javax.security.auth
Class SubjectDomainCombiner
java.lang.Object
|
+--javax.security.auth.SubjectDomainCombiner
- All Implemented Interfaces:
- java.security.DomainCombiner
- public class SubjectDomainCombiner
- extends java.lang.Object
- implements java.security.DomainCombiner
A SubjectDomainCombiner updates the
ProtectionDomains affiliated with an AccessControlContext
with the relevant Subject-based Permissions configured in the
java.security.auth.Policy.
If the Security property, cache.auth.policy,
either is not set, or if it is set to true, then this
SubjectDomainCombiner implementation caches
policy information. Otherwise, this SubjectDomainCombiner
implementation refrains from performing any caching.
The cache.auth.policy property may be set in the Security
properties file, located in the file named
<JAVA_HOME>/lib/security/java.security, where <JAVA_HOME>
refers to the directory where the SDK was installed.
- Version:
- 1.19, 01/13/00
|
Method Summary |
java.security.ProtectionDomain[] |
combine(java.security.ProtectionDomain[] currentDomains,
java.security.ProtectionDomain[] assignedDomains)
Update the provided ProtectionDomains with the relevant
Subject-based Permissions. |
Subject |
getSubject()
Get the Subject associated with this
SubjectDomainCombiner. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SubjectDomainCombiner
public SubjectDomainCombiner(Subject subject)
- Associate the provided Subject with this
SubjectDomainCombiner.
- Parameters:
subject - the Subject to be associated with
with this SubjectDomainCombiner.
getSubject
public Subject getSubject()
- Get the Subject associated with this
SubjectDomainCombiner.
- Returns:
- the Subject associated with this
SubjectDomainCombiner, or null
if no Subject is associated with this
SubjectDomainCombiner. - Throws:
java.lang.SecurityException - if the caller does not have permission
to get the Subject associated with this
SubjectDomainCombiner.
combine
public java.security.ProtectionDomain[] combine(java.security.ProtectionDomain[] currentDomains,
java.security.ProtectionDomain[] assignedDomains)
- Update the provided ProtectionDomains with the relevant
Subject-based Permissions.
For each ProtectionDomain in the
currentDomains array, this method retrieves the
Subject-based permissions granted in the Policy.
To retrieve these permissions, this method invokes the
getPermissions method from the Policy,
passing it the Subject associated with this
SubjectDomainCombiner, along with the
CodeSource associated with the respective
ProtectionDomain.
A new collection of Permissions is created from the union of the
retrieved Permissions and the original Permissions granted to that
ProtectionDomain. A new
ProtectionDomain is then instantiated
with this new collection of Permissions, as well as the
CodeSource from the original ProtectionDomain.
All of the newly instantiated ProtectionDomains are then
combined into a new array. The ProtectionDomains from the
assignedDomains array are appended to this new array,
and the result is returned.
Note that optimizations such as the removal of duplicate entries
in the array, or the removal of duplicate Permissions in a
ProtectionDomain entry may have occurred.
Also note that if caching is permitted and the relevant
Permissions were already cached, this method does not need to consult
the Policy to retrieve the Subject-based permissions.
It simply accesses the cached permissions.
- Specified by:
combine in interface java.security.DomainCombiner
- Parameters:
currentDomains - the ProtectionDomains associated with the
current execution Thread, up to the most recent
privileged ProtectionDomain.
The ProtectionDomains are are listed in order of execution,
with the most recently executing ProtectionDomain
residing at the beginning of the array. This parameter may
be null if the current execution Thread
has no associated ProtectionDomains.assignedDomains - the ProtectionDomains inherited from the
parent Thread, or the ProtectionDomains from the
privileged context, if a call to
AccessController.doPrivileged(..., context)
had occurred This parameter may be null
if there were no ProtectionDomains inherited from the
parent Thread, or from the privileged context.- Returns:
- a new array consisting of the updated ProtectionDomains,
or
null.