/** * Runs the code defined by {@code action} using the permissions granted to the {@code Subject} * itself and to the code as well. * * @param subject the distinguished {@code Subject}. * @param action the code to be run. * @return the {@code Object} returned when running the {@code action}. */ @SuppressWarnings("unchecked") public static <T> T doAs(Subject subject, PrivilegedAction<T> action) { checkPermission(_AS); return doAs_PrivilegedAction(subject, action, AccessController.getContext()); }
/** * Run the code defined by {@code action} using the permissions granted to the {@code Subject} and * to the code itself, additionally providing a more specific context. * * @param subject the distinguished {@code Subject}. * @param action the code to be run. * @param context the specific context in which the {@code action} is invoked. if {@code null} a * new {@link AccessControlContext} is instantiated. * @return the {@code Object} returned when running the {@code action}. */ @SuppressWarnings("unchecked") public static <T> T doAsPrivileged( Subject subject, PrivilegedAction<T> action, AccessControlContext context) { checkPermission(_AS_PRIVILEGED); if (context == null) { return doAs_PrivilegedAction( subject, action, new AccessControlContext(new ProtectionDomain[0])); } return doAs_PrivilegedAction(subject, action, context); }
/** * Returns the {@code Subject} that was last associated with the {@code context} provided as * argument. * * @param context the {@code context} that was associated with the {@code Subject}. * @return the {@code Subject} that was last associated with the {@code context} provided as * argument. */ public static Subject getSubject(final AccessControlContext context) { checkPermission(_SUBJECT); if (context == null) { throw new NullPointerException("AccessControlContext cannot be null"); } PrivilegedAction<DomainCombiner> action = new PrivilegedAction<DomainCombiner>() { public DomainCombiner run() { return context.getDomainCombiner(); } }; DomainCombiner combiner = AccessController.doPrivileged(action); if ((combiner == null) || !(combiner instanceof SubjectDomainCombiner)) { return null; } return ((SubjectDomainCombiner) combiner).getSubject(); }
/** * Prevents from modifications being done to the credentials and {@link Principal} sets. After * setting it to read-only this {@code Subject} can not be made writable again. The destroy method * on the credentials still works though. */ public void setReadOnly() { checkPermission(_READ_ONLY); readOnly = true; }