Basically, my implies works like this:
boolean implies( ProtectionDomain pd, Permission p ) {
return (
super.implies( pd, p ) || originalPolicy.implies( pd, p ) || configImplies( pd, p )
);
}
Right now, my implementation does not worry about exclusionary permissions.
I subclassed sun.security.provider.PolicyFile (maybe not the best idea) and use it's implies method.
When my Policy get instantiated for the first time, I save a reference to the Policy implementation that was in place before to use it's implies methods.
Finally, if neither of those mechanisms succeed, I use the PolicyConfiguration for the current context which checks against the unchecked permissions and any permissions assigned for a role which matches any of the principals associated with the ProtectionDomain.
My gut feel is that the super.implies will probably act just like the originalPolicy.implies, but right now I check both.
What I'm wondering is if they will work correctly without the granted.policy files or if I need to somehow create them or do something else.
[Message sent by forum member 'brian_of_fortent' (brian_of_fortent)]
http://forums.java.net/jive/thread.jspa?messageID=276109