Principals are represented in OWPermissions by a string that should uniquely identify the person, device, object, or process. For example:

The special Principal strings [OWPublicPrincipal]

provides an entry point to the Java Security Manager hierarchy. It retrieves the proper OWPermissionCollection from the OWPolicyCache and returns the result of any evaluation.

Principals are a container for OWPermissions. They take care combining the permissions of all the Principals of a Subject during evaluation. Each secured object has an OWPermissionCollection that contains the permissions for that object.

When an OWPermission collection is associated with a specific object, it is the security policy of that object. When security policies are stored in the BOM, they are stored as OWSecurityPolicy instances.

This eliminates retrieving security policies from storage each time an application checks a permission. Recently used security policies are stored in memory, greatly improving performance. The size of the cache and the maximum age of the policy data are configurable to meet application requirements. Administrative utilities may also call a method to immediately refresh a cache entry. Refer to the Oware Configuration and Administration Guide for information about memory and cache tuning.

Each server maintains its own cache, which is appropriate since each server would be serving different users and manipulating different objects.

This provides an abstraction layer so you can configure policy (permission) storage as your application needs. The following section describes how to use this feature.