javax.security.auth: public class: SubjectDomainCombiner

javax.security.auth
public class: SubjectDomainCombiner [javadoc | source]

java.lang.Object
   javax.security.auth.SubjectDomainCombiner

All Implemented Interfaces:
DomainCombiner

A SubjectDomainCombiner updates ProtectionDomains with Principals from the Subject associated with this SubjectDomainCombiner.

Constructor:

Constructor:
public SubjectDomainCombiner(Subject subject) { this.subject = subject; if (subject.isReadOnly()) { principalSet = subject.getPrincipals(); principals = principalSet.toArray (new Principal[principalSet.size()]); } } Associate the provided `Subject` with this `SubjectDomainCombiner`. Parameters: `subject` - the `Subject` to be associated with with this `SubjectDomainCombiner`.

 public SubjectDomainCombiner(Subject subject) {
        this.subject = subject;
        if (subject.isReadOnly()) {
            principalSet = subject.getPrincipals();
            principals = principalSet.toArray
                        (new Principal[principalSet.size()]);
        }
}

Subject

SubjectDomainCombiner

Parameters:

subject - the Subject to be associated with with this SubjectDomainCombiner.

Method from javax.security.auth.SubjectDomainCombiner Summary:
combine, getSubject

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from javax.security.auth.SubjectDomainCombiner Detail:
public ProtectionDomain[] combine(ProtectionDomain[] currentDomains, ProtectionDomain[] assignedDomains) { if (debug != null) { if (subject == null) { debug.println("null subject"); } else { final Subject s = subject; AccessController.doPrivileged (new java.security.PrivilegedAction< Void >() { public Void run() { debug.println(s.toString()); return null; } }); } printInputDomains(currentDomains, assignedDomains); } if (currentDomains == null \|\| currentDomains.length == 0) { // No need to optimize assignedDomains because it should // have been previously optimized (when it was set). // Note that we are returning a direct reference // to the input array - since ACC does not clone // the arrays when it calls combiner.combine, // multiple ACC instances may share the same // array instance in this case return assignedDomains; } // optimize currentDomains // // No need to optimize assignedDomains because it should // have been previously optimized (when it was set). currentDomains = optimize(currentDomains); if (debug != null) { debug.println("after optimize"); printInputDomains(currentDomains, assignedDomains); } if (currentDomains == null && assignedDomains == null) { return null; } // maintain backwards compatibility for developers who provide // their own custom javax.security.auth.Policy implementations if (useJavaxPolicy) { return combineJavaxPolicy(currentDomains, assignedDomains); } int cLen = (currentDomains == null ? 0 : currentDomains.length); int aLen = (assignedDomains == null ? 0 : assignedDomains.length); // the ProtectionDomains for the new AccessControlContext // that we will return ProtectionDomain[] newDomains = new ProtectionDomain[cLen + aLen]; boolean allNew = true; synchronized(cachedPDs) { if (!subject.isReadOnly() && !subject.getPrincipals().equals(principalSet)) { // if the Subject was mutated, clear the PD cache Set< Principal > newSet = subject.getPrincipals(); synchronized(newSet) { principalSet = new java.util.HashSet< Principal >(newSet); } principals = principalSet.toArray (new Principal[principalSet.size()]); cachedPDs.clear(); if (debug != null) { debug.println("Subject mutated - clearing cache"); } } ProtectionDomain subjectPd; for (int i = 0; i < cLen; i++) { ProtectionDomain pd = currentDomains[i]; subjectPd = cachedPDs.getValue(pd); if (subjectPd == null) { subjectPd = new ProtectionDomain(pd.getCodeSource(), pd.getPermissions(), pd.getClassLoader(), principals); cachedPDs.putValue(pd, subjectPd); } else { allNew = false; } newDomains[i] = subjectPd; } } if (debug != null) { debug.println("updated current: "); for (int i = 0; i < cLen; i++) { debug.println("\tupdated[" + i + "] = " + printDomain(newDomains[i])); } } // now add on the assigned domains if (aLen > 0) { System.arraycopy(assignedDomains, 0, newDomains, cLen, aLen); // optimize the result (cached PDs might exist in assignedDomains) if (!allNew) { newDomains = optimize(newDomains); } } // if aLen == 0 \|\| allNew, no need to further optimize newDomains if (debug != null) { if (newDomains == null \|\| newDomains.length == 0) { debug.println("returning null"); } else { debug.println("combinedDomains: "); for (int i = 0; i < newDomains.length; i++) { debug.println("newDomain " + i + ": " + printDomain(newDomains[i])); } } } // return the new ProtectionDomains if (newDomains == null \|\| newDomains.length == 0) { return null; } else { return newDomains; } } Update the relevant ProtectionDomains with the Principals from the `Subject` associated with this `SubjectDomainCombiner`. A new `ProtectionDomain` instance is created for each `ProtectionDomain` in the currentDomains array. Each new `ProtectionDomain` instance is created using the `CodeSource`, `Permission`s and `ClassLoader` from the corresponding `ProtectionDomain` in currentDomains, as well as with the Principals from the `Subject` associated with this `SubjectDomainCombiner`. All of the newly instantiated ProtectionDomains are combined into a new array. The ProtectionDomains from the assignedDomains array are appended to this new array, and the result is returned. Note that optimizations such as the removal of duplicate ProtectionDomains may have occurred. In addition, caching of ProtectionDomains may be permitted.
public Subject getSubject() { java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(new AuthPermission ("getSubjectFromDomainCombiner")); } return subject; } Get the `Subject` associated with this `SubjectDomainCombiner`.

Method from javax.security.auth.SubjectDomainCombiner Detail:

 public ProtectionDomain[] combine(ProtectionDomain[] currentDomains,
    ProtectionDomain[] assignedDomains) {
        if (debug != null) {
            if (subject == null) {
                debug.println("null subject");
            } else {
                final Subject s = subject;
                AccessController.doPrivileged
                    (new java.security.PrivilegedAction< Void >() {
                    public Void run() {
                        debug.println(s.toString());
                        return null;
                    }
                });
            }
            printInputDomains(currentDomains, assignedDomains);
        }
        if (currentDomains == null || currentDomains.length == 0) {
            // No need to optimize assignedDomains because it should
            // have been previously optimized (when it was set).
            // Note that we are returning a direct reference
            // to the input array - since ACC does not clone
            // the arrays when it calls combiner.combine,
            // multiple ACC instances may share the same
            // array instance in this case
            return assignedDomains;
        }
        // optimize currentDomains
        //
        // No need to optimize assignedDomains because it should
        // have been previously optimized (when it was set).
        currentDomains = optimize(currentDomains);
        if (debug != null) {
            debug.println("after optimize");
            printInputDomains(currentDomains, assignedDomains);
        }
        if (currentDomains == null && assignedDomains == null) {
            return null;
        }
        // maintain backwards compatibility for developers who provide
        // their own custom javax.security.auth.Policy implementations
        if (useJavaxPolicy) {
            return combineJavaxPolicy(currentDomains, assignedDomains);
        }
        int cLen = (currentDomains == null ? 0 : currentDomains.length);
        int aLen = (assignedDomains == null ? 0 : assignedDomains.length);
        // the ProtectionDomains for the new AccessControlContext
        // that we will return
        ProtectionDomain[] newDomains = new ProtectionDomain[cLen + aLen];
        boolean allNew = true;
        synchronized(cachedPDs) {
            if (!subject.isReadOnly() &&
                !subject.getPrincipals().equals(principalSet)) {
                // if the Subject was mutated, clear the PD cache
                Set< Principal > newSet = subject.getPrincipals();
                synchronized(newSet) {
                    principalSet = new java.util.HashSet< Principal >(newSet);
                }
                principals = principalSet.toArray
                        (new Principal[principalSet.size()]);
                cachedPDs.clear();
                if (debug != null) {
                    debug.println("Subject mutated - clearing cache");
                }
            }
            ProtectionDomain subjectPd;
            for (int i = 0; i <  cLen; i++) {
                ProtectionDomain pd = currentDomains[i];
                subjectPd = cachedPDs.getValue(pd);
                if (subjectPd == null) {
                    subjectPd = new ProtectionDomain(pd.getCodeSource(),
                                                pd.getPermissions(),
                                                pd.getClassLoader(),
                                                principals);
                    cachedPDs.putValue(pd, subjectPd);
                } else {
                    allNew = false;
                }
                newDomains[i] = subjectPd;
            }
        }
        if (debug != null) {
            debug.println("updated current: ");
            for (int i = 0; i <  cLen; i++) {
                debug.println("\tupdated[" + i + "] = " +
                                printDomain(newDomains[i]));
            }
        }
        // now add on the assigned domains
        if (aLen  > 0) {
            System.arraycopy(assignedDomains, 0, newDomains, cLen, aLen);
            // optimize the result (cached PDs might exist in assignedDomains)
            if (!allNew) {
                newDomains = optimize(newDomains);
            }
        }
        // if aLen == 0 || allNew, no need to further optimize newDomains
        if (debug != null) {
            if (newDomains == null || newDomains.length == 0) {
                debug.println("returning null");
            } else {
                debug.println("combinedDomains: ");
                for (int i = 0; i <  newDomains.length; i++) {
                    debug.println("newDomain " + i + ": " +
                                  printDomain(newDomains[i]));
                }
            }
        }
        // return the new ProtectionDomains
        if (newDomains == null || newDomains.length == 0) {
            return null;
        } else {
            return newDomains;
        }
}

Subject

SubjectDomainCombiner

A new ProtectionDomain instance is created for each ProtectionDomain in the currentDomains array. Each new ProtectionDomain instance is created using the CodeSource, Permissions and ClassLoader from the corresponding ProtectionDomain in currentDomains, as well as with the Principals from the Subject associated with this SubjectDomainCombiner.

All of the newly instantiated ProtectionDomains are combined into a new array. The ProtectionDomains from the assignedDomains array are appended to this new array, and the result is returned.

Note that optimizations such as the removal of duplicate ProtectionDomains may have occurred. In addition, caching of ProtectionDomains may be permitted.

 public Subject getSubject() {
        java.lang.SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(new AuthPermission
                ("getSubjectFromDomainCombiner"));
        }
        return subject;
}

Subject

SubjectDomainCombiner