{CONTEXT_ID});
- logger.log(Level.SEVERE,msg);
- throw new RuntimeException
- (localStrings.getLocalString
- ("enterprise.deployment.deployment.norolemapperfactorydefine",defMsg));
- }
-
- PolicyParser parser = new PolicyParser(false);
-
- // load unchecked grants in parser
- if (uncheckedPermissions != null) {
- Enumeration pEnum = uncheckedPermissions.elements();
- if (pEnum.hasMoreElements()) {
- GrantEntry grant = new GrantEntry();
- while (pEnum.hasMoreElements()) {
- Permission p = (Permission) pEnum.nextElement();
- PermissionEntry entry =
- new PermissionEntry(p.getClass().getName(),
- p.getName(),p.getActions());
- grant.add(entry);
- }
- parser.add(grant);
- }
- }
-
- // load role based grants in parser
- if (rolePermissionsTable != null) {
- Iterator roleIt = rolePermissionsTable.keySet().iterator();
- while (roleIt.hasNext()) {
- boolean withPrincipals = false;
- String roleName = (String) roleIt.next();
- Permissions rolePerms = getRolePermissions(roleName);
- Subject rolePrincipals = (Subject) roleToSubjectMap.get(roleName);
- if (rolePrincipals != null) {
- Iterator pit = rolePrincipals.getPrincipals().iterator();
- while (pit.hasNext()){
- Principal prin = (Principal) pit.next();
-
- if (prin != null) {
- withPrincipals = true;
- PrincipalEntry prinEntry =
- new PrincipalEntry(prin.getClass().getName(),
- escapeName(prin.getName()));
- GrantEntry grant = new GrantEntry();
- grant.principals.add(prinEntry);
- Enumeration pEnum = rolePerms.elements();
- while (pEnum.hasMoreElements()) {
- Permission perm = (Permission) pEnum.nextElement();
- PermissionEntry permEntry =
- new PermissionEntry(perm.getClass().getName(),
- perm.getName(),
- perm.getActions());
- grant.add(permEntry);
- }
- parser.add(grant);
- }
- else {
- String msg = localStrings.getLocalString("pc.non_principal_mapped_to_role",
- "non principal mapped to role "+roleName,new Object[]{prin,roleName});
- logger.log(Level.WARNING,msg);
- }
- }
- }
- /**
- * JACC MR8 add grant for the any authenticated user role '**'
- */
- if (!withPrincipals && ("**".equals(roleName))) {
- withPrincipals = true;
- PrincipalEntry prinEntry = new PrincipalEntry(
- PrincipalEntry.WILDCARD_CLASS,PrincipalEntry.WILDCARD_NAME);
- GrantEntry grant = new GrantEntry();
- grant.principals.add(prinEntry);
- Enumeration pEnum = rolePerms.elements();
- while (pEnum.hasMoreElements()) {
- Permission perm = (Permission) pEnum.nextElement();
- PermissionEntry permEntry =
- new PermissionEntry(perm.getClass().getName(),
- perm.getName(),
- perm.getActions());
- grant.add(permEntry);
- }
- parser.add(grant);
- if(logger.isLoggable (Level.FINE)){
- logger.fine("JACC Policy Provider: added role grant for any authenticated user");
- }
- }
- if (!withPrincipals) {
- String msg = localStrings.getLocalString("pc.no_principals_mapped_to_role",
- "no principals mapped to role "+roleName, new Object []{ roleName});
- logger.log(Level.WARNING,msg);
- }
- }
- }
-
- writeOnCommit = createPolicyFile(true,parser,writeOnCommit);
-
- // load excluded perms in excluded parser
- if (excludedPermissions != null) {
-
- PolicyParser excludedParser = new PolicyParser(false);
-
- Enumeration pEnum = excludedPermissions.elements();
- if (pEnum.hasMoreElements()) {
- GrantEntry grant = new GrantEntry();
- while (pEnum.hasMoreElements()) {
- Permission p = (Permission) pEnum.nextElement();
- PermissionEntry entry =
- new PermissionEntry(p.getClass().getName(),
- p.getName(),p.getActions());
- grant.add(entry);
- }
- excludedParser.add(grant);
- }
-
- writeOnCommit = createPolicyFile(false,excludedParser,writeOnCommit);
- }
-
- if (!writeOnCommit) wasRefreshed = false;
- }
-
- private void createPolicyContextDirectory() {
-
- String contextDirectoryName = getContextDirectoryName();
- File d = new File(contextDirectoryName);
-
- String defMsg = "unable to create policy context directory";
- String msg = localStrings.getLocalString("pc.unable_to_create_context_directory",
- defMsg, new Object[]{contextDirectoryName});
- if (d.exists()) {
- if (!d.isDirectory()) {
-
- logger.log(Level.SEVERE, msg);
- throw new RuntimeException(defMsg);
- }
- } else {
- if (!d.mkdirs()) {
- logger.log(Level.SEVERE, msg);
- throw new RuntimeException(defMsg);
- }
- }
- }
-
- // returns false if write succeeds. otherwise returns input woc (i.e. writeOnCommit)
- private boolean createPolicyFile
- (boolean granted, PolicyParser parser, boolean woc) throws java.io.IOException {
-
- boolean result = woc;
- createPolicyContextDirectory();
- removePolicyFile(granted);
- String name = getPolicyFileName(granted);
- OutputStreamWriter writer = null;
- try {
- if(logger.isLoggable (Level.FINE)){
- logger.fine("JACC Policy Provider: Writing grant statements to policy file: "+name);
- }
- writer = new OutputStreamWriter(new FileOutputStream(name), "UTF-8");
- parser.write(writer);
- result = false;
- } catch(java.io.FileNotFoundException fnfe) {
- String msg=localStrings.getLocalString("pc.file_error","file not found "+name,
- new Object []{name, fnfe});
- logger.log(Level.SEVERE,msg);
- throw fnfe;
- } catch(java.io.IOException ioe){
- String msg=localStrings.getLocalString("pc.file_write_error","file IO error on file "+name,
- new Object []{name,ioe});
- logger.log(Level.SEVERE,msg);
- throw ioe;
- } finally {
- if (writer != null) {
- try {
- writer.close();
- captureFileTime(granted);
- } catch (Exception e) {
- String defMsg="Unable to close Policy file: "+name;
- String msg=localStrings.getLocalString("pc.file_close_error",defMsg,new Object []{name,e});
- logger.log(Level.SEVERE,msg);
- throw new RuntimeException(defMsg);
- }
- }
- }
- return result;
- }
-
- private Permission loadPermission(String className,String name,String actions){
- Class clazz = null;
- Permission permission = null;
- try{
- clazz = Class.forName(className);
- Constructor c = clazz.getConstructor(permissionParams);
- permission = (Permission) c.newInstance(new Object[] { name, actions });
- } catch(Exception e){
- String defMsg="PolicyConfiguration error loading permission";
- String msg=localStrings.getLocalString("pc.permission_load_error",defMsg,
- new Object []{className, e});
- logger.log(Level.SEVERE,msg);
- throw new RuntimeException(defMsg,e);
- }
- return permission;
- }
-
- private Permissions loadExcludedPolicy() {
- Permissions result = null;
- String name = getPolicyFileName(false);
- FileReader reader = null;
- PolicyParser parser = new PolicyParser(false);
- try {
- captureFileTime(false);
- reader = new FileReader(name);
- parser.read(reader);
- } catch (java.io.FileNotFoundException fnf) {
- //Just means there is no excluded Policy file, which
- // is the typical case
- parser = null;
- } catch (java.io.IOException ioe) {
- String defMsg="Error reading Policy file: "+name;
- String msg=localStrings.getLocalString("pc.file_read_error",defMsg,
- new Object []{name, ioe});
- logger.log(Level.SEVERE,msg);
- throw new RuntimeException(defMsg);
- } catch ( ParsingException pe) {
- String defMsg="Unable to parse Policy file: "+name;
- String msg=localStrings.getLocalString("pc.policy_parsing_exception",defMsg,
- new Object []{name,pe});
- logger.log(Level.SEVERE,msg);
- throw new RuntimeException(defMsg);
- } finally {
- if (reader != null) {
- try {
- reader.close();
- } catch (Exception e) {
- String defMsg="Unable to close Policy file: "+name;
- String msg=localStrings.getLocalString("pc.file_close_error",defMsg,
- new Object []{name,e});
- logger.log(Level.SEVERE,msg);
- throw new RuntimeException(defMsg);
- }
- }
- }
-
- if (parser != null) {
- Enumeration grants = parser.grantElements();
- while (grants.hasMoreElements()) {
- GrantEntry grant = (GrantEntry) grants.nextElement();
- if (grant.codeBase != null || grant.signedBy != null ||
- grant.principals.size() != 0) {
- String msg=localStrings.getLocalString("pc.excluded_grant_context_ignored",
- "ignore excluded grant context", new Object []{grant});
- logger.log(Level.WARNING,msg);
- } else {
- Enumeration perms = grant.permissionEntries.elements();
- while (perms.hasMoreElements()) {
- PermissionEntry entry = (PermissionEntry) perms.nextElement();
- Permission p =
- loadPermission(entry.permission,entry.name,entry.action);
- if (result == null) {
- result = new Permissions();
- }
- result.add(p);
- }
- }
- }
- }
-
- return result;
- }
-
- private void setSecurityProperty(final String key, final String value) {
- if (System.getSecurityManager() == null) {
- java.security.Security.setProperty(key, value);
- } else {
- java.security.AccessController.doPrivileged(
- new java.security.PrivilegedAction() {
-
- public java.lang.Object run() {
- java.security.Security.setProperty(key, value);
- return null;
- }
- });
- }
- }
-
- private String getSecurityProperty(final String key) {
- if (System.getSecurityManager() == null) {
- return java.security.Security.getProperty(key);
- } else {
- return java.security.AccessController.doPrivileged(
- new java.security.PrivilegedAction<String>() {
-
- public String run() {
- return java.security.Security.getProperty(key);
-
- }
- });
- }
- }
-}
-
-
-
-
-
diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/PolicyParser.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/PolicyParser.java
deleted file mode 100644
index 7295479..0000000
--- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/PolicyParser.java
+++ /dev/null
@@ -1,1225 +0,0 @@
-/*
- * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v. 2.0, which is available at
- * http://www.eclipse.org/legal/epl-2.0.
- *
- * This Source Code may also be made available under the following Secondary
- * Licenses when the conditions for such availability set forth in the
- * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
- * version 2 with the GNU Classpath Exception, which is available at
- * https://www.gnu.org/software/classpath/license.html.
- *
- * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
- */
-
-package com.sun.enterprise.security.provider;
-
-import java.io.*;
-import java.util.Enumeration;
-import java.util.LinkedList;
-import java.util.ListIterator;
-import java.util.Vector;
-import java.util.StringTokenizer;
-import java.text.MessageFormat;
-import javax.security.auth.x500.X500Principal;
-
-import java.security.GeneralSecurityException;
-import sun.security.util.Debug;
-import sun.security.util.PropertyExpander;
-import sun.security.util.ResourcesMgr;
-
-/**
- * The policy for a Java runtime (specifying
- * which permissions are available for code from various principals)
- * is represented as a separate
- * persistent configuration. The configuration may be stored as a
- * flat ASCII file, as a serialized binary file of
- * the Policy class, or as a database. <p>
- *
- * <p>The Java runtime creates one global Policy object, which is used to
- * represent the static policy configuration file. It is consulted by
- * a ProtectionDomain when the protection domain initializes its set of
- * permissions. <p>
- *
- * <p>The Policy <code>init</code> method parses the policy
- * configuration file, and then
- * populates the Policy object. The Policy object is agnostic in that
- * it is not involved in making policy decisions. It is merely the
- * Java runtime representation of the persistent policy configuration
- * file. <p>
- *
- * <p>When a protection domain needs to initialize its set of
- * permissions, it executes code such as the following
- * to ask the global Policy object to populate a
- * Permissions object with the appropriate permissions:
- * <pre>
- * policy = Policy.getPolicy();
- * Permissions perms = policy.getPermissions(protectiondomain)
- * </pre>
- *
- * <p>The protection domain contains CodeSource
- * object, which encapsulates its codebase (URL) and public key attributes.
- * It also contains the principals associated with the domain.
- * The Policy object evaluates the global policy in light of who the
- * principal is and what the code source is and returns an appropriate
- * Permissions object.
- *
- * @version 1.28, 01/14/00
- * @author Roland Schemers
- * @author Ram Marti
- *
- * @since 1.2
- */
-
-public class PolicyParser {
-
- // needs to be public for PolicyTool
- public static final String REPLACE_NAME = "PolicyParser.REPLACE_NAME";
-
- private static final String EXTDIRS_PROPERTY = "java.ext.dirs";
- private static final String OLD_EXTDIRS_EXPANSION =
- "${" + EXTDIRS_PROPERTY + "}";
-
- // package-private: used by PolicyFile for static policy
- static final String EXTDIRS_EXPANSION = "${{" + EXTDIRS_PROPERTY + "}}";
-
-
- private Vector grantEntries;
-
- // Convenience variables for parsing
- private static final Debug debug = Debug.getInstance("parser",
- "\t[Policy Parser]");
- private StreamTokenizer st;
- private int lookahead;
- private boolean expandProp = false;
- private String keyStoreUrlString = null; // unexpanded
- private String keyStoreType = null;
- private String keyStoreProvider = null;
- private String storePassURL = null;
-
- private String expand(String value)
- throws PropertyExpander.ExpandException
- {
- return expand(value, false);
- }
-
- private String expand(String value, boolean encodeURL)
- throws PropertyExpander.ExpandException
- {
- if (!expandProp) {
- return value;
- } else {
- return PropertyExpander.expand(value, encodeURL);
- }
- }
-
- /**
- * Creates a PolicyParser object.
- */
-
- public PolicyParser() {
- grantEntries = new Vector();
- }
-
-
- public PolicyParser(boolean expandProp) {
- this();
- this.expandProp = expandProp;
- }
-
- /**
- * Reads a policy configuration into the Policy object using a
- * Reader object. <p>
- *
- * @param policy the policy Reader object.
- *
- * @exception ParsingException if the policy configuration contains
- * a syntax error.
- *
- * @exception IOException if an error occurs while reading the policy
- * configuration.
- */
-
- public void read(Reader policy)
- throws ParsingException, IOException
- {
- if (!(policy instanceof BufferedReader)) {
- policy = new BufferedReader(policy);
- }
-
- /**
- * Configure the stream tokenizer:
- * Recognize strings between "..."
- * Don't convert words to lowercase
- * Recognize both C-style and C++-style comments
- * Treat end-of-line as white space, not as a token
- */
- st = new StreamTokenizer(policy);
-
- st.resetSyntax();
- st.wordChars('a', 'z');
- st.wordChars('A', 'Z');
- st.wordChars('.', '.');
- st.wordChars('0', '9');
- st.wordChars('_', '_');
- st.wordChars('$', '$');
- st.wordChars(128 + 32, 255);
- st.whitespaceChars(0, ' ');
- st.commentChar('/');
- st.quoteChar('\'');
- st.quoteChar('"');
- st.lowerCaseMode(false);
- st.ordinaryChar('/');
- st.slashSlashComments(true);
- st.slashStarComments(true);
-
- /**
- * The main parsing loop. The loop is executed once
- * for each entry in the config file. The entries
- * are delimited by semicolons. Once we've read in
- * the information for an entry, go ahead and try to
- * add it to the policy vector.
- *
- */
-
- lookahead = st.nextToken();
- while (lookahead != StreamTokenizer.TT_EOF) {
- if (peek("grant")) {
- GrantEntry ge = parseGrantEntry();
- // could be null if we couldn't expand a property
- if (ge != null)
- add(ge);
- } else if (peek("keystore") && keyStoreUrlString==null) {
- // only one keystore entry per policy file, others will be
- // ignored
- parseKeyStoreEntry();
- } else if (peek("keystorePasswordURL") && storePassURL==null) {
- // only one keystore passwordURL per policy file, others will be
- // ignored
- parseStorePassURL();
- } else {
- // error?
- }
- match(";");
- }
-
- if (keyStoreUrlString == null && storePassURL != null) {
- throw new ParsingException(ResourcesMgr.getString
- ("keystorePasswordURL can not be specified without also " +
- "specifying keystore"));
- }
- }
-
- public void add(GrantEntry ge)
- {
- grantEntries.addElement(ge);
- }
-
- public void replace(GrantEntry origGe, GrantEntry newGe)
- {
- grantEntries.setElementAt(newGe, grantEntries.indexOf(origGe));
- }
-
- public boolean remove(GrantEntry ge)
- {
- return grantEntries.removeElement(ge);
- }
-
- /**
- * Returns the (possibly expanded) keystore location, or null if the
- * expansion fails.
- */
- public String getKeyStoreUrl() {
- try {
- if (keyStoreUrlString!=null && keyStoreUrlString.length()!=0) {
- return expand(keyStoreUrlString, true).replace
- (File.separatorChar, '/');
- }
- } catch (PropertyExpander.ExpandException peee) {
- if (debug != null) {
- debug.println(peee.toString());
- }
- return null;
- }
- return null;
- }
-
- public void setKeyStoreUrl(String url) {
- keyStoreUrlString = url;
- }
-
- public String getKeyStoreType() {
- return keyStoreType;
- }
-
- public void setKeyStoreType(String type) {
- keyStoreType = type;
- }
-
- public String getKeyStoreProvider() {
- return keyStoreProvider;
- }
-
- public void setKeyStoreProvider(String provider) {
- keyStoreProvider = provider;
- }
-
- public String getStorePassURL() {
- try {
- if (storePassURL!=null && storePassURL.length()!=0) {
- return expand(storePassURL, true).replace
- (File.separatorChar, '/');
- }
- } catch (PropertyExpander.ExpandException peee) {
- if (debug != null) {
- debug.println(peee.toString());
- }
- return null;
- }
- return null;
- }
-
- public void setStorePassURL(String storePassURL) {
- this.storePassURL = storePassURL;
- }
-
- /**
- * Enumerate all the entries in the global policy object.
- * This method is used by policy admin tools. The tools
- * should use the Enumeration methods on the returned object
- * to fetch the elements sequentially.
- */
- public Enumeration grantElements(){
- return grantEntries.elements();
- }
-
- /**
- * write out the policy
- */
-
- public void write(Writer policy)
- {
- PrintWriter out = new PrintWriter(new BufferedWriter(policy));
-
- Enumeration enum_ = grantElements();
-
- out.println("/* AUTOMATICALLY GENERATED ON "+
- (new java.util.Date()) + "*/");
- out.println("/* DO NOT EDIT */");
- out.println();
-
- // write the (unexpanded) keystore entry as the first entry of the
- // policy file
- if (keyStoreUrlString != null) {
- writeKeyStoreEntry(out);
- }
- if (storePassURL != null) {
- writeStorePassURL(out);
- }
-
- // write "grant" entries
- while (enum_.hasMoreElements()) {
- GrantEntry ge = (GrantEntry) enum_.nextElement();
- ge.write(out);
- out.println();
- }
- out.flush();
- }
-
- /**
- * parses a keystore entry
- */
- private void parseKeyStoreEntry() throws ParsingException, IOException {
- match("keystore");
- keyStoreUrlString = match("quoted string");
-
- // parse keystore type
- if (!peek(",")) {
- return; // default type
- }
- match(",");
-
- if (peek("\"")) {
- keyStoreType = match("quoted string");
- } else {
- throw new ParsingException(st.lineno(),
- ResourcesMgr.getString("expected keystore type"));
- }
-
- // parse keystore provider
- if (!peek(",")) {
- return; // provider optional
- }
- match(",");
-
- if (peek("\"")) {
- keyStoreProvider = match("quoted string");
- } else {
- throw new ParsingException(st.lineno(),
- ResourcesMgr.getString("expected keystore provider"));
- }
- }
-
- private void parseStorePassURL() throws ParsingException, IOException {
- match("keyStorePasswordURL");
- storePassURL = match("quoted string");
- }
-
- /**
- * writes the (unexpanded) keystore entry
- */
- private void writeKeyStoreEntry(PrintWriter out) {
- out.print("keystore \"");
- out.print(keyStoreUrlString);
- out.print('"');
- if (keyStoreType != null && keyStoreType.length() > 0)
- out.print(", \"" + keyStoreType + "\"");
- if (keyStoreProvider != null && keyStoreProvider.length() > 0)
- out.print(", \"" + keyStoreProvider + "\"");
- out.println(";");
- out.println();
- }
-
- private void writeStorePassURL(PrintWriter out) {
- out.print("keystorePasswordURL \"");
- out.print(storePassURL);
- out.print('"');
- out.println(";");
- out.println();
- }
-
- /**
- * parse a Grant entry
- */
- private GrantEntry parseGrantEntry()
- throws ParsingException, IOException
- {
- GrantEntry e = new GrantEntry();
- LinkedList principals = null;
- boolean ignoreEntry = false;
-
- match("grant");
-
- while(!peek("{")) {
-
- if (peekAndMatch("Codebase")) {
- if (e.codeBase != null)
- throw new ParsingException(
- st.lineno(),
- ResourcesMgr.getString
- ("multiple Codebase expressions"));
- e.codeBase = match("quoted string");
- peekAndMatch(",");
- } else if (peekAndMatch("SignedBy")) {
- if (e.signedBy != null)
- throw new ParsingException(
- st.lineno(),
- ResourcesMgr.getString(
- "multiple SignedBy expressions"));
- e.signedBy = match("quoted string");
-
- // verify syntax of the aliases
- StringTokenizer aliases = new StringTokenizer(e.signedBy,
- ",", true);
- int actr = 0;
- int cctr = 0;
- while (aliases.hasMoreTokens()) {
- String alias = aliases.nextToken().trim();
- if (alias.equals(","))
- cctr++;
- else if (alias.length() > 0)
- actr++;
- }
- if (actr <= cctr)
- throw new ParsingException(
- st.lineno(),
- ResourcesMgr.getString(
- "SignedBy has empty alias"));
-
- peekAndMatch(",");
- } else if (peekAndMatch("Principal")) {
- if (principals == null) {
- principals = new LinkedList();
- }
-
- String principalClass;
- String principalName;
-
- if (peek("\"")) {
- // both the principalClass and principalName
- // will be replaced later
- principalClass = REPLACE_NAME;
- principalName = match("principal type");
- } else {
- // check for principalClass wildcard
- if (peek("*")) {
- match("*");
- principalClass = PrincipalEntry.WILDCARD_CLASS;
- } else {
- principalClass = match("principal type");
- }
-
- // check for principalName wildcard
- if (peek("*")) {
- match("*");
- principalName = PrincipalEntry.WILDCARD_NAME;
- } else {
- principalName = match("quoted string");
- }
-
- // disallow WILDCARD_CLASS && actual name
- if (principalClass.equals(PrincipalEntry.WILDCARD_CLASS) &&
- !principalName.equals(PrincipalEntry.WILDCARD_NAME)) {
- if (debug != null) {
- debug.println("disallowing principal that " +
- "has WILDCARD class but no WILDCARD name");
- }
- throw new ParsingException
- (st.lineno(),
- ResourcesMgr.getString
- ("can not specify Principal with a " +
- "wildcard class without a wildcard name"));
- }
- }
-
- try {
- principalName = expand(principalName);
-
- if (principalClass.equals
- ("javax.security.auth.x500.X500Principal") &&
- !principalName.equals(PrincipalEntry.WILDCARD_NAME)) {
-
- // 4702543: X500 names with an EmailAddress
- // were encoded incorrectly. construct a new
- // X500Principal with correct encoding.
-
- X500Principal p = new X500Principal
- ((new X500Principal(principalName)).toString());
- principalName = p.getName();
- }
-
- principals.add
- (new PrincipalEntry(principalClass, principalName));
- } catch (PropertyExpander.ExpandException peee) {
- // ignore the entire policy entry
- // but continue parsing all the info
- // so we can get to the next entry
- if (debug != null) {
- debug.println("principal name expansion failed: " +
- principalName);
- }
- ignoreEntry = true;
- }
- peekAndMatch(",");
-
- } else {
- throw new ParsingException(st.lineno(),
- ResourcesMgr.getString(
- "expected codeBase or SignedBy or " +
- "Principal"));
- }
- }
-
- if (principals != null) e.principals = principals;
- match("{");
-
- while(!peek("}")) {
- if (peek("Permission")) {
- try {
- PermissionEntry pe = parsePermissionEntry();
- e.add(pe);
- } catch (PropertyExpander.ExpandException peee) {
- // ignore. The add never happened
- if (debug != null) {
- debug.println(peee.toString());
- }
- skipEntry(); // BugId 4219343
- }
- match(";");
- } else {
- throw new
- ParsingException(st.lineno(),
- ResourcesMgr.getString(
- "expected permission entry"));
- }
- }
- match("}");
-
- try {
- if (e.signedBy != null) e.signedBy = expand(e.signedBy);
- if (e.codeBase != null) {
-
- // For backward compatibility with 1.4
- if (e.codeBase.equals(OLD_EXTDIRS_EXPANSION)) {
- e.codeBase = EXTDIRS_EXPANSION;
- }
- int es;
- if ((es=e.codeBase.indexOf(EXTDIRS_EXPANSION)) < 0) {
- e.codeBase = expand(e.codeBase, true).replace
- (File.separatorChar, '/');
- } else {
- // expand the system property "java.ext.dirs",
- // parse it into its path components,
- // and then create a grant entry for each component
- String[] extDirs = parseExtDirs(e.codeBase, es);
- if (extDirs != null && extDirs.length > 0) {
- for (int i = 0; i < extDirs.length; i++) {
- GrantEntry newGe = (GrantEntry)e.clone();
- newGe.codeBase = extDirs[i];
- add(newGe);
-
- if (debug != null) {
- debug.println("creating policy entry for " +
- "expanded java.ext.dirs path:\n\t\t" +
- extDirs[i]);
- }
- }
- }
- ignoreEntry = true;
- }
- }
- } catch (PropertyExpander.ExpandException peee) {
- if (debug != null) {
- debug.println(peee.toString());
- }
- return null;
- }
-
- return (ignoreEntry == true) ? null : e;
- }
-
- /**
- * parse a Permission entry
- */
- private PermissionEntry parsePermissionEntry()
- throws ParsingException, IOException, PropertyExpander.ExpandException
- {
- PermissionEntry e = new PermissionEntry();
-
- // Permission
- match("Permission");
- e.permission = match("permission type");
-
- if (peek("\"")) {
- // Permission name
- e.name = expand(match("quoted string"));
- }
-
- if (!peek(",")) {
- return e;
- }
- match(",");
-
- if (peek("\"")) {
- e.action = expand(match("quoted string"));
- if (!peek(",")) {
- return e;
- }
- match(",");
- }
-
- if (peekAndMatch("SignedBy")) {
- e.signedBy = expand(match("quoted string"));
- }
- return e;
- }
-
- // package-private: used by PolicyFile for static policy
- static String[] parseExtDirs(String codebase, int start) {
-
- String s = System.getProperty(EXTDIRS_PROPERTY);
- String globalPrefix = (start > 0 ? codebase.substring(0, start) : "file:");
- int end = start + EXTDIRS_EXPANSION.length();
- String globalSuffix = (end < codebase.length() ? codebase.substring(end) :
- (String) null);
-
- String[] dirs = null;
- String localSuffix;
- if (s != null) {
- StringTokenizer st =
- new StringTokenizer(s, File.pathSeparator);
- int count = st.countTokens();
- dirs = new String[count];
- for (int i = 0; i < count; i++) {
- File file = new File(st.nextToken());
- dirs[i] = sun.net.www.ParseUtil.encodePath
- (file.getAbsolutePath());
-
- if (!dirs[i].startsWith("/")) {
- dirs[i] = "/" + dirs[i];
- }
-
- localSuffix = (globalSuffix == null ?
- (dirs[i].endsWith("/") ? "*" : "/*") :
- globalSuffix);
-
- dirs[i] = globalPrefix + dirs[i] + localSuffix;
- }
- }
- return dirs;
- }
-
- private boolean peekAndMatch(String expect)
- throws ParsingException, IOException
- {
- if (peek(expect)) {
- match(expect);
- return true;
- } else {
- return false;
- }
- }
-
- private boolean peek(String expect) {
- boolean found = false;
-
- switch (lookahead) {
-
- case StreamTokenizer.TT_WORD:
- if (expect.equalsIgnoreCase(st.sval))
- found = true;
- break;
- case ',':
- if (expect.equalsIgnoreCase(","))
- found = true;
- break;
- case '{':
- if (expect.equalsIgnoreCase("{"))
- found = true;
- break;
- case '}':
- if (expect.equalsIgnoreCase("}"))
- found = true;
- break;
- case '"':
- if (expect.equalsIgnoreCase("\""))
- found = true;
- break;
- case '*':
- if (expect.equalsIgnoreCase("*"))
- found = true;
- break;
- default:
-
- }
- return found;
- }
-
- private String match(String expect)
- throws ParsingException, IOException
- {
- String value = null;
-
- switch (lookahead) {
- case StreamTokenizer.TT_NUMBER:
- throw new ParsingException(st.lineno(), expect,
- ResourcesMgr.getString("number ") +
- String.valueOf(st.nval));
- case StreamTokenizer.TT_EOF:
- MessageFormat form = new MessageFormat(
- ResourcesMgr.getString
- ("expected [expect], read [end of file]"));
- Object[] source = {expect};
- throw new ParsingException(form.format(source));
- case StreamTokenizer.TT_WORD:
- if (expect.equalsIgnoreCase(st.sval)) {
- lookahead = st.nextToken();
- } else if (expect.equalsIgnoreCase("permission type")) {
- value = st.sval;
- lookahead = st.nextToken();
- } else if (expect.equalsIgnoreCase("principal type")) {
- value = st.sval;
- lookahead = st.nextToken();
- } else {
- throw new ParsingException(st.lineno(), expect,
- st.sval);
- }
- break;
- case '"':
- if (expect.equalsIgnoreCase("quoted string")) {
- value = st.sval;
- lookahead = st.nextToken();
- } else if (expect.equalsIgnoreCase("permission type")) {
- value = st.sval;
- lookahead = st.nextToken();
- } else if (expect.equalsIgnoreCase("principal type")) {
- value = st.sval;
- lookahead = st.nextToken();
- } else {
- throw new ParsingException(st.lineno(), expect, st.sval);
- }
- break;
- case ',':
- if (expect.equalsIgnoreCase(","))
- lookahead = st.nextToken();
- else
- throw new ParsingException(st.lineno(), expect, ",");
- break;
- case '{':
- if (expect.equalsIgnoreCase("{"))
- lookahead = st.nextToken();
- else
- throw new ParsingException(st.lineno(), expect, "{");
- break;
- case '}':
- if (expect.equalsIgnoreCase("}"))
- lookahead = st.nextToken();
- else
- throw new ParsingException(st.lineno(), expect, "}");
- break;
- case ';':
- if (expect.equalsIgnoreCase(";"))
- lookahead = st.nextToken();
- else
- throw new ParsingException(st.lineno(), expect, ";");
- break;
- case '*':
- if (expect.equalsIgnoreCase("*"))
- lookahead = st.nextToken();
- else
- throw new ParsingException(st.lineno(), expect, "*");
- break;
- default:
- throw new ParsingException(st.lineno(), expect,
- new String(new char[] {(char)lookahead}));
- }
- return value;
- }
-
- /**
- * skip all tokens for this entry leaving the delimiter ";"
- * in the stream.
- */
- private void skipEntry() throws ParsingException, IOException {
- while(lookahead != ';') {
- switch (lookahead) {
- case StreamTokenizer.TT_NUMBER:
- throw new ParsingException(st.lineno(), ";",
- ResourcesMgr.getString("number ") +
- String.valueOf(st.nval));
- case StreamTokenizer.TT_EOF:
- throw new ParsingException(ResourcesMgr.getString
- ("expected [;], read [end of file]"));
- default:
- lookahead = st.nextToken();
- }
- }
- }
-
- /**
- * Each grant entry in the policy configuration file is
- * represented by a
- * GrantEntry object. <p>
- *
- * <p>
- * For example, the entry
- * <pre>
- * grant signedBy "Duke" {
- * permission java.io.FilePermission "/tmp", "read,write";
- * };
- *
- * </pre>
- * is represented internally
- * <pre>
- *
- * pe = new PermissionEntry("java.io.FilePermission",
- * "/tmp", "read,write");
- *
- * ge = new GrantEntry("Duke", null);
- *
- * ge.add(pe);
- *
- * </pre>
- *
- * @author Roland Schemers
- *
- * version 1.19, 05/21/98
- */
-
- public static class GrantEntry implements Cloneable {
-
- public String signedBy;
- public String codeBase;
- public LinkedList principals;
- public Vector permissionEntries;
-
- public GrantEntry() {
- principals = new LinkedList();
- permissionEntries = new Vector();
- }
-
- public GrantEntry(String signedBy, String codeBase) {
- this.codeBase = codeBase;
- this.signedBy = signedBy;
- principals = new LinkedList();
- permissionEntries = new Vector();
- }
-
- public void add(PermissionEntry pe)
- {
- permissionEntries.addElement(pe);
- }
-
- public boolean remove(PrincipalEntry pe)
- {
- return principals.remove(pe);
- }
-
- public boolean remove(PermissionEntry pe)
- {
- return permissionEntries.removeElement(pe);
- }
-
- public boolean contains(PrincipalEntry pe)
- {
- return principals.contains(pe);
- }
-
- public boolean contains(PermissionEntry pe)
- {
- return permissionEntries.contains(pe);
- }
-
- /**
- * Enumerate all the permission entries in this GrantEntry.
- */
- public Enumeration permissionElements(){
- return permissionEntries.elements();
- }
-
-
- public void write(PrintWriter out) {
- out.print("grant");
- if (signedBy != null) {
- out.print(" signedBy \"");
- out.print(signedBy);
- out.print('"');
- if (codeBase != null)
- out.print(", ");
- }
- if (codeBase != null) {
- out.print(" codeBase \"");
- out.print(codeBase);
- out.print('"');
- if (principals != null && principals.size() > 0)
- out.print(",\n");
- }
- if (principals != null && principals.size() > 0) {
- ListIterator pli = principals.listIterator();
- while (pli.hasNext()) {
- out.print(" ");
- PrincipalEntry pe = (PrincipalEntry)pli.next();
- pe.write(out);
- if (pli.hasNext())
- out.print(",\n");
- }
- }
- out.println(" {");
- Enumeration enum_ = permissionEntries.elements();
- while (enum_.hasMoreElements()) {
- PermissionEntry pe =
- (PermissionEntry) enum_.nextElement();
- out.write(" ");
- pe.write(out);
- }
- out.println("};");
- }
-
- public Object clone() {
- try {
- super.clone();
- } catch (CloneNotSupportedException e) {
- if(debug != null) {
- debug.println(e.getMessage());
- }
- }
-
- GrantEntry ge = new GrantEntry();
- ge.codeBase = this.codeBase;
- ge.signedBy = this.signedBy;
- ge.principals = new LinkedList(this.principals);
- ge.permissionEntries = new Vector(this.permissionEntries);
- return ge;
- }
- }
-
- /**
- * Principal info (class and name) in a grant entry
- */
- public static class PrincipalEntry {
-
- public static final String WILDCARD_CLASS = "WILDCARD_PRINCIPAL_CLASS";
- public static final String WILDCARD_NAME = "WILDCARD_PRINCIPAL_NAME";
-
- String principalClass;
- String principalName;
-
- /**
- * A PrincipalEntry consists of the <code>Principal</code>
- * class and <code>Principal</code> name.
- *
- * <p>
- *
- * @param principalClass the <code>Principal</code> class. <p>
- *
- * @param principalName the <code>Principal</code> name. <p>
- */
- public PrincipalEntry(String principalClass, String principalName) {
- if (principalClass == null || principalName == null)
- throw new NullPointerException(ResourcesMgr.getString(
- "null principalClass or principalName"));
- this.principalClass = principalClass;
- this.principalName = principalName;
- }
-
- public String getPrincipalClass() {
- return principalClass;
- }
-
- public String getPrincipalName() {
- return principalName;
- }
-
- public String getDisplayClass() {
- if (principalClass.equals(WILDCARD_CLASS)) {
- return "*";
- } else if (principalClass.equals(REPLACE_NAME)) {
- return "";
- }
- else return principalClass;
- }
-
- public String getDisplayName() {
- return getDisplayName(false);
- }
-
- public String getDisplayName(boolean addQuote) {
- if (principalName.equals(WILDCARD_NAME)) {
- return "*";
- }
- else {
- if (addQuote) return "\"" + principalName + "\"";
- else return principalName;
- }
- }
-
- public String toString() {
- if (!principalClass.equals(REPLACE_NAME)) {
- return getDisplayClass() + "/" + getDisplayName();
- } else {
- return getDisplayName();
- }
- }
-
- /**
- * Test for equality between the specified object and this object.
- * Two PrincipalEntries are equal if their PrincipalClass and
- * PrincipalName values are equal.
- *
- * <p>
- *
- * @param obj the object to test for equality with this object.
- *
- * @return true if the objects are equal, false otherwise.
- */
- public boolean equals(Object obj) {
- if (this == obj)
- return true;
-
- if (!(obj instanceof PrincipalEntry))
- return false;
-
- PrincipalEntry that = (PrincipalEntry)obj;
- if (this.principalClass.equals(that.principalClass) &&
- this.principalName.equals(that.principalName)) {
- return true;
- }
-
- return false;
- }
-
- /**
- * Return a hashcode for this <code>PrincipalEntry</code>.
- *
- * <p>
- *
- * @return a hashcode for this <code>PrincipalEntry</code>.
- */
- public int hashCode() {
- return principalClass.hashCode();
- }
- public void write(PrintWriter out) {
- out.print("principal " + getDisplayClass() + " " +
- getDisplayName(true));
- }
- }
-
- /**
- * Each permission entry in the policy configuration file is
- * represented by a
- * PermissionEntry object. <p>
- *
- * <p>
- * For example, the entry
- * <pre>
- * permission java.io.FilePermission "/tmp", "read,write";
- * </pre>
- * is represented internally
- * <pre>
- *
- * pe = new PermissionEntry("java.io.FilePermission",
- * "/tmp", "read,write");
- * </pre>
- *
- * @author Roland Schemers
- *
- * version 1.19, 05/21/98
- */
-
- public static class PermissionEntry {
-
- public String permission;
- public String name;
- public String action;
- public String signedBy;
-
- public PermissionEntry() {
- }
-
- public PermissionEntry(String permission,
- String name,
- String action) {
- this.permission = permission;
- this.name = name;
- this.action = action;
- }
-
- /**
- * Calculates a hash code value for the object. Objects
- * which are equal will also have the same hashcode.
- */
- public int hashCode() {
- int retval = permission.hashCode();
- if (name != null) retval ^= name.hashCode();
- if (action != null) retval ^= action.hashCode();
- return retval;
- }
-
- public boolean equals(Object obj) {
- if (obj == this)
- return true;
-
- if (! (obj instanceof PermissionEntry))
- return false;
-
- PermissionEntry that = (PermissionEntry) obj;
-
- if (this.permission == null) {
- if (that.permission != null) return false;
- } else {
- if (!this.permission.equals(that.permission)) return false;
- }
-
- if (this.name == null) {
- if (that.name != null) return false;
- } else {
- if (!this.name.equals(that.name)) return false;
- }
-
- if (this.action == null) {
- if (that.action != null) return false;
- } else {
- if (!this.action.equals(that.action)) return false;
- }
-
- if (this.signedBy == null) {
- if (that.signedBy != null) return false;
- } else {
- if (!this.signedBy.equals(that.signedBy)) return false;
- }
-
- // everything matched -- the 2 objects are equal
- return true;
- }
-
- public void write(PrintWriter out) {
- out.print("permission ");
- out.print(permission);
- if (name != null) {
- out.print(" \"");
-
- // ATTENTION: regex with double escaping,
- // the normal forms look like:
- // $name =~ s/\\/\\\\/g; and
- // $name =~ s/\"/\\\"/g;
- // and then in a java string, it's escaped again
-
- out.print(name.replaceAll("\\\\", "\\\\\\\\").replaceAll("\\\"", "\\\\\\\""));
- out.print('"');
- }
- if (action != null) {
- out.print(", \"");
- out.print(action);
- out.print('"');
- }
- if (signedBy != null) {
- out.print(", signedBy \"");
- out.print(signedBy);
- out.print('"');
- }
- out.println(";");
- }
- }
-
- public static class ParsingException extends GeneralSecurityException {
-
- private static final long serialVersionUID = -4330692689482574072L;
-
- private String i18nMessage;
-
- /**
- * Constructs a ParsingException with the specified
- * detail message. A detail message is a String that describes
- * this particular exception, which may, for example, specify which
- * algorithm is not available.
- *
- * @param msg the detail message.
- */
- public ParsingException(String msg) {
- super(msg);
- i18nMessage = msg;
- }
-
- public ParsingException(int line, String msg) {
- super("line " + line + ": " + msg);
- MessageFormat form = new MessageFormat
- (ResourcesMgr.getString("line number: msg"));
- Object[] source = {Integer.valueOf(line), msg};
- i18nMessage = form.format(source);
- }
-
- public ParsingException(int line, String expect, String actual) {
- super("line " + line + ": expected [" + expect +
- "], found [" + actual + "]");
- MessageFormat form = new MessageFormat(ResourcesMgr.getString
- ("line number: expected [expect], found [actual]"));
- Object[] source = {Integer.valueOf(line), expect, actual};
- i18nMessage = form.format(source);
- }
-
- public String getLocalizedMessage() {
- return i18nMessage;
- }
- }
-
- public static void main(String arg[]) throws Exception {
- try (FileReader fileReader = new FileReader(arg[0]);
- FileWriter fr = new FileWriter(arg[1])) {
- PolicyParser pp = new PolicyParser(true);
- pp.read(fileReader);
- pp.write(fr);
- }
- }
-}
diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/PolicyUtil.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/PolicyUtil.java
deleted file mode 100644
index 7e94490..0000000
--- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/PolicyUtil.java
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
- * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v. 2.0, which is available at
- * http://www.eclipse.org/legal/epl-2.0.
- *
- * This Source Code may also be made available under the following Secondary
- * Licenses when the conditions for such availability set forth in the
- * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
- * version 2 with the GNU Classpath Exception, which is available at
- * https://www.gnu.org/software/classpath/license.html.
- *
- * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
- */
-
-package com.sun.enterprise.security.provider;
-
-import java.io.*;
-import java.net.*;
-import java.security.*;
-import java.util.Arrays;
-
-import sun.net.www.ParseUtil;
-import sun.security.util.Debug;
-import sun.security.util.Password;
-
-
-/**
- * A utility class for getting a KeyStore instance from policy information.
- * In addition, a supporting getInputStream method.
- *
- * @version 1.2
- */
-public class PolicyUtil {
-
- // standard PKCS11 KeyStore type
- private static final String P11KEYSTORE = "PKCS11";
-
- // reserved word
- private static final String NONE = "NONE";
-
- /*
- * Fast path reading from file urls in order to avoid calling
- * FileURLConnection.connect() which can be quite slow the first time
- * it is called. We really should clean up FileURLConnection so that
- * this is not a problem but in the meantime this fix helps reduce
- * start up time noticeably for the new launcher. -- DAC
- */
- public static InputStream getInputStream(URL url) throws IOException {
- if ("file".equals(url.getProtocol())) {
- String path = url.getFile().replace('/', File.separatorChar);
- path = ParseUtil.decode(path);
- return new FileInputStream(path);
- } else {
- return url.openStream();
- }
- }
-
- /**
- * this is intended for use by policytool and the policy parser to
- * instantiate a KeyStore from the information in the GUI/policy file
- */
- public static KeyStore getKeyStore
- (URL policyUrl, // URL of policy file
- String keyStoreName, // input: keyStore URL
- String keyStoreType, // input: keyStore type
- String keyStoreProvider, // input: keyStore provider
- String storePassURL, // input: keyStore password
- Debug debug)
- throws KeyStoreException, MalformedURLException, IOException,
- NoSuchProviderException, NoSuchAlgorithmException,
- java.security.cert.CertificateException {
-
- if (keyStoreName == null) {
- throw new IllegalArgumentException("null KeyStore name");
- }
-
- char[] keyStorePassword = null;
- try {
- KeyStore ks;
- if (keyStoreType == null) {
- keyStoreType = KeyStore.getDefaultType();
- }
-
- if (P11KEYSTORE.equalsIgnoreCase(keyStoreType) &&
- !NONE.equals(keyStoreName)) {
- throw new IllegalArgumentException
- ("Invalid value (" +
- keyStoreName +
- ") for keystore URL. If the keystore type is \"" +
- P11KEYSTORE +
- "\", the keystore url must be \"" +
- NONE +
- "\"");
- }
-
- if (keyStoreProvider != null) {
- ks = KeyStore.getInstance(keyStoreType, keyStoreProvider);
- } else {
- ks = KeyStore.getInstance(keyStoreType);
- }
-
- if (storePassURL != null) {
- URL passURL;
- try {
- passURL = new URL(storePassURL);
- // absolute URL
- } catch (MalformedURLException e) {
- // relative URL
- if (policyUrl == null) {
- throw e;
- }
- passURL = new URL(policyUrl, storePassURL);
- }
-
- if (debug != null) {
- debug.println("reading password"+passURL);
- }
-
- InputStream in = passURL.openStream();
- keyStorePassword = Password.readPassword(in);
- in.close();
- }
-
- if (NONE.equals(keyStoreName)) {
- ks.load(null, keyStorePassword);
- return ks;
- } else {
- /*
- * location of keystore is specified as absolute URL in policy
- * file, or is relative to URL of policy file
- */
- URL keyStoreUrl = null;
- try {
- keyStoreUrl = new URL(keyStoreName);
- // absolute URL
- } catch (MalformedURLException e) {
- // relative URL
- if (policyUrl == null) {
- throw e;
- }
- keyStoreUrl = new URL(policyUrl, keyStoreName);
- }
-
- if (debug != null) {
- debug.println("reading keystore"+keyStoreUrl);
- }
-
- InputStream inStream = null;
- try {
- inStream = new BufferedInputStream(getInputStream(keyStoreUrl));
- ks.load(inStream, keyStorePassword);
- } finally {
- inStream.close();
- }
-
- return ks;
- }
- } finally {
- if (keyStorePassword != null) {
- Arrays.fill(keyStorePassword, ' ');
- }
- }
- }
-}
diff --git a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/PolicyWrapper.java b/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/PolicyWrapper.java
deleted file mode 100644
index 06c2a4f..0000000
--- a/appserver/security/core-ee/src/main/java/com/sun/enterprise/security/provider/PolicyWrapper.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 1997, 2018 Oracle and/or its affiliates. All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v. 2.0, which is available at
- * http://www.eclipse.org/legal/epl-2.0.
- *
- * This Source Code may also be made available under the following Secondary
- * Licenses when the conditions for such availability set forth in the
- * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
- * version 2 with the GNU Classpath Exception, which is available at
- * https://www.gnu.org/software/classpath/license.html.
- *
- * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
- */
-
-/*
- * PolicyWrapper.java
- *
- * @author Harpreet Singh (harpreet.singh@sun.com)
- * @author Ron Monzillo
- * @version
-5B
- * Created on May 23, 2002, 1:56 PM
- */
-
-package com.sun.enterprise.security.provider;
-
-/**
- * This class is a wrapper around the default jdk policy file
- * implementation. PolicyWrapper is installed as the JRE policy object
- * It multiplexes policy decisions to the context specific instance of
- * com.sun.enterprise.security.provider.PolicyFile.
- * Although this Policy provider is implemented using another Policy class,
- * this class is not a "delegating Policy provider" as defined by JACC, and
- * as such it SHOULD not be configured using the JACC system property
- * jakarta.security.jacc.policy.provider.
- * @author Harpreet Singh (harpreet.singh@sun.com)
- * @author Jean-Francois Arcand
- * @author Ron Monzillo
- *
- */
-public class PolicyWrapper extends BasePolicyWrapper {
-
- // override to change the implementation of PolicyFile
- /** gets the underlying PolicyFile implementation
- * can be overridden by Subclass
- */
- @Override
- protected java.security.Policy getNewPolicy() {
- return (java.security.Policy) new sun.security.provider.PolicyFile();
- }
-}
-
diff --git a/appserver/tests/amx/src/org/glassfish/admin/amxtest/config/JACCProviderConfigTest.java b/appserver/tests/amx/src/org/glassfish/admin/amxtest/config/JACCProviderConfigTest.java
index f4ccc9d..28d1d52 100644
--- a/appserver/tests/amx/src/org/glassfish/admin/amxtest/config/JACCProviderConfigTest.java
+++ b/appserver/tests/amx/src/org/glassfish/admin/amxtest/config/JACCProviderConfigTest.java
@@ -28,8 +28,8 @@
*/
public final class JACCProviderConfigTest
extends ConfigMgrTestBase {
- static final String PROVIDER = "com.sun.enterprise.security.provider.PolicyWrapper";
- static final String PROVIDER_FACTORY = "com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl";
+ static final String PROVIDER = "com.sun.enterprise.security.jacc.provider.SimplePolicyProvider";
+ static final String PROVIDER_FACTORY = "com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory";
static final Map<String, String> RESERVED = null;
public JACCProviderConfigTest() {
diff --git a/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v2domain.xml b/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v2domain.xml
index 0bc1235..4755fa7 100644
--- a/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v2domain.xml
+++ b/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v2domain.xml
@@ -137,7 +137,7 @@
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
</auth-realm>
- <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper">
+ <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.Audit" name="default">
@@ -283,7 +283,7 @@
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
</auth-realm>
- <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper">
+ <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.Audit" name="default">
@@ -435,7 +435,7 @@
<property name="jaas-context" value="fileRealm"/>
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"/>
- <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper">
+ <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.Audit" name="default">
@@ -586,7 +586,7 @@
<property name="jaas-context" value="fileRealm"/>
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"/>
- <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper">
+ <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.Audit" name="default">
diff --git a/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v3_0_1domain.xml b/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v3_0_1domain.xml
index 39da184..c212150 100644
--- a/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v3_0_1domain.xml
+++ b/appserver/tests/appserv-tests/devtests/admin/cli/resources/configs/v3_0_1domain.xml
@@ -101,7 +101,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/appserver/tests/appserv-tests/devtests/security/container-auth/testConfig/domain.xml b/appserver/tests/appserv-tests/devtests/security/container-auth/testConfig/domain.xml
index 1abdee7..3b2cd7c 100644
--- a/appserver/tests/appserv-tests/devtests/security/container-auth/testConfig/domain.xml
+++ b/appserver/tests/appserv-tests/devtests/security/container-auth/testConfig/domain.xml
@@ -132,7 +132,7 @@
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
</auth-realm>
- <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper">
+ <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.Audit" name="default">
diff --git a/appserver/tests/embedded/web/web-api/src/main/resources/org/glassfish/tests/webapi/domain.xml b/appserver/tests/embedded/web/web-api/src/main/resources/org/glassfish/tests/webapi/domain.xml
index 3d9e3f0..dbe2004 100644
--- a/appserver/tests/embedded/web/web-api/src/main/resources/org/glassfish/tests/webapi/domain.xml
+++ b/appserver/tests/embedded/web/web-api/src/main/resources/org/glassfish/tests/webapi/domain.xml
@@ -87,7 +87,7 @@
<property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default">
+ <jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default">
<property value="${com.sun.aas.instanceRoot}/generated/policy" name="repository" />
</jacc-provider>
<jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" />
diff --git a/appserver/tests/v2-tests/appserv-tests/devtests/admin/framework/testfiles/test.xml b/appserver/tests/v2-tests/appserv-tests/devtests/admin/framework/testfiles/test.xml
index e762504..21398c9 100755
--- a/appserver/tests/v2-tests/appserv-tests/devtests/admin/framework/testfiles/test.xml
+++ b/appserver/tests/v2-tests/appserv-tests/devtests/admin/framework/testfiles/test.xml
@@ -133,7 +133,7 @@
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
</auth-realm>
- <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper">
+ <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.Audit" name="default">
@@ -280,7 +280,7 @@
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
</auth-realm>
- <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper">
+ <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.Audit" name="default">
diff --git a/appserver/tests/v2-tests/appserv-tests/devtests/admin/offlineconfig/testfiles/domain.xml b/appserver/tests/v2-tests/appserv-tests/devtests/admin/offlineconfig/testfiles/domain.xml
index 8a9a0cb..d44d1f0 100644
--- a/appserver/tests/v2-tests/appserv-tests/devtests/admin/offlineconfig/testfiles/domain.xml
+++ b/appserver/tests/v2-tests/appserv-tests/devtests/admin/offlineconfig/testfiles/domain.xml
@@ -129,7 +129,7 @@
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
</auth-realm>
- <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper">
+ <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.Audit" name="default">
@@ -263,7 +263,7 @@
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
</auth-realm>
- <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper">
+ <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.Audit" name="default">
diff --git a/appserver/tests/v2-tests/appserv-tests/devtests/appserv-commons/com/sun/enterprise/config/domain.orig.xml b/appserver/tests/v2-tests/appserv-tests/devtests/appserv-commons/com/sun/enterprise/config/domain.orig.xml
index 2a35318..3564158 100755
--- a/appserver/tests/v2-tests/appserv-tests/devtests/appserv-commons/com/sun/enterprise/config/domain.orig.xml
+++ b/appserver/tests/v2-tests/appserv-tests/devtests/appserv-commons/com/sun/enterprise/config/domain.orig.xml
@@ -115,7 +115,7 @@
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm">
</auth-realm>
- <jacc-provider name="default" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider name="default" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
</jacc-provider>
<audit-module name="default" classname="com.sun.enterprise.security.Audit">
@@ -219,7 +219,7 @@
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm">
</auth-realm>
- <jacc-provider name="default" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider name="default" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
</jacc-provider>
<audit-module name="default" classname="com.sun.enterprise.security.Audit">
diff --git a/docs/reference-manual/src/main/jbake/content/create-jacc-provider.adoc b/docs/reference-manual/src/main/jbake/content/create-jacc-provider.adoc
index 9004149..1e0a90f 100644
--- a/docs/reference-manual/src/main/jbake/content/create-jacc-provider.adoc
+++ b/docs/reference-manual/src/main/jbake/content/create-jacc-provider.adoc
@@ -123,8 +123,8 @@
[source,oac_no_warn]
----
asadmin> create-jacc-provider
---policyproviderclass com.sun.enterprise.security.provider.PolicyWrapper
---policyconfigfactoryclass com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl
+--policyproviderclass com.sun.enterprise.security.jacc.provider.SimplePolicyProvider
+--policyconfigfactoryclass com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory
testJACC
Command create-jacc-provider executed successfully.
diff --git a/docs/security-guide/src/main/jbake/content/system-security.adoc b/docs/security-guide/src/main/jbake/content/system-security.adoc
index 22078c8..a13dd20 100644
--- a/docs/security-guide/src/main/jbake/content/system-security.adoc
+++ b/docs/security-guide/src/main/jbake/content/system-security.adoc
@@ -2205,7 +2205,7 @@
[source,oac_no_warn]
----
asadmin> create-jacc-provider
- --policyproviderclass com.sun.enterprise.security.provider.PolicyWrapper
+ --policyproviderclass com.sun.enterprise.security.jacc.provider.SimplePolicyProvider
--policyconfigfactoryclass com.sun.enterprise.security.provider.PolicyCon
figurationFactoryImpl
testJACC
diff --git a/nucleus/admin/config-api/src/main/java/org/glassfish/config/support/DefaultConfigUpgrade.java b/nucleus/admin/config-api/src/main/java/org/glassfish/config/support/DefaultConfigUpgrade.java
index 8a26f9f..b6c8033 100644
--- a/nucleus/admin/config-api/src/main/java/org/glassfish/config/support/DefaultConfigUpgrade.java
+++ b/nucleus/admin/config-api/src/main/java/org/glassfish/config/support/DefaultConfigUpgrade.java
@@ -529,7 +529,7 @@
* <property name="jaas-context" value="fileRealm"/>
* </auth-realm>
* <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"/>
- * <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ * <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
* <property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
* </jacc-provider>
* <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"/>
@@ -654,7 +654,7 @@
/* Loop through all jacc-provider elements in the template and create JaccProvider config objects.
* Cursor should already be at first jacc-provider START_ELEMENT.
* from template:
- * <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ * <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
* <property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
* </jacc-provider>
* <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"/>
diff --git a/nucleus/admin/config-api/src/test/resources/ClusterDomain.xml b/nucleus/admin/config-api/src/test/resources/ClusterDomain.xml
index badb4bc..b9b9aeb 100644
--- a/nucleus/admin/config-api/src/test/resources/ClusterDomain.xml
+++ b/nucleus/admin/config-api/src/test/resources/ClusterDomain.xml
@@ -50,7 +50,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -177,7 +177,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -304,7 +304,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/nucleus/admin/config-api/src/test/resources/DomainTest.xml b/nucleus/admin/config-api/src/test/resources/DomainTest.xml
index 01c8dee..73adfb2 100644
--- a/nucleus/admin/config-api/src/test/resources/DomainTest.xml
+++ b/nucleus/admin/config-api/src/test/resources/DomainTest.xml
@@ -76,7 +76,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/nucleus/admin/config-api/src/test/resources/parser/c1i1.xml b/nucleus/admin/config-api/src/test/resources/parser/c1i1.xml
index dc0dd60..881ff60 100644
--- a/nucleus/admin/config-api/src/test/resources/parser/c1i1.xml
+++ b/nucleus/admin/config-api/src/test/resources/parser/c1i1.xml
@@ -96,7 +96,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -221,7 +221,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -352,7 +352,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -483,7 +483,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -614,7 +614,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -745,7 +745,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -876,7 +876,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/nucleus/admin/config-api/src/test/resources/parser/c1i1c1i2.xml b/nucleus/admin/config-api/src/test/resources/parser/c1i1c1i2.xml
index 0f2c68d..1971902 100644
--- a/nucleus/admin/config-api/src/test/resources/parser/c1i1c1i2.xml
+++ b/nucleus/admin/config-api/src/test/resources/parser/c1i1c1i2.xml
@@ -107,7 +107,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -232,7 +232,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -363,7 +363,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -494,7 +494,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -625,7 +625,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -756,7 +756,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -887,7 +887,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/nucleus/admin/config-api/src/test/resources/parser/i1.xml b/nucleus/admin/config-api/src/test/resources/parser/i1.xml
index 8db57d7..14af053 100644
--- a/nucleus/admin/config-api/src/test/resources/parser/i1.xml
+++ b/nucleus/admin/config-api/src/test/resources/parser/i1.xml
@@ -74,7 +74,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -199,7 +199,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -330,7 +330,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/nucleus/admin/config-api/src/test/resources/parser/i1i2.xml b/nucleus/admin/config-api/src/test/resources/parser/i1i2.xml
index 50483d8..6c05f84 100644
--- a/nucleus/admin/config-api/src/test/resources/parser/i1i2.xml
+++ b/nucleus/admin/config-api/src/test/resources/parser/i1i2.xml
@@ -85,7 +85,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -210,7 +210,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -341,7 +341,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -472,7 +472,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/nucleus/admin/config-api/src/test/resources/parser/noconfigfori1.xml b/nucleus/admin/config-api/src/test/resources/parser/noconfigfori1.xml
index f78ba3b..32f8c12 100644
--- a/nucleus/admin/config-api/src/test/resources/parser/noconfigfori1.xml
+++ b/nucleus/admin/config-api/src/test/resources/parser/noconfigfori1.xml
@@ -74,7 +74,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -199,7 +199,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
@@ -330,7 +330,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/nucleus/admin/config-api/src/test/resources/parser/stock.xml b/nucleus/admin/config-api/src/test/resources/parser/stock.xml
index f59a4f6..89a454e 100644
--- a/nucleus/admin/config-api/src/test/resources/parser/stock.xml
+++ b/nucleus/admin/config-api/src/test/resources/parser/stock.xml
@@ -84,7 +84,7 @@
<property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default">
+ <jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default">
<property value="${com.sun.aas.instanceRoot}/generated/policy" name="repository" />
</jacc-provider>
<jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" />
@@ -241,7 +241,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/nucleus/admin/launcher/src/test/resources/domains/baddomain/config/domain.xml b/nucleus/admin/launcher/src/test/resources/domains/baddomain/config/domain.xml
index 831c40f..a104496 100644
--- a/nucleus/admin/launcher/src/test/resources/domains/baddomain/config/domain.xml
+++ b/nucleus/admin/launcher/src/test/resources/domains/baddomain/config/domain.xml
@@ -98,7 +98,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
diff --git a/nucleus/admin/launcher/src/test/resources/domains/domain1/config/domain.xml b/nucleus/admin/launcher/src/test/resources/domains/domain1/config/domain.xml
index 196774a..5b1e42c 100644
--- a/nucleus/admin/launcher/src/test/resources/domains/domain1/config/domain.xml
+++ b/nucleus/admin/launcher/src/test/resources/domains/domain1/config/domain.xml
@@ -97,7 +97,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
diff --git a/nucleus/admin/launcher/src/test/resources/domains/domain2/config/domain.xml b/nucleus/admin/launcher/src/test/resources/domains/domain2/config/domain.xml
index e9739fc..685b06e 100644
--- a/nucleus/admin/launcher/src/test/resources/domains/domain2/config/domain.xml
+++ b/nucleus/admin/launcher/src/test/resources/domains/domain2/config/domain.xml
@@ -99,7 +99,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
diff --git a/nucleus/admin/launcher/src/test/resources/domains/domain3/config/domain.xml b/nucleus/admin/launcher/src/test/resources/domains/domain3/config/domain.xml
index 59790a0..d426b9b 100644
--- a/nucleus/admin/launcher/src/test/resources/domains/domain3/config/domain.xml
+++ b/nucleus/admin/launcher/src/test/resources/domains/domain3/config/domain.xml
@@ -97,7 +97,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
diff --git a/nucleus/admin/launcher/src/test/resources/domains/domainNoLog/config/domain.xml b/nucleus/admin/launcher/src/test/resources/domains/domainNoLog/config/domain.xml
index 94f5337..2b0459f 100644
--- a/nucleus/admin/launcher/src/test/resources/domains/domainNoLog/config/domain.xml
+++ b/nucleus/admin/launcher/src/test/resources/domains/domainNoLog/config/domain.xml
@@ -94,7 +94,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
diff --git a/nucleus/admin/template/src/main/resources/config/domain.xml b/nucleus/admin/template/src/main/resources/config/domain.xml
index 6ca7381..b8b57a9 100644
--- a/nucleus/admin/template/src/main/resources/config/domain.xml
+++ b/nucleus/admin/template/src/main/resources/config/domain.xml
@@ -80,7 +80,7 @@
<property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default">
+ <jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default">
<property value="${com.sun.aas.instanceRoot}/generated/policy" name="repository" />
</jacc-provider>
<jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" />
@@ -238,7 +238,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/nucleus/common/common-util/src/test/resources/adminport.xml b/nucleus/common/common-util/src/test/resources/adminport.xml
index bb920d6..1228fec 100644
--- a/nucleus/common/common-util/src/test/resources/adminport.xml
+++ b/nucleus/common/common-util/src/test/resources/adminport.xml
@@ -97,7 +97,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
diff --git a/nucleus/common/common-util/src/test/resources/adminport2.xml b/nucleus/common/common-util/src/test/resources/adminport2.xml
index c542476..8abb16f 100644
--- a/nucleus/common/common-util/src/test/resources/adminport2.xml
+++ b/nucleus/common/common-util/src/test/resources/adminport2.xml
@@ -84,7 +84,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
diff --git a/nucleus/common/common-util/src/test/resources/big.xml b/nucleus/common/common-util/src/test/resources/big.xml
index aa3d368..df4f58c 100644
--- a/nucleus/common/common-util/src/test/resources/big.xml
+++ b/nucleus/common/common-util/src/test/resources/big.xml
@@ -88,7 +88,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/nucleus/common/common-util/src/test/resources/clusters1.xml b/nucleus/common/common-util/src/test/resources/clusters1.xml
index eac0e1d..094cef7 100644
--- a/nucleus/common/common-util/src/test/resources/clusters1.xml
+++ b/nucleus/common/common-util/src/test/resources/clusters1.xml
@@ -119,7 +119,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider>
@@ -278,7 +278,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider>
@@ -444,7 +444,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider>
@@ -610,7 +610,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider>
@@ -776,7 +776,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider>
@@ -942,7 +942,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider>
diff --git a/nucleus/common/common-util/src/test/resources/hasprofiler.xml b/nucleus/common/common-util/src/test/resources/hasprofiler.xml
index 8b3bf40..fb45a61 100644
--- a/nucleus/common/common-util/src/test/resources/hasprofiler.xml
+++ b/nucleus/common/common-util/src/test/resources/hasprofiler.xml
@@ -98,7 +98,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
diff --git a/nucleus/common/common-util/src/test/resources/manysysprops.xml b/nucleus/common/common-util/src/test/resources/manysysprops.xml
index b6bb320..59ef69f 100644
--- a/nucleus/common/common-util/src/test/resources/manysysprops.xml
+++ b/nucleus/common/common-util/src/test/resources/manysysprops.xml
@@ -124,7 +124,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider>
@@ -283,7 +283,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider>
@@ -452,7 +452,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider>
@@ -618,7 +618,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider>
@@ -784,7 +784,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider>
@@ -950,7 +950,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory"></jacc-provider>
diff --git a/nucleus/common/common-util/src/test/resources/monitoringFalse.xml b/nucleus/common/common-util/src/test/resources/monitoringFalse.xml
index 30efb6e..d33b737 100644
--- a/nucleus/common/common-util/src/test/resources/monitoringFalse.xml
+++ b/nucleus/common/common-util/src/test/resources/monitoringFalse.xml
@@ -88,7 +88,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/nucleus/common/common-util/src/test/resources/monitoringNone.xml b/nucleus/common/common-util/src/test/resources/monitoringNone.xml
index 0680843..64a614e 100644
--- a/nucleus/common/common-util/src/test/resources/monitoringNone.xml
+++ b/nucleus/common/common-util/src/test/resources/monitoringNone.xml
@@ -88,7 +88,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/nucleus/common/common-util/src/test/resources/monitoringTrue.xml b/nucleus/common/common-util/src/test/resources/monitoringTrue.xml
index 9095d48..4d05d72 100644
--- a/nucleus/common/common-util/src/test/resources/monitoringTrue.xml
+++ b/nucleus/common/common-util/src/test/resources/monitoringTrue.xml
@@ -88,7 +88,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" />
diff --git a/nucleus/common/common-util/src/test/resources/noconfig.xml b/nucleus/common/common-util/src/test/resources/noconfig.xml
index e9ba437..9d94831 100644
--- a/nucleus/common/common-util/src/test/resources/noconfig.xml
+++ b/nucleus/common/common-util/src/test/resources/noconfig.xml
@@ -97,7 +97,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
diff --git a/nucleus/common/common-util/src/test/resources/nodomainname.xml b/nucleus/common/common-util/src/test/resources/nodomainname.xml
index 9f799d7..edc6142 100644
--- a/nucleus/common/common-util/src/test/resources/nodomainname.xml
+++ b/nucleus/common/common-util/src/test/resources/nodomainname.xml
@@ -98,7 +98,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
diff --git a/nucleus/common/common-util/src/test/resources/olddomain.xml b/nucleus/common/common-util/src/test/resources/olddomain.xml
index f67045d..84c72bc 100644
--- a/nucleus/common/common-util/src/test/resources/olddomain.xml
+++ b/nucleus/common/common-util/src/test/resources/olddomain.xml
@@ -71,7 +71,7 @@
<property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default">
+ <jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default">
<property value="${com.sun.aas.instanceRoot}/generated/policy" name="repository" />
</jacc-provider>
<jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" />
diff --git a/nucleus/common/common-util/src/test/resources/rightorder.xml b/nucleus/common/common-util/src/test/resources/rightorder.xml
index 1a403da..15a6dbb 100644
--- a/nucleus/common/common-util/src/test/resources/rightorder.xml
+++ b/nucleus/common/common-util/src/test/resources/rightorder.xml
@@ -98,7 +98,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
diff --git a/nucleus/common/common-util/src/test/resources/rightordernoclosedomain.xml b/nucleus/common/common-util/src/test/resources/rightordernoclosedomain.xml
index 3718b91..5fd9cbf 100644
--- a/nucleus/common/common-util/src/test/resources/rightordernoclosedomain.xml
+++ b/nucleus/common/common-util/src/test/resources/rightordernoclosedomain.xml
@@ -143,7 +143,7 @@
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm">
</auth-realm>
- <jacc-provider name="default" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider name="default" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
</jacc-provider>
<audit-module name="default" classname="com.sun.enterprise.security.ee.Audit">
diff --git a/nucleus/common/common-util/src/test/resources/v2domain.xml b/nucleus/common/common-util/src/test/resources/v2domain.xml
index 752a564..95d72fd 100644
--- a/nucleus/common/common-util/src/test/resources/v2domain.xml
+++ b/nucleus/common/common-util/src/test/resources/v2domain.xml
@@ -133,7 +133,7 @@
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
</auth-realm>
- <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper">
+ <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
diff --git a/nucleus/common/common-util/src/test/resources/wrongorder.xml b/nucleus/common/common-util/src/test/resources/wrongorder.xml
index 4cacb95..c633df1 100644
--- a/nucleus/common/common-util/src/test/resources/wrongorder.xml
+++ b/nucleus/common/common-util/src/test/resources/wrongorder.xml
@@ -85,7 +85,7 @@
<property name="jaas-context" value="fileRealm" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
diff --git a/nucleus/common/common-util/src/test/resources/wrongordernoclosedomain.xml b/nucleus/common/common-util/src/test/resources/wrongordernoclosedomain.xml
index 66677b4..2f88fc0 100644
--- a/nucleus/common/common-util/src/test/resources/wrongordernoclosedomain.xml
+++ b/nucleus/common/common-util/src/test/resources/wrongordernoclosedomain.xml
@@ -130,7 +130,7 @@
</auth-realm>
<auth-realm name="certificate" classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm">
</auth-realm>
- <jacc-provider name="default" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider name="default" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
</jacc-provider>
<audit-module name="default" classname="com.sun.enterprise.security.ee.Audit">
diff --git a/nucleus/core/kernel/src/main/resources/org/glassfish/embed/domain.xml b/nucleus/core/kernel/src/main/resources/org/glassfish/embed/domain.xml
index 76db7d7..57f0a72 100644
--- a/nucleus/core/kernel/src/main/resources/org/glassfish/embed/domain.xml
+++ b/nucleus/core/kernel/src/main/resources/org/glassfish/embed/domain.xml
@@ -90,7 +90,7 @@
<property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
- <jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default">
+ <jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default">
<property value="${com.sun.aas.instanceRoot}/generated/policy" name="repository" />
</jacc-provider>
<jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" />
diff --git a/nucleus/core/kernel/src/test/resources/DomainTest.xml b/nucleus/core/kernel/src/test/resources/DomainTest.xml
index 8d798cf..76ff4f4 100644
--- a/nucleus/core/kernel/src/test/resources/DomainTest.xml
+++ b/nucleus/core/kernel/src/test/resources/DomainTest.xml
@@ -39,7 +39,7 @@
<property name="jaas-context" value="fileRealm"></property>
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate"></auth-realm>
- <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
<property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"></property>
</jacc-provider>
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
diff --git a/nucleus/core/logging/src/test/resources/com/sun/enterprise/server/logging/parser/odl-server.log b/nucleus/core/logging/src/test/resources/com/sun/enterprise/server/logging/parser/odl-server.log
index aaf3643..eb6dc8b 100644
--- a/nucleus/core/logging/src/test/resources/com/sun/enterprise/server/logging/parser/odl-server.log
+++ b/nucleus/core/logging/src/test/resources/com/sun/enterprise/server/logging/parser/odl-server.log
@@ -15,7 +15,7 @@
[2012-10-19T15:33:27.610-0400] [AS] [NOTIFICATION] [] [null] [tid: _ThreadID=1 _ThreadName=main] [timeMillis: 1350675207610] [levelValue: 800] this.makeModuleFor(org.glassfish.web.javax.el, null) returned OSGiModuleImpl:: Bundle = [org.glassfish.web.javax.el [116]], State = [READY]
[2012-10-19T15:33:27.885-0400] [AS] [NOTIFICATION] [security.secmgroff] [javax.enterprise.system.core.security.com.sun.enterprise.security] [tid: _ThreadID=1 _ThreadName=main] [timeMillis: 1350675207885] [levelValue: 800] SEC1002: Security Manager is OFF.
[2012-10-19T15:33:27.886-0400] [AS] [NOTIFICATION] [sec.service.startup.enter] [javax.enterprise.system.core.security.com.sun.enterprise.security] [tid: _ThreadID=1 _ThreadName=main] [timeMillis: 1350675207886] [levelValue: 800] SEC1010: Entering Security Startup Service
-[2012-10-19T15:33:27.889-0400] [AS] [NOTIFICATION] [policy.loading] [javax.enterprise.system.core.security.com.sun.enterprise.security] [tid: _ThreadID=1 _ThreadName=main] [timeMillis: 1350675207889] [levelValue: 800] SEC1143: Loading policy provider com.sun.enterprise.security.provider.PolicyWrapper.
+[2012-10-19T15:33:27.889-0400] [AS] [NOTIFICATION] [policy.loading] [javax.enterprise.system.core.security.com.sun.enterprise.security] [tid: _ThreadID=1 _ThreadName=main] [timeMillis: 1350675207889] [levelValue: 800] SEC1143: Loading policy provider com.sun.enterprise.security.jacc.provider.SimplePolicyProvider.
[2012-10-19T15:33:27.915-0400] [AS] [NOTIFICATION] [sec.service.startup.exit] [javax.enterprise.system.core.security.com.sun.enterprise.security] [tid: _ThreadID=1 _ThreadName=main] [timeMillis: 1350675207915] [levelValue: 800] SEC1011: Security Service(s) Started Successfully
[2012-10-19T15:33:27.916-0400] [AS] [NOTIFICATION] [] [null] [tid: _ThreadID=1 _ThreadName=main] [timeMillis: 1350675207916] [levelValue: 800] Snifer com.sun.enterprise.security.ee.SecuritySniffer@389278a3 set up following modules: null
[2012-10-19T15:33:27.942-0400] [AS] [NOTIFICATION] [] [null] [tid: _ThreadID=1 _ThreadName=main] [timeMillis: 1350675207942] [levelValue: 800] Snifer org.glassfish.web.sniffer.WebSniffer@1ccb7 set up following modules: [OSGiModuleImpl:: Bundle = [org.glassfish.main.web.glue [190]], State = [READY], OSGiModuleImpl:: Bundle = [org.glassfish.web.javax.servlet.jsp [163]], State = [READY], OSGiModuleImpl:: Bundle = [org.glassfish.web.javax.el [116]], State = [READY]]
diff --git a/nucleus/core/logging/src/test/resources/com/sun/enterprise/server/logging/parser/uniform-server.log b/nucleus/core/logging/src/test/resources/com/sun/enterprise/server/logging/parser/uniform-server.log
index 039bcba..a23de09 100644
--- a/nucleus/core/logging/src/test/resources/com/sun/enterprise/server/logging/parser/uniform-server.log
+++ b/nucleus/core/logging/src/test/resources/com/sun/enterprise/server/logging/parser/uniform-server.log
@@ -122,7 +122,7 @@
[#|2012-10-19T15:27:30.058-0400|INFO|44.0|javax.enterprise.system.core.security.com.sun.enterprise.security|_ThreadID=72;_ThreadName=Thread-12;_TimeMillis=1350674850058;_LevelValue=800;_MessageID=sec.service.startup.enter;|SEC1010: Entering Security Startup Service|#]
-[#|2012-10-19T15:27:30.061-0400|INFO|44.0|javax.enterprise.system.core.security.com.sun.enterprise.security|_ThreadID=72;_ThreadName=Thread-12;_TimeMillis=1350674850061;_LevelValue=800;_MessageID=policy.loading;|SEC1143: Loading policy provider com.sun.enterprise.security.provider.PolicyWrapper.|#]
+[#|2012-10-19T15:27:30.061-0400|INFO|44.0|javax.enterprise.system.core.security.com.sun.enterprise.security|_ThreadID=72;_ThreadName=Thread-12;_TimeMillis=1350674850061;_LevelValue=800;_MessageID=policy.loading;|SEC1143: Loading policy provider com.sun.enterprise.security.jacc.provider.SimplePolicyProvider.|#]
[#|2012-10-19T15:27:30.140-0400|INFO|44.0|javax.enterprise.system.core.security.com.sun.enterprise.security|_ThreadID=72;_ThreadName=Thread-12;_TimeMillis=1350674850140;_LevelValue=800;_MessageID=sec.service.startup.exit;|SEC1011: Security Service(s) Started Successfully|#]
diff --git a/nucleus/security/core/src/main/java/com/sun/enterprise/security/cli/CreateJACCProvider.java b/nucleus/security/core/src/main/java/com/sun/enterprise/security/cli/CreateJACCProvider.java
index 427a331..dcb889e 100644
--- a/nucleus/security/core/src/main/java/com/sun/enterprise/security/cli/CreateJACCProvider.java
+++ b/nucleus/security/core/src/main/java/com/sun/enterprise/security/cli/CreateJACCProvider.java
@@ -57,7 +57,7 @@
*
*
* domain.xml element example
- * <jacc-provider policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl">
+ * <jacc-provider policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="default" policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory">
* <property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy" />
* </jacc-provider>
*
diff --git a/nucleus/security/core/src/main/manpages/com/sun/enterprise/security/cli/create-jacc-provider.1 b/nucleus/security/core/src/main/manpages/com/sun/enterprise/security/cli/create-jacc-provider.1
index ca6f480..c0b2e9e 100644
--- a/nucleus/security/core/src/main/manpages/com/sun/enterprise/security/cli/create-jacc-provider.1
+++ b/nucleus/security/core/src/main/manpages/com/sun/enterprise/security/cli/create-jacc-provider.1
@@ -95,8 +95,8 @@
testJACC on the default server target.
asadmin> create-jacc-provider
- --policyproviderclass com.sun.enterprise.security.provider.PolicyWrapper
- --policyconfigfactoryclass com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl
+ --policyproviderclass com.sun.enterprise.security.jacc.provider.SimplePolicyProvider
+ --policyconfigfactoryclass com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory
testJACC
Command create-jacc-provider executed successfully.
