jdk/src/share/classes/java/security/DomainCombiner.java
author ohair
Tue, 25 May 2010 15:58:33 -0700
changeset 5506 202f599c92aa
parent 2 90ce3da70b43
child 18579 b678846778ad
permissions -rw-r--r--
6943119: Rebrand source copyright notices Reviewed-by: darcy, weijun
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     1
/*
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2
diff changeset
     2
 * Copyright (c) 1999, 2006, Oracle and/or its affiliates. All rights reserved.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load
duke
parents:
diff changeset
     4
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
     5
 * This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load
duke
parents:
diff changeset
     6
 * under the terms of the GNU General Public License version 2 only, as
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2
diff changeset
     7
 * published by the Free Software Foundation.  Oracle designates this
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
     8
 * particular file as subject to the "Classpath" exception as provided
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2
diff changeset
     9
 * by Oracle in the LICENSE file that accompanied this code.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    10
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    11
 * This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load
duke
parents:
diff changeset
    12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load
duke
parents:
diff changeset
    13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
90ce3da70b43 Initial load
duke
parents:
diff changeset
    14
 * version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load
duke
parents:
diff changeset
    15
 * accompanied this code).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    16
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    17
 * You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load
duke
parents:
diff changeset
    18
 * 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    20
 *
5506
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2
diff changeset
    21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2
diff changeset
    22
 * or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices
ohair
parents: 2
diff changeset
    23
 * questions.
2
90ce3da70b43 Initial load
duke
parents:
diff changeset
    24
 */
90ce3da70b43 Initial load
duke
parents:
diff changeset
    25
90ce3da70b43 Initial load
duke
parents:
diff changeset
    26
package java.security;
90ce3da70b43 Initial load
duke
parents:
diff changeset
    27
90ce3da70b43 Initial load
duke
parents:
diff changeset
    28
/**
90ce3da70b43 Initial load
duke
parents:
diff changeset
    29
 * A <code>DomainCombiner</code> provides a means to dynamically
90ce3da70b43 Initial load
duke
parents:
diff changeset
    30
 * update the ProtectionDomains associated with the current
90ce3da70b43 Initial load
duke
parents:
diff changeset
    31
 * <code>AccessControlContext</code>.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    32
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    33
 * <p> A <code>DomainCombiner</code> is passed as a parameter to the
90ce3da70b43 Initial load
duke
parents:
diff changeset
    34
 * appropriate constructor for <code>AccessControlContext</code>.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    35
 * The newly constructed context is then passed to the
90ce3da70b43 Initial load
duke
parents:
diff changeset
    36
 * <code>AccessController.doPrivileged(..., context)</code> method
90ce3da70b43 Initial load
duke
parents:
diff changeset
    37
 * to bind the provided context (and associated <code>DomainCombiner</code>)
90ce3da70b43 Initial load
duke
parents:
diff changeset
    38
 * with the current execution Thread.  Subsequent calls to
90ce3da70b43 Initial load
duke
parents:
diff changeset
    39
 * <code>AccessController.getContext</code> or
90ce3da70b43 Initial load
duke
parents:
diff changeset
    40
 * <code>AccessController.checkPermission</code>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    41
 * cause the <code>DomainCombiner.combine</code> to get invoked.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    42
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    43
 * <p> The combine method takes two arguments.  The first argument represents
90ce3da70b43 Initial load
duke
parents:
diff changeset
    44
 * an array of ProtectionDomains from the current execution Thread,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    45
 * since the most recent call to <code>AccessController.doPrivileged</code>.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    46
 * If no call to doPrivileged was made, then the first argument will contain
90ce3da70b43 Initial load
duke
parents:
diff changeset
    47
 * all the ProtectionDomains from the current execution Thread.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    48
 * The second argument represents an array of inherited ProtectionDomains,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    49
 * which may be <code>null</code>.  ProtectionDomains may be inherited
90ce3da70b43 Initial load
duke
parents:
diff changeset
    50
 * from a parent Thread, or from a privileged context.  If no call to
90ce3da70b43 Initial load
duke
parents:
diff changeset
    51
 * doPrivileged was made, then the second argument will contain the
90ce3da70b43 Initial load
duke
parents:
diff changeset
    52
 * ProtectionDomains inherited from the parent Thread.  If one or more calls
90ce3da70b43 Initial load
duke
parents:
diff changeset
    53
 * to doPrivileged were made, and the most recent call was to
90ce3da70b43 Initial load
duke
parents:
diff changeset
    54
 * doPrivileged(action, context), then the second argument will contain the
90ce3da70b43 Initial load
duke
parents:
diff changeset
    55
 * ProtectionDomains from the privileged context.  If the most recent call
90ce3da70b43 Initial load
duke
parents:
diff changeset
    56
 * was to doPrivileged(action), then there is no privileged context,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    57
 * and the second argument will be <code>null</code>.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    58
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    59
 * <p> The <code>combine</code> method investigates the two input arrays
90ce3da70b43 Initial load
duke
parents:
diff changeset
    60
 * of ProtectionDomains and returns a single array containing the updated
90ce3da70b43 Initial load
duke
parents:
diff changeset
    61
 * ProtectionDomains.  In the simplest case, the <code>combine</code>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    62
 * method merges the two stacks into one.  In more complex cases,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    63
 * the <code>combine</code> method returns a modified
90ce3da70b43 Initial load
duke
parents:
diff changeset
    64
 * stack of ProtectionDomains.  The modification may have added new
90ce3da70b43 Initial load
duke
parents:
diff changeset
    65
 * ProtectionDomains, removed certain ProtectionDomains, or simply
90ce3da70b43 Initial load
duke
parents:
diff changeset
    66
 * updated existing ProtectionDomains.  Re-ordering and other optimizations
90ce3da70b43 Initial load
duke
parents:
diff changeset
    67
 * to the ProtectionDomains are also permitted.  Typically the
90ce3da70b43 Initial load
duke
parents:
diff changeset
    68
 * <code>combine</code> method bases its updates on the information
90ce3da70b43 Initial load
duke
parents:
diff changeset
    69
 * encapsulated in the <code>DomainCombiner</code>.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    70
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    71
 * <p> After the <code>AccessController.getContext</code> method
90ce3da70b43 Initial load
duke
parents:
diff changeset
    72
 * receives the combined stack of ProtectionDomains back from
90ce3da70b43 Initial load
duke
parents:
diff changeset
    73
 * the <code>DomainCombiner</code>, it returns a new
90ce3da70b43 Initial load
duke
parents:
diff changeset
    74
 * AccessControlContext that has both the combined ProtectionDomains
90ce3da70b43 Initial load
duke
parents:
diff changeset
    75
 * as well as the <code>DomainCombiner</code>.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    76
 *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    77
 * @see AccessController
90ce3da70b43 Initial load
duke
parents:
diff changeset
    78
 * @see AccessControlContext
90ce3da70b43 Initial load
duke
parents:
diff changeset
    79
 * @since 1.3
90ce3da70b43 Initial load
duke
parents:
diff changeset
    80
 */
90ce3da70b43 Initial load
duke
parents:
diff changeset
    81
public interface DomainCombiner {
90ce3da70b43 Initial load
duke
parents:
diff changeset
    82
90ce3da70b43 Initial load
duke
parents:
diff changeset
    83
    /**
90ce3da70b43 Initial load
duke
parents:
diff changeset
    84
     * Modify or update the provided ProtectionDomains.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    85
     * ProtectionDomains may be added to or removed from the given
90ce3da70b43 Initial load
duke
parents:
diff changeset
    86
     * ProtectionDomains.  The ProtectionDomains may be re-ordered.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    87
     * Individual ProtectionDomains may be modified (with a new
90ce3da70b43 Initial load
duke
parents:
diff changeset
    88
     * set of Permissions, for example).
90ce3da70b43 Initial load
duke
parents:
diff changeset
    89
     *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    90
     * <p>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    91
     *
90ce3da70b43 Initial load
duke
parents:
diff changeset
    92
     * @param currentDomains the ProtectionDomains associated with the
90ce3da70b43 Initial load
duke
parents:
diff changeset
    93
     *          current execution Thread, up to the most recent
90ce3da70b43 Initial load
duke
parents:
diff changeset
    94
     *          privileged <code>ProtectionDomain</code>.
90ce3da70b43 Initial load
duke
parents:
diff changeset
    95
     *          The ProtectionDomains are are listed in order of execution,
90ce3da70b43 Initial load
duke
parents:
diff changeset
    96
     *          with the most recently executing <code>ProtectionDomain</code>
90ce3da70b43 Initial load
duke
parents:
diff changeset
    97
     *          residing at the beginning of the array. This parameter may
90ce3da70b43 Initial load
duke
parents:
diff changeset
    98
     *          be <code>null</code> if the current execution Thread
90ce3da70b43 Initial load
duke
parents:
diff changeset
    99
     *          has no associated ProtectionDomains.<p>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   100
     *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   101
     * @param assignedDomains an array of inherited ProtectionDomains.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   102
     *          ProtectionDomains may be inherited from a parent Thread,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   103
     *          or from a privileged <code>AccessControlContext</code>.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   104
     *          This parameter may be <code>null</code>
90ce3da70b43 Initial load
duke
parents:
diff changeset
   105
     *          if there are no inherited ProtectionDomains.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   106
     *
90ce3da70b43 Initial load
duke
parents:
diff changeset
   107
     * @return a new array consisting of the updated ProtectionDomains,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   108
     *          or <code>null</code>.
90ce3da70b43 Initial load
duke
parents:
diff changeset
   109
     */
90ce3da70b43 Initial load
duke
parents:
diff changeset
   110
    ProtectionDomain[] combine(ProtectionDomain[] currentDomains,
90ce3da70b43 Initial load
duke
parents:
diff changeset
   111
                                ProtectionDomain[] assignedDomains);
90ce3da70b43 Initial load
duke
parents:
diff changeset
   112
}