All Packages  This Package  Class Hierarchy  Class Search  Index

java.lang.Object
   |
   +----glguerin.authkit.Authorization
           |
           +----glguerin.authkit.imp.plain.GrantAllAuthorization

Summary

public class  GrantAllAuthorization
     extends glguerin.authkit.Authorization
{
          // Constructors 1
     public GrantAllAuthorization();

          // Methods 13
     public void attach(byte[]);
     public void attachPrivileged();
     public void authorize(Privilege, boolean);
     public void detach(boolean);
     public Process execPrivileged(String[]);
     public int getCapabilities();
     public Date getPastGrantedDate(Privilege, int);
     public Enumeration getPastGrantedPrivileges();
     public byte[] getSecretIdentifier();
     public int getSecretLength();
     public boolean isAvailable(Privilege);
     public Privilege makeExecPrivilege(String);
     public void preauthorize(Privilege);
}

As its name implies, GrantAllAuthorization is an Authorization that grants all requests. Every call to authorize() or preauthorize() is always granted, without any user interaction or authentication of any kind. Every call to isAvailable() always returns true. This class is primarily for testing, since it doesn't enforce any restrictions at all.

The implementation of GrantAllAuthorization uses only plain Java facilities, so it is entirely platform-neutral. This has a number of consequences:

• There aren't really any underlying sessions. As a result, all instances return the same secret identifier bytes, have the same public identifier, and are effectively interchangeable. The Enumeration of past granted Privileges *IS* instance-specific, though.
• The secret identifiers have no meaning across processes. They aren't even secret, since they are always identical.
• The execPrivileged() Process doesn't really run with elevated privileges. The returned Process is simply a Runtime.exec() child-process.
• The attach() and attachPrivileged() methods always work, as long as the state is correct (newly constructed or recently detached).

Constructors

· GrantAllAuthorization

Summary  |  Top

   public GrantAllAuthorization() 

Create, unattached but willing.

   public int getCapabilities() 

Return capabilities indicating a full-featured but unprivileged Process, since it isn't actually running with any special privileges. The Process does, however, support all the Process methods and facilities.

Overrides:

getCapabilities in class Authorization

   public void authorize(Privilege toGrant, 
                         boolean interactionAllowed) 

Always grant the given Privilege.

Throws: UnauthorizedException

thrown when the requested Privilege is not granted.

Throws: IllegalArgumentException

thrown when the Privilege is malformed, or some other structural error occurs, i.e. never.

Overrides:

authorize in class Authorization

   public void preauthorize(Privilege toGrant) 

Always preauthorize the given Privilege.

Throws: UnauthorizedException

thrown when the requested Privilege is not granted.

Throws: IllegalArgumentException

thrown when the Privilege is malformed, or some other structural error occurs, i.e. never.

Overrides:

preauthorize in class Authorization

   public boolean isAvailable(Privilege toCheck) 

Is the given Privilege currently available?

This imp always returns true.

Overrides:

isAvailable in class Authorization

   public void detach(boolean revokeShared) 

Detach the "session". That is, change the state to "unattached" and clear the past granted Privileges.

Throws: UnauthorizedException

thrown when the underlying session cannot be properly discarded.

Overrides:

detach in class Authorization

   public Enumeration getPastGrantedPrivileges() 

Return an Enumeration (possibly empty, but never null) representing all past Privileges granted by authorize() or preauthorize().

Overrides:

getPastGrantedPrivileges in class Authorization

   public Date getPastGrantedDate(Privilege privilege, 
                                  int when) 

If the given Privilege was previously granted, return a Date representing the timestamp of when that last occurred.

Throws: IllegalArgumentException

thrown when some malformation or structural error occurs, or if 'when' is an invalid value.

Overrides:

getPastGrantedDate in class Authorization

   public Privilege makeExecPrivilege(String cmdName) 

Make and return a Privilege representing the right to execute a program as root.

This imp always returns a Privilege with the name "exec.root.granted" and a value of the cmdName. This is essentially meaningless, but is recognizable.

Overrides:

makeExecPrivilege in class Authorization

   public Process execPrivileged(String[] progArray) 

Execute a program as root (run under root privileges). If the privilege is denied, an UnauthorizedException is thrown and no program is executed. If authorization succeeds, a Privilege is added to the past granted Privileges.

This imp just calls Runtime.exec(), turning any IOException into an IllegalArgumentException.

The returned Process is not actually running with root privileges, unless the current process (i.e. the current program) is also running with root privileges, or it happens to be a setuid-root program. Since plain Java has no means to identify either situation, the getCapabilities() value omits HAS_PROCESS_ELEVATED.

Throws: UnauthorizedException

thrown when the necessary Privilege is not granted or preauthorized, or when the program is inaccessible or malformed.

Throws: IllegalArgumentException

thrown when some malformation or structural error occurs.

Overrides:

execPrivileged in class Authorization

   public int getSecretLength() 

Return the length of a buffer that can hold the secret session identifier.

This imp's buffer-length differs from DenyAllAuthorization or MacOSXAuthorization.

Overrides:

getSecretLength in class Authorization

   public byte[] getSecretIdentifier() 

Return a secret externalized session ID underlying this Authorization, but only when it's in the "attached" state.

This imp fills a byte[] with a fixed pattern. The pattern is always: array[n] = (byte) ~n; Needless to say, this isn't really a secret identifier.

Throws: UnauthorizedException

thrown when the session identifier cannot be externalized, i.e. never.

Overrides:

getSecretIdentifier in class Authorization

   public void attach(byte[] secretIdentifier) 

Attach this Authorization to the session identified by the given secret. This Authorization must be newly constructed, or have recently been detach()'ed.

This imp accepts any byte[]'s contents, as long as it has sufficient length.

Throws: UnauthorizedException

thrown when the session identifier cannot be internalized, i.e. never.

Throws: IllegalArgumentException

thrown when some malformation or structural error occurs.

Throws: IllegalStateException

thrown when this Authorization already represents an active session. That is, when this Authorization is not newly created or recently detach()'ed.

Overrides:

attach in class Authorization

   public void attachPrivileged() 

Does nothing, since this class fakes the entire "execute privileged" thing, and never throws an UnauthorizedException for anything. This Authorization must be newly constructed, or have recently been detach()'ed.

Throws: UnauthorizedException

thrown when there is no privileged session to reconnect to, i.e. never.

Throws: IllegalStateException

thrown when this Authorization already represents an active session. That is, when this Authorization is not newly created or recently detach()'ed.

Overrides:

attachPrivileged in class Authorization

All Packages  This Package  Class Hierarchy  Class Search  Index