public abstract class AppSecurityContext
extends java.lang.Object
This class provides a thread-scoped API for accessing application security attributes. The thread scoped API uses a threadlocal variable of an AppSecurityContext instance to encapsulate the application security attributes, e.g. application ID and identity context ID.
AppSecurityContext
supports two modes in setting and getting application ID, the new "AppSecurityContext" mode and "PolicyContext" mode. The "PolicyContext" mode provides backward-compatibility in setting and getting context ID with JACC PolicyContext
, the "AppSecurityContext" mode creates a new thread-scoped variable to store application ID. This class checks system property "oracle.security.jps.appsecuritycontext.appsecuritycontextmode" to decide which mode to use for setting and getting application ID. If this system property is set to false, "PolicyContext" mode is enabled. Otherwise, by default "AppSecurityContext" mode is enabled.
When calling AppSecurityContext.setApplicationID
method, it requires callers to have codebase permission grant of JpsPermission("AppSecurityContext.setApplicationID.<app ID>").
It is recommended practice to always immediately reset the policy context once it is not required. Follow a call to setApplicationID with a try block, most typically in a before/after construction such as:
class X { // typically invoke this in an AccessController do privileged block. // calling code must be granted appropriate permission. private static void setApplicationID(final String applicationID) { AccessController.doPrivileged(new PrivilegedAction() { public Object run() { AppSecurityContext.setApplicationID(applicationID); return null; } }); } public void m() { String newCtx ; // new context to set String oldCtx = AppSecurityContext.getApplicationID(); // remember old context boolean resetCtx= false; // optimize - if new context is the same as the current, no need to set it. if (oldCtx != null && !oldCtx.equalsIgnoreCase(newCtx)) { setApplicationID(newCtx); resetCtx = true; } else if (oldCtx == null && newCtx != null) { AppSecurityContext.setApplicationID(newCtx); resetCtx = true; } try { // ... method body } finally { // restore the context if (resetCtx) setApplicationID(oldCtx); } } }
Modifier and Type | Method and Description |
---|---|
static java.lang.String |
getApplicationID()
Gets application ID from thread-scoped variables.
|
abstract java.lang.Object |
getAttribute(java.lang.String attributeName)
Gets the security attribute object given its name.
|
static AppSecurityContext |
getSecurityContext()
Gets the instance of
AppSecurityContext . |
static UserSecurityContext |
getUserSecurityContext()
Gets user security context of the current authenticated user.
|
static void |
setApplicationID(java.lang.String applicationID)
Sets application ID in thread-scoped variables.
|
static void |
setAppSecCtxtMode(boolean appSecCtxtMode)
Sets the application security context mode to enable or disable "AppSecurityContext" mode.
|
public static void setAppSecCtxtMode(boolean appSecCtxtMode)
appSecCtxtMode
- set to true to enable "AppSecurityContext" mode, false to disable this modepublic static void setApplicationID(java.lang.String applicationID)
It requires callers to have codebase permission grant of JpsPermission("AppSecurityContext.setApplicationID.<app ID>") to invoke this method.
When PolicyContext mode is true and security manager is turned on, PolicyContext
requires callers to have permission grant of SecurityPermission("setPolicy").
applicationID
-public static java.lang.String getApplicationID()
When PolicyContext mode is true and security manager is set, PolicyContext
requires callers to have permission grant of SecurityPermission("getPolicy").
public static AppSecurityContext getSecurityContext()
AppSecurityContext
.AppSecurityContext
public static UserSecurityContext getUserSecurityContext()
public abstract java.lang.Object getAttribute(java.lang.String attributeName)
attributeName
- the security attribute name