24-8 Oracle Fusion Middleware Application Security Guide store.setCredentialgc_map, gc_key, gc; System.out.printlnCreated generic credential; } catch CredentialAlreadyExistsException e { ignore since credential already exists. System.out.printlnGeneric credential already exists for gc_map,gc_key; } try { no permission for pc_map2 pc_key2 to perform operation on store Credential pc2 = CredentialFactory.newPasswordCredentialpc_jode2, pc_password.toCharArray; store.setCredentialpc_map2, pc_key2, pc2; } catch Exception expected { CredentialAccess Exception expected here. Not enough permission System.out.printlnThis is expected : + expected.getLocalizedMessage; } } catch JpsException e { e.printStackTrace; } } This method performs a non-privileged operation. Either all code in the call stack must have CredentialAccessPermission OR the caller must have the CredentialAccessPermission only and invoke this operation in doPrivileged block public void doCredOperation { doOperation; } Since this method performs a privileged operation, only current class or jar containing this class needs CredentialAccessPermission public void doPrivilegedCredOperation { AccessController.doPrivilegednew PrivilegedActionString { public String run { doOperation; return done; } }; } }

24.7.2 Example 1: Java SE Application with Wallet Store

This example shows a sample Java SE application using wallet credentials, that is, a file-based provider. The example illustrates: Developing with the Credential Store Framework 24-9 ■ how the permissions are set in an xml-based policy store jazn-data-xml ■ how the configuration file is set up ■ the Java SE code jazn-data.xml File For illustration, the example uses an xml-based policy store file which has the appropriate permissions needed to access the given credential from the store. The file defines the permissions for different combinations of map name alias and key. Other combinations, or attempts to access the store beyond the permissions defined here, will be disallowed. Here the system property projectsrc.home is set to point to the directory containing the Java SE application, and clientApp.jar is the application jar file which is present in sub-directory dist. The corresponding policy grant looks like this: grant grantee codesource urlfile:{projectsrc.home}distclientApp.jarurl codesource grantee permissions permission classoracle.security.jps.service.credstore.CredentialAccessPermission class namecontext=SYSTEM,mapName=pc_map,keyName=name actionsread,writeactions permission permission classoracle.security.jps.service.credstore.CredentialAccessPermission class namecontext=SYSTEM,mapName=gc_map,keyName=gc_keyname actionswriteactions permission permissions grant Note that no permission has been granted to mapName=pc_map2,keyName=pc_key2, hence the setCredential call for this map and key combination in Section 24.7.1, Code for CSF Operations is expected to fail. jps-config-jse.xml File Note: The default policy store to which this grant is added is DOMAIN_HOMEconfigfmwconfigsystem-jazn-data.xml. Note: For the complete configuration file see the default file shipped with the distribution at DOMAIN_HOMEconfigfmwconfigjps-config-jse.xml.