SubjectSecurity (Oracle Fusion Middleware Java API Reference for Oracle Platform Security Services)

java.lang.Object
- oracle.security.jps.runtime.SubjectSecurity

```
public abstract class SubjectSecurity
extends java.lang.Object
```
This class defines APIs to create ActionExecutor for asserted users and for authenticated subjects and to execute PrivilegedAction or PrivilegedExceptionAction with a user subject in the container security context and JDK AccessControlContext.

It provides a factory API to create platform-dependent SubjectSecurity instances based on the runtime platform type.

Some methods of this class are protected by code permission oracle.security.jps.JpsPermission with name "IdentityAssertion" and action "execute". Application code sources need to be granted the above permission when invoking these APIs.

Method Summary

Methods
Modifier and Type	Method and Description
`abstract <T> T`	`executeAs(javax.security.auth.Subject subject, java.security.PrivilegedAction<T> action)` Executes the `PrivilegedAction` as the specified subject in the platform security context and JDK `AccessControlContext`.
`abstract <T> T`	`executeAs(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction<T> action)` Executes the `PrivilegedExceptionAction` as the specified subject in the platform security context and JDK `AccessControlContext`.
`abstract ActionExecutor`	`getActionExecutor(javax.security.auth.callback.CallbackHandler handler)` Gets an `ActionExecutor` for the user specified by CallbackHandler.
`abstract ActionExecutor`	`getActionExecutor(java.lang.String userName)` Gets an `ActionExecutor` for the specified user name.
`abstract ActionExecutor`	`getActionExecutor(javax.security.auth.Subject subject)` Gets an `ActionExecutor` for the specified subject.
`abstract ActionExecutor`	`getAnonymousActionExecutor()` Gets an `ActionExecutor` with anonymous user security contexts.
`static SubjectSecurity`	`getInstance()` Gets an instance of `SubjectSecurity` based on the runtime platform type.

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - getInstance
```
public static SubjectSecurity getInstance()
                                   throws JpsException
```
    Gets an instance of SubjectSecurity based on the runtime platform type.
    
    A SubjectSecurity instance with JDK AccessControlContext will be returned if it's not running in any specific JEE containers, e.g. Weblogic, Websphere and etc.
    
    Returns:
    
    an instance of SubjectSecurity
    
    Throws:
    
    JpsException - if fails to create a platform dependent SubjectSecurity instance
  - getActionExecutor
```
public abstract ActionExecutor getActionExecutor(java.lang.String userName)
                                          throws AssertionException
```
    Gets an ActionExecutor for the specified user name.
    
    A SubjectSecurity implementation should first assert the specified user name against the identity store, and create an ActionExecutor for the asserted user.
    
    This method is protected by code permission oracle.security.jps.JpsPermission with name "IdentityAssertion" and action "execute". The application code sources need to be granted the above permission when invoking this method.
    
    It should raise AssertionException if the user name fails to be asserted.
    
    Parameters:
    
    userName - the user name to be asserted
    
    Returns:
    
    an ActionExecutor associated with the asserted user
    
    Throws:
    
    AssertionException - if the specified user name fails to be asserted
  - getActionExecutor
```
public abstract ActionExecutor getActionExecutor(javax.security.auth.callback.CallbackHandler handler)
                                          throws AssertionException
```
    Gets an ActionExecutor for the user specified by CallbackHandler.
    
    A SubjectSecurity implementation should first assert the specified user name against the identity store, and create an ActionExecutor for the asserted user.
    
    This method is protected by code permission oracle.security.jps.JpsPermission with name "IdentityAssertion" and action "execute". The application code sources need to be granted the above permission when invoking this method.
    
    It should raise AssertionException if the user name fails to be asserted.
    
    Parameters:
    
    handler - can handle IdentityCallback and TenantCallbak for the user to be asserted
    
    Returns:
    
    an ActionExecutor associated with the asserted user
    
    Throws:
    
    AssertionException - if the specified user name fails to be asserted
  - getActionExecutor
```
public abstract ActionExecutor getActionExecutor(javax.security.auth.Subject subject)
```
    Gets an ActionExecutor for the specified subject.
    
    The given subject must be a security platform specific subject.
    
    Parameters:
    
    subject - the security platform specific subject to be used for this executor
    
    Returns:
    
    an ActionExecutor associated with the specified subject
  - getAnonymousActionExecutor
```
public abstract ActionExecutor getAnonymousActionExecutor()
                                                   throws JpsException
```
    Gets an ActionExecutor with anonymous user security contexts.
    
    The default implementation of SubjectSecurity with JDK AccessControlContext will associate JDK AccessControlContext with JPS anonymous subject.
    
    Returns:
    
    an ActionExecutor with anonymous user security contexts
    
    Throws:
    
    JpsException - if anonymous security contexts fails to be created
  - executeAs
```
public abstract <T> T executeAs(javax.security.auth.Subject subject,
              java.security.PrivilegedAction<T> action)
```
    Executes the PrivilegedAction as the specified subject in the platform security context and JDK AccessControlContext.
    
    The given subject must be a security platform specific subject.
    
    Parameters:
    
    subject - a security platform specific subject
    
    action - an instance of PrivilegedAction
    
    Returns:
    
    the value returned by the PrivilegedAction.run method
  - executeAs
```
public abstract <T> T executeAs(javax.security.auth.Subject subject,
              java.security.PrivilegedExceptionAction<T> action)
                     throws java.security.PrivilegedActionException
```
    Executes the PrivilegedExceptionAction as the specified subject in the platform security context and JDK AccessControlContext.
    
    The given subject must be a security platform specific subject.
    
    Parameters:
    
    subject - a security platform specific subject
    
    action - an instance of PrivilegedExceptionAction
    
    Returns:
    
    the value returned by the PrivilegedExceptionAction.run method
    
    Throws:
    
    java.security.PrivilegedActionException - if the PrivilegedExceptionAction.run method throws a checked exception

Class SubjectSecurity

Method Summary

Methods inherited from class java.lang.Object

Method Detail

getInstance

getActionExecutor

getActionExecutor

getActionExecutor

getAnonymousActionExecutor

executeAs

executeAs