Skip navigation links

Oracle Fusion Middleware Management Java API Reference for Oracle Platform Security Services
11g Release 1 (11.1.1)

E14650-05


oracle.security.jps.runtime
Class SubjectSecurity

java.lang.Object
  extended by oracle.security.jps.runtime.SubjectSecurity


public abstract class SubjectSecurity
extends java.lang.Object

This class defines APIs to create ActionExecutor for asserted users and for authenticated subjects and to execute PrivilegedAction or PrivilegedExceptionAction with a user subject in the container security context and JDK AccessControlContext.

It provides a factory API to create platform-dependent SubjectSecurity instances based on the runtime platform type.

Some methods of this class are protected by code permission oracle.security.jps.JpsPermission with name "IdentityAssertion" and action "execute". Application code sources need to be granted the above permission when invoking these APIs.


Method Summary
abstract
<T> T
executeAs(javax.security.auth.Subject subject, java.security.PrivilegedAction<T> action)
          Executes the PrivilegedAction as the specified subject in the platform security context and JDK AccessControlContext.
abstract
<T> T
executeAs(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction<T> action)
          Executes the PrivilegedExceptionAction as the specified subject in the platform security context and JDK AccessControlContext.
abstract  ActionExecutor getActionExecutor(java.lang.String userName)
          Gets an ActionExecutor for the specified user name.
abstract  ActionExecutor getActionExecutor(javax.security.auth.Subject subject)
          Gets an ActionExecutor for the specified subject.
abstract  ActionExecutor getAnonymousActionExecutor()
          Gets an ActionExecutor with anonymous user security contexts.
static SubjectSecurity getInstance()
          

Gets an instance of SubjectSecurity based on the runtime platform type.

 

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

 

Method Detail

getInstance

public static SubjectSecurity getInstance()
                                   throws JpsException

Gets an instance of SubjectSecurity based on the runtime platform type.

A SubjectSecurity instance with JDK AccessControlContext will be returned if it's not running in any specific JEE containers, e.g. Weblogic, Websphere and etc.

Returns:
an instance of SubjectSecurity
Throws:
JpsException - if fails to create a platform dependent SubjectSecurity instance

getActionExecutor

public abstract ActionExecutor getActionExecutor(java.lang.String userName)
                                          throws AssertionException

Gets an ActionExecutor for the specified user name.

A SubjectSecurity implementation should first assert the specified user name against the identity store, and create an ActionExecutor for the asserted user.

This method is protected by code permission oracle.security.jps.JpsPermission with name "IdentityAssertion" and action "execute". The application code sources need to be granted the above permission when invoking this method.

It should raise AssertionException if the user name fails to be asserted.

Parameters:
userName - the user name to be asserted
Returns:
an ActionExecutor associated with the asserted user
Throws:
AssertionException - if the specified user name fails to be asserted

getActionExecutor

public abstract ActionExecutor getActionExecutor(javax.security.auth.Subject subject)

Gets an ActionExecutor for the specified subject.

The given subject must be a security platform specific subject.

Parameters:
subject - the security platform specific subject to be used for this executor
Returns:
an ActionExecutor associated with the specified subject

getAnonymousActionExecutor

public abstract ActionExecutor getAnonymousActionExecutor()
                                                   throws JpsException

Gets an ActionExecutor with anonymous user security contexts.

The default implementation of SubjectSecurity with JDK AccessControlContext will associate JDK AccessControlContext with JPS anonymous subject.

Returns:
an ActionExecutor with anonymous user security contexts
Throws:
JpsException - if anonymous security contexts fails to be created

executeAs

public abstract <T> T executeAs(javax.security.auth.Subject subject,
                                java.security.PrivilegedAction<T> action)

Executes the PrivilegedAction as the specified subject in the platform security context and JDK AccessControlContext.

The given subject must be a security platform specific subject.

Parameters:
subject - a security platform specific subject
action - an instance of PrivilegedAction
Returns:
the value returned by the PrivilegedAction.run method

executeAs

public abstract <T> T executeAs(javax.security.auth.Subject subject,
                                java.security.PrivilegedExceptionAction<T> action)
                     throws java.security.PrivilegedActionException

Executes the PrivilegedExceptionAction as the specified subject in the platform security context and JDK AccessControlContext.

The given subject must be a security platform specific subject.

Parameters:
subject - a security platform specific subject
action - an instance of PrivilegedExceptionAction
Returns:
the value returned by the PrivilegedExceptionAction.run method
Throws:
java.security.PrivilegedActionException - if the PrivilegedExceptionAction.run method throws a checked exception

Skip navigation links

Oracle Fusion Middleware Management Java API Reference for Oracle Platform Security Services
11g Release 1 (11.1.1)

E14650-05


Copyright © 2011, Oracle. All rights reserved.