/**
* Runs the code defined by {@code action} using the permissions granted to the {@code Subject}
* itself and to the code as well.
*
* @param subject the distinguished {@code Subject}.
* @param action the code to be run.
* @return the {@code Object} returned when running the {@code action}.
*/
@SuppressWarnings("unchecked")
public static <T> T doAs(Subject subject, PrivilegedAction<T> action) {
checkPermission(_AS);
return doAs_PrivilegedAction(subject, action, AccessController.getContext());
}
/**
* Run the code defined by {@code action} using the permissions granted to the {@code Subject} and
* to the code itself, additionally providing a more specific context.
*
* @param subject the distinguished {@code Subject}.
* @param action the code to be run.
* @param context the specific context in which the {@code action} is invoked. if {@code null} a
* new {@link AccessControlContext} is instantiated.
* @return the {@code Object} returned when running the {@code action}.
*/
@SuppressWarnings("unchecked")
public static <T> T doAsPrivileged(
Subject subject, PrivilegedAction<T> action, AccessControlContext context) {
checkPermission(_AS_PRIVILEGED);
if (context == null) {
return doAs_PrivilegedAction(
subject, action, new AccessControlContext(new ProtectionDomain[0]));
}
return doAs_PrivilegedAction(subject, action, context);
}
/**
* Returns the {@code Subject} that was last associated with the {@code context} provided as
* argument.
*
* @param context the {@code context} that was associated with the {@code Subject}.
* @return the {@code Subject} that was last associated with the {@code context} provided as
* argument.
*/
public static Subject getSubject(final AccessControlContext context) {
checkPermission(_SUBJECT);
if (context == null) {
throw new NullPointerException("AccessControlContext cannot be null");
}
PrivilegedAction<DomainCombiner> action =
new PrivilegedAction<DomainCombiner>() {
public DomainCombiner run() {
return context.getDomainCombiner();
}
};
DomainCombiner combiner = AccessController.doPrivileged(action);
if ((combiner == null) || !(combiner instanceof SubjectDomainCombiner)) {
return null;
}
return ((SubjectDomainCombiner) combiner).getSubject();
}
/**
* Prevents from modifications being done to the credentials and {@link Principal} sets. After
* setting it to read-only this {@code Subject} can not be made writable again. The destroy method
* on the credentials still works though.
*/
public void setReadOnly() {
checkPermission(_READ_ONLY);
readOnly = true;
}
