public abstract class SubjectSecurity
extends java.lang.Object
This class defines APIs to create ActionExecutor
for asserted users and for authenticated subjects and to execute PrivilegedAction
or PrivilegedExceptionAction
with a user subject in the container security context and JDK AccessControlContext
.
It provides a factory API to create platform-dependent SubjectSecurity
instances based on the runtime platform type.
Some methods of this class are protected by code permission oracle.security.jps.JpsPermission
with name "IdentityAssertion" and action "execute". Application code sources need to be granted the above permission when invoking these APIs.
Modifier and Type | Method and Description |
---|---|
abstract <T> T |
executeAs(javax.security.auth.Subject subject, java.security.PrivilegedAction<T> action)
Executes the
PrivilegedAction as the specified subject in the platform security context and JDK AccessControlContext . |
abstract <T> T |
executeAs(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction<T> action)
Executes the
PrivilegedExceptionAction as the specified subject in the platform security context and JDK AccessControlContext . |
abstract ActionExecutor |
getActionExecutor(javax.security.auth.callback.CallbackHandler handler)
Gets an
ActionExecutor for the user specified by CallbackHandler. |
abstract ActionExecutor |
getActionExecutor(java.lang.String userName)
Gets an
ActionExecutor for the specified user name. |
abstract ActionExecutor |
getActionExecutor(javax.security.auth.Subject subject)
Gets an
ActionExecutor for the specified subject. |
abstract ActionExecutor |
getAnonymousActionExecutor()
Gets an
ActionExecutor with anonymous user security contexts. |
static SubjectSecurity |
getInstance()
Gets an instance of |
public static SubjectSecurity getInstance() throws JpsException
Gets an instance of SubjectSecurity
based on the runtime platform type.
A SubjectSecurity
instance with JDK AccessControlContext
will be returned if it's not running in any specific JEE containers, e.g. Weblogic, Websphere and etc.
SubjectSecurity
JpsException
- if fails to create a platform dependent SubjectSecurity
instancepublic abstract ActionExecutor getActionExecutor(java.lang.String userName) throws AssertionException
Gets an ActionExecutor
for the specified user name.
A SubjectSecurity
implementation should first assert the specified user name against the identity store, and create an ActionExecutor
for the asserted user.
This method is protected by code permission oracle.security.jps.JpsPermission
with name "IdentityAssertion" and action "execute". The application code sources need to be granted the above permission when invoking this method.
It should raise AssertionException
if the user name fails to be asserted.
userName
- the user name to be assertedActionExecutor
associated with the asserted userAssertionException
- if the specified user name fails to be assertedpublic abstract ActionExecutor getActionExecutor(javax.security.auth.callback.CallbackHandler handler) throws AssertionException
Gets an ActionExecutor
for the user specified by CallbackHandler.
A SubjectSecurity
implementation should first assert the specified user name against the identity store, and create an ActionExecutor
for the asserted user.
This method is protected by code permission oracle.security.jps.JpsPermission
with name "IdentityAssertion" and action "execute". The application code sources need to be granted the above permission when invoking this method.
It should raise AssertionException
if the user name fails to be asserted.
handler
- can handle IdentityCallback
and TenantCallbak
for the user to be assertedActionExecutor
associated with the asserted userAssertionException
- if the specified user name fails to be assertedpublic abstract ActionExecutor getActionExecutor(javax.security.auth.Subject subject)
Gets an ActionExecutor
for the specified subject.
The given subject must be a security platform specific subject.
subject
- the security platform specific subject to be used for this executorActionExecutor
associated with the specified subjectpublic abstract ActionExecutor getAnonymousActionExecutor() throws JpsException
Gets an ActionExecutor
with anonymous user security contexts.
The default implementation of SubjectSecurity
with JDK AccessControlContext
will associate JDK AccessControlContext
with JPS anonymous subject.
ActionExecutor
with anonymous user security contextsJpsException
- if anonymous security contexts fails to be createdpublic abstract <T> T executeAs(javax.security.auth.Subject subject, java.security.PrivilegedAction<T> action)
Executes the PrivilegedAction
as the specified subject in the platform security context and JDK AccessControlContext
.
The given subject must be a security platform specific subject.
subject
- a security platform specific subjectaction
- an instance of PrivilegedAction
PrivilegedAction.run
methodpublic abstract <T> T executeAs(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction<T> action) throws java.security.PrivilegedActionException
Executes the PrivilegedExceptionAction
as the specified subject in the platform security context and JDK AccessControlContext
.
The given subject must be a security platform specific subject.
subject
- a security platform specific subjectaction
- an instance of PrivilegedExceptionAction
PrivilegedExceptionAction.run
methodjava.security.PrivilegedActionException
- if the PrivilegedExceptionAction.run
method throws a checked exception