|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object javax.security.jacc.PolicyContext
public final class PolicyContext
This utility class is used by containers to communicate policy context
identifiers and other policy relevant context to Policy
providers. Policy
providers use the policy context identifier
to select the subset of policy to apply in access decisions.
The value of a policy context identifier is a
String
and each thread has an independently
established policy context identifier.
A container will establish the thread-scoped value
of a policy context identifier by calling the static
setContextID
method. The value of a thread-scoped policy
context identifier is available (to Policy
) by calling the
static getContextID
method.
This class is also used by Policy
providers to
request additional
thread-scoped policy relevant context objects from the calling container.
Containers register container-specific PolicyContext
handlers
using the static registerHandler
method.
Handler registration is scoped to the class, such that the same handler
registrations are active in all thread contexts. Containers may
use the static method setHandlerData
to
establish a thread-scoped parameter that will be passed to handlers
when they are activated by Policy
providers. The
static getContext
method is used to activate a
handler and obtain the corresponding context object.
The static accessor functions provided by this class allow per-thread policy context values to be established and communicated independent of a common reference to a particular PolicyContext instance.
The PolicyContext class may encapsulate static ThreadLocal instance variables to represent the policy context identifier and handler data values.
The Application server must bundle or install the PolicyContext class, and the containers of the application server must prevent the methods of the PolicyContext class from being called from calling contexts that are not authorized to call these methods. With the exception of the getContextID and GetHandlerKeys methods, containers must restrict and afford access to the methods of the PolicyContext class to calling contexts trusted by the container to perform container access decisions. The PolicyContext class may satisfy this requirement (on behalf of its container) by rejecting calls made from an AccessControlContext that has not been granted the "setPolicy" SecurityPermission, and by ensuring that Policy providers used to perform container access decisions are granted the "setPolicy" permission.
PolicyContextHandler
Method Summary | |
---|---|
static java.lang.Object |
getContext(java.lang.String key)
This method may be used by a Policy provider to activate the
PolicyContextHandler registered to the context object key
and cause it to return the corresponding policy context object from
the container. |
static java.lang.String |
getContextID()
This static method returns the value of the policy context identifier associated with the thread on which the accessor is called. |
static java.util.Set |
getHandlerKeys()
This method may be used to obtain the keys that identify the container specific context handlers registered by the container. |
static void |
registerHandler(java.lang.String key,
PolicyContextHandler handler,
boolean replace)
Authorization protected method used to register a container specific PolicyContext handler. |
static void |
setContextID(java.lang.String contextID)
Authorization protected method used to modify the value of the policy context identifier associated with the thread on which this method is called. |
static void |
setHandlerData(java.lang.Object data)
Authorization protected method that may be used to associate a thread-scoped handler data object with the PolicyContext. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail |
---|
public static void setContextID(java.lang.String contextID)
contextID
- a String
that represents
the value of the policy context identifier to be assigned to the
PolicyContext for the calling thread. The value null
is a legitimate value for this parameter.
java.lang.SecurityException
- if the calling AccessControlContext is not authorized by the container
to call this method.public static java.lang.String getContextID()
String
(or null
) policy context
identifier established for the thread. This method must
return the default policy context
identifier, null
, if the policy context
identifier of the thread has not been set via setContext
to another value.
java.lang.SecurityException
- if the calling AccessControlContext is not authorized by the container
to call this method. Containers may choose to authorize calls to this
method by any AccessControlContext.public static void setHandlerData(java.lang.Object data)
data
- a container-specific object that will be associated
with the calling thread and passed to any handler activated by a
Policy
provider (on the thread).
The value null
is a legitimate value for this parameter,
and is the value that will be used in the activation of handlers
if the setHandlerData
has not been called on the thread.
java.lang.SecurityException
- if the calling AccessControlContext is not authorized by the container
to call this method.public static void registerHandler(java.lang.String key, PolicyContextHandler handler, boolean replace) throws PolicyContextException
PolicyContext
handler. A handler may be registered
to handle multiple keys, but at any time, at most one handler may be
registered for a key.
key
- a (case-sensitive) String
that identifies
the context object handled by the handler.
The value of this parameter must not be null.handler
- an object that implements the
PolicyContextHandler
interface. The value of
this parameter must not be null.replace
- this boolean value defines the behavior of this
method if, when it is called, a PolicyContextHandler
has already been registered to handle the same key.
In that case, and if the value of this argument is true
,
the existing handler is replaced with the argument handler. If the
value of this parameter is false the existing registration is preserved
and an exception is thrown.
java.lang.IllegalArgumentException
- if the value of either of the handler or key arguments is null,
or the value of the replace argument is false
and a handler
with the same key as the argument handler is already registered.
java.lang.SecurityException
- if the calling AccessControlContext is not authorized by the container
to call this method.
PolicyContextException
- if an operation by this method on the argument PolicyContextHandler
causes it to throw a checked exception that is not accounted for
in the signature of this method.public static java.util.Set getHandlerKeys()
Set
, the elements of which, are the
String
key values that identify
the handlers that have been registered
and therefore may be activated on the PolicyContext
.
java.lang.SecurityException
- if the calling AccessControlContext is not authorized by the container
to call this method. Containers may choose to authorize calls to this
method by any AccessControlContext.public static java.lang.Object getContext(java.lang.String key) throws PolicyContextException
Policy
provider to activate the
PolicyContextHandler
registered to the context object key
and cause it to return the corresponding policy context object from
the container. When this method activates a handler,
it passes to the handler the context
object key and the handler data associated with the calling thread.
key
- a String
that identifies the
PolicyContextHandler
to activate and the context object
to be acquired from the handler. The value of this parameter must
not be null.
null
value is returned if
the corresponding handler has been registered, and the value
of the corresponding context is null.
java.lang.IllegalArgumentException
- if a PolicyContextHandler
has not been registered
for the key or the registered handler no longer supports the key.
java.lang.SecurityException
- if the calling AccessControlContext is not authorized by the container
to call this method.
PolicyContextException
- if an operation by this method on the identified PolicyContextHandler
causes it to throw a checked exception that is not accounted for
in the signature of this method.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Copyright © 2009, 2010, Oracle Corporation and/or its affiliates. All Rights Reserved. Use is subject to license terms.
Generated on 4-June-2010 04:34