public interface ActionExecutor
An ActionExecutor
allows applications to run any application logic within a user's platform security context and JDK AccessControlContext
.
An ActionExecutor
is only associated with one unique identity.
Applications can implement PrivilegedAction
or PrivilegedExceptionAction
, and put application logic that needs to be run within a user's security context in its run
method, and invoke the ActionExecutor.execute
method with PrivilegedAction
or PrivilegedExceptionAction
as input parameter.
Only the application logic that runs in PrivilegedAction
or PrivilegedExceptionAction
is associated with the user's platform security context automatically by ActionExecutor
, in case of Weblogic server, it's associated with WLS subject by invoking Security.runAs(Subject, PrivilegedAction)
. As such, application operations required platform security will be handled by the platform security context implicitly, e.g. EJB invocation and secure resource access.
The ActionExecutor
execution will also bind the user's subject with JDK AccessControlContext
by JDK Subject.doAs(Subject, PrivilegedAction)
. Application logic in PrivilegedAction
can perform the standard JDK permission checks.
The security context, such as AccessControlContext
subject or the platform security context subject, will not be altered after invoking ActionExecutor.execute
method.
This class also provides an API for establishing OPSS AppSecurityContext
with security attributes before executing application logic. The security attributes in the AppSecurityContext
will remain unchanged after application logic invocation.
Modifier and Type | Method and Description |
---|---|
<T> T |
execute(java.security.PrivilegedAction<T> action)
Executes the
PrivilegedAction in a user's platform security context and AccessControlContext . |
<T> T |
execute(java.security.PrivilegedExceptionAction<T> action)
Executes
PrivilegedExceptionAction in a user's platform security context and AccessControlContext . |
void |
setAttributes(java.util.Map<java.lang.String,java.lang.Object> attributes)
Sets the security attributes to be used with the OPSS
AppSecurityContext that will be established before executing application logic. |
<T> T execute(java.security.PrivilegedAction<T> action)
PrivilegedAction
in a user's platform security context and AccessControlContext
.action
- an instance of PrivilegedAction
<T> T execute(java.security.PrivilegedExceptionAction<T> action) throws java.security.PrivilegedActionException
PrivilegedExceptionAction
in a user's platform security context and AccessControlContext
.action
- an instance of PrivilegedExceptionAction
java.security.PrivilegedActionException
- if the PrivilegedExceptionAction.run
method throws a checked exceptionvoid setAttributes(java.util.Map<java.lang.String,java.lang.Object> attributes)
AppSecurityContext
that will be established before executing application logic.attributes
- the security attributes