Sun Java System Access Manager 7.1 Developer's Guide

How the JS2E Access Controller Works

AccessController works with the implementation to securely process application requests. In JS2E, a typical checkPermission(Permission p) method call on the AccessController class might result in the following sequence:

  1. The AccessController invokes the getPermisisons() method of the policy passing in the subject and the code source.

  2. The getPermissions() method returns a PermissionCollection class instance, which represents a collection of same types of permissions.

  3. The elements() method of the returned PermissionCollection gets called, which returns an enumeration of the permissions held in this PermissionCollection.

  4. For each of the permissions returned in the enumeration (in step 3), the perm.newPermissionCollection() method gets called to obtain the PermissionCollection used to store the permission.

  5. PermissionCollection.add(perm) gets called by the J2SE internal code to store the permission in its PermissionCollection.

  6. The AccessController calls the implies(Permission p) method of the PermissionCollection returned in step 2.

  7. Once the implies() of PermissionCollection is called, it in turn triggers the calling of implies(Permission p) of the individual permission objects contained in the PermissionCollection . These methods return true if the current permission object in the collection implies the specified permission; the methods return false the current permission object in the collection does not imply the specified permission. This outcome is implementation dependent and can be changed.