javax.security.auth
Class SubjectDomainCombiner

java.lang.Object
  |
  +--javax.security.auth.SubjectDomainCombiner
All Implemented Interfaces:
java.security.DomainCombiner

public class SubjectDomainCombiner
extends java.lang.Object
implements java.security.DomainCombiner

A SubjectDomainCombiner updates the ProtectionDomains affiliated with an AccessControlContext with the relevant Subject-based Permissions configured in the java.security.auth.Policy.

If the Security property, cache.auth.policy, either is not set, or if it is set to true, then this SubjectDomainCombiner implementation caches policy information. Otherwise, this SubjectDomainCombiner implementation refrains from performing any caching. The cache.auth.policy property may be set in the Security properties file, located in the file named <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> refers to the directory where the SDK was installed.


Constructor Summary
SubjectDomainCombiner(Subject subject)
          Associate the provided Subject with this SubjectDomainCombiner.
 
Method Summary
 java.security.ProtectionDomain[] combine(java.security.ProtectionDomain[] currentDomains, java.security.ProtectionDomain[] assignedDomains)
          Update the provided ProtectionDomains with the relevant Subject-based Permissions.
 Subject getSubject()
          Get the Subject associated with this SubjectDomainCombiner.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SubjectDomainCombiner

public SubjectDomainCombiner(Subject subject)
Associate the provided Subject with this SubjectDomainCombiner.

Parameters:
subject - the Subject to be associated with with this SubjectDomainCombiner.
Method Detail

getSubject

public Subject getSubject()
Get the Subject associated with this SubjectDomainCombiner.

Returns:
the Subject associated with this SubjectDomainCombiner, or null if no Subject is associated with this SubjectDomainCombiner.
Throws:
java.lang.SecurityException - if the caller does not have permission to get the Subject associated with this SubjectDomainCombiner.

combine

public java.security.ProtectionDomain[] combine(java.security.ProtectionDomain[] currentDomains,
                                                java.security.ProtectionDomain[] assignedDomains)
Update the provided ProtectionDomains with the relevant Subject-based Permissions.

For each ProtectionDomain in the currentDomains array, this method retrieves the Subject-based permissions granted in the Policy. To retrieve these permissions, this method invokes the getPermissions method from the Policy, passing it the Subject associated with this SubjectDomainCombiner, along with the CodeSource associated with the respective ProtectionDomain. A new collection of Permissions is created from the union of the retrieved Permissions and the original Permissions granted to that ProtectionDomain. A new ProtectionDomain is then instantiated with this new collection of Permissions, as well as the CodeSource from the original ProtectionDomain. All of the newly instantiated ProtectionDomains are then combined into a new array. The ProtectionDomains from the assignedDomains array are appended to this new array, and the result is returned.

Note that optimizations such as the removal of duplicate entries in the array, or the removal of duplicate Permissions in a ProtectionDomain entry may have occurred. Also note that if caching is permitted and the relevant Permissions were already cached, this method does not need to consult the Policy to retrieve the Subject-based permissions. It simply accesses the cached permissions.

Specified by:
combine in interface java.security.DomainCombiner
Parameters:
currentDomains - the ProtectionDomains associated with the current execution Thread, up to the most recent privileged ProtectionDomain. The ProtectionDomains are are listed in order of execution, with the most recently executing ProtectionDomain residing at the beginning of the array. This parameter may be null if the current execution Thread has no associated ProtectionDomains.

assignedDomains - the ProtectionDomains inherited from the parent Thread, or the ProtectionDomains from the privileged context, if a call to AccessController.doPrivileged(..., context) had occurred This parameter may be null if there were no ProtectionDomains inherited from the parent Thread, or from the privileged context.
Returns:
a new array consisting of the updated ProtectionDomains, or null.