Skip navigation links

Oracle Fusion Middleware Management Java API Reference for Oracle Entitlements Server
11g Release 2 (11.1.2)

E27155-01 ESAPI


oracle.security.jps.util
Class JpsSubject

java.lang.Object
  extended by oracle.security.jps.util.JpsSubject


public final class JpsSubject
extends java.lang.Object

Constructor Summary
JpsSubject()
           

 

Method Summary
static
<T> T
doAs(javax.security.auth.Subject subject, java.security.PrivilegedAction<T> action)
          Perform work as a particular Subject.
static
<T> T
doAs(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction<T> action)
          Perform work as a particular Subject.
static
<T> T
doAsPrivileged(javax.security.auth.Subject subject, java.security.PrivilegedAction<T> action, java.security.AccessControlContext acc)
          Perform privileged work as a particular Subject.
static
<T> T
doAsPrivileged(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction<T> action, java.security.AccessControlContext acc)
          Perform privileged work as a particular Subject.
static javax.security.auth.Subject getSubject(java.security.AccessControlContext acc)
          Get the Subject associated with the provided AccessControlContext.
static
<T> T
invokeAs(javax.security.auth.Subject subject, java.security.PrivilegedAction<T> action)
          Perform privileged action as a particular Subject.
static
<T> T
invokeAs(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction<T> action)
          Perform privileged action as a particular Subject.

 

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

 

Constructor Detail

JpsSubject

public JpsSubject()

Method Detail

getSubject

public static javax.security.auth.Subject getSubject(java.security.AccessControlContext acc)
Get the Subject associated with the provided AccessControlContext.

The AccessControlContext may contain many Subjects (from nested doAs calls). In this situation, the most recent Subject associated with the AccessControlContext is returned.

Parameters:
acc - the AccessControlContext from which to retrieve the Subject.
Returns:
the Subject associated with the provided AccessControlContext, or null if no Subject is associated with the provided AccessControlContext.
Throws:
java.lang.SecurityException - if the caller does not have permission to get the Subject.
java.lang.NullPointerException - if the provided AccessControlContext is null.

doAs

public static <T> T doAs(javax.security.auth.Subject subject,
                         java.security.PrivilegedAction<T> action)
Perform work as a particular Subject.

This method first retrieves the current Thread's AccessControlContext via AccessController.getContext, and then instantiates a new AccessControlContext using the retrieved context along with a new JpsSubjectDomainCombiner (constructed using the provided Subject). Finally, this method invokes AccessController.doPrivileged, passing it the provided PrivilegedAction, as well as the newly constructed AccessControlContext.

Parameters:
subject - the Subject that the specified action will run as. This parameter may be null.
action - the code to be run as the specified Subject.
Returns:
the Object returned by the PrivilegedAction's run method.
Throws:
java.lang.NullPointerException - if the PrivilegedAction is null.
java.lang.SecurityException - if the caller does not have permission to invoke this method.

doAs

public static <T> T doAs(javax.security.auth.Subject subject,
                         java.security.PrivilegedExceptionAction<T> action)
              throws java.security.PrivilegedActionException
Perform work as a particular Subject.

This method first retrieves the current Thread's AccessControlContext via AccessController.getContext, and then instantiates a new AccessControlContext using the retrieved context along with a new JpsSubjectDomainCombiner (constructed using the provided Subject). Finally, this method invokes AccessController.doPrivileged, passing it the provided PrivilegedExceptionAction, as well as the newly constructed AccessControlContext.

Parameters:
subject - the Subject that the specified action will run as. This parameter may be null.
action - the code to be run as the specified Subject.
Returns:
the Object returned by the PrivilegedExceptionAction's run method.
Throws:
java.security.PrivilegedActionException - if the PrivilegedExceptionAction.run method throws a checked exception.
java.lang.NullPointerException - if the specified PrivilegedExceptionAction is null.
java.lang.SecurityException - if the caller does not have permission to invoke this method.

doAsPrivileged

public static <T> T doAsPrivileged(javax.security.auth.Subject subject,
                                   java.security.PrivilegedAction<T> action,
                                   java.security.AccessControlContext acc)
Perform privileged work as a particular Subject.

This method behaves exactly as Subject.doAs, except that instead of retrieving the current Thread's AccessControlContext, it uses the provided AccessControlContext. If the provided AccessControlContext is null, this method instantiates a new AccessControlContext with an empty collection of ProtectionDomains.

Parameters:
subject - the Subject that the specified action will run as. This parameter may be null.
action - the code to be run as the specified Subject.
acc - the AccessControlContext to be tied to the specified subject and action.
Returns:
the Object returned by the PrivilegedAction's run method.
Throws:
java.lang.NullPointerException - if the PrivilegedAction is null.
java.lang.SecurityException - if the caller does not have permission to invoke this method.

doAsPrivileged

public static <T> T doAsPrivileged(javax.security.auth.Subject subject,
                                   java.security.PrivilegedExceptionAction<T> action,
                                   java.security.AccessControlContext acc)
                        throws java.security.PrivilegedActionException
Perform privileged work as a particular Subject.

This method behaves exactly as Subject.doAs, except that instead of retrieving the current Thread's AccessControlContext, it uses the provided AccessControlContext. If the provided AccessControlContext is null, this method instantiates a new AccessControlContext with an empty collection of ProtectionDomains.

Parameters:
subject - the Subject that the specified action will run as. This parameter may be null.
action - the code to be run as the specified Subject.
acc - the AccessControlContext to be tied to the specified subject and action.
Returns:
the Object returned by the PrivilegedExceptionAction's run method.
Throws:
java.security.PrivilegedActionException - if the PrivilegedExceptionAction.run method throws a checked exception.
java.lang.NullPointerException - if the specified PrivilegedExceptionAction is null.
java.lang.SecurityException - if the caller does not have permission to invoke this method.

invokeAs

public static <T> T invokeAs(javax.security.auth.Subject subject,
                             java.security.PrivilegedAction<T> action)
Perform privileged action as a particular Subject.

This method behaves similarly as Subject.doAsPrivileged, except that the action will be invoked under the context of the Subject only (i.e. code-based security is not taken into consideration)

The net effect is that any call to AccessController.checkPermission within the scope of the PrivilegedAction will be conducted without regard to code-based security -- only the Subject's security context will be considered.

Calling invokeAs is appropriate when code-based security is not a concern within the scope of the specified PrivilegedAction.

Parameters:
subject - the Subject that the specified action will run as. This parameter may be null.
action - the code to be run as the specified Subject.
Returns:
the Object returned by the PrivilegedExceptionAction's run method.
Throws:
java.lang.NullPointerException - if the specified PrivilegedExceptionAction is null.
java.lang.SecurityException - if the caller does not have permission to invoke this method.

invokeAs

public static <T> T invokeAs(javax.security.auth.Subject subject,
                             java.security.PrivilegedExceptionAction<T> action)
                  throws java.security.PrivilegedActionException
Perform privileged action as a particular Subject.

This method behaves similarly as Subject.doAsPrivileged, except that the action will be invoked under the context of the Subject only (i.e. code-based security is not taken into consideration)

The net effect is that any call to AccessController.checkPermission within the scope of the PrivilegedAction will be conducted without regard to code-based security -- only the Subject's security context will be considered.

Calling invokeAs is appropriate when code-based security is not a concern within the scope of the specified PrivilegedAction.

Parameters:
subject - the Subject that the specified action will run as. This parameter may be null.
action - the code to be run as the specified Subject.
Returns:
the Object returned by the PrivilegedExceptionAction's run method.
Throws:
java.security.PrivilegedActionException - if the PrivilegedExceptionAction.run method throws a checked exception.
java.lang.NullPointerException - if the specified PrivilegedExceptionAction is null.
java.lang.SecurityException - if the caller does not have permission to invoke this method.

Skip navigation links

Oracle Fusion Middleware Management Java API Reference for Oracle Entitlements Server
11g Release 2 (11.1.2)

E27155-01 ESAPI


Copyright © 2011,2012, Oracle and/or its affiliates. All rights reserved.