Examples of java.security.DomainCombiner

• java.security.DomainCombiner
  A DomainCombiner provides a means to dynamically update the ProtectionDomains associated with the current AccessControlContext.

  A DomainCombiner is passed as a parameter to the appropriate constructor for AccessControlContext. The newly constructed context is then passed to the AccessController.doPrivileged(..., context) method to bind the provided context (and associated DomainCombiner) with the current execution Thread. Subsequent calls to AccessController.getContext or AccessController.checkPermission cause the DomainCombiner.combine to get invoked.

  The combine method takes two arguments. The first argument represents an array of ProtectionDomains from the current execution Thread, since the most recent call to AccessController.doPrivileged. If no call to doPrivileged was made, then the first argument will contain all the ProtectionDomains from the current execution Thread. The second argument represents an array of inherited ProtectionDomains, which may be null. ProtectionDomains may be inherited from a parent Thread, or from a privileged context. If no call to doPrivileged was made, then the second argument will contain the ProtectionDomains inherited from the parent Thread. If one or more calls to doPrivileged were made, and the most recent call was to doPrivileged(action, context), then the second argument will contain the ProtectionDomains from the privileged context. If the most recent call was to doPrivileged(action), then there is no privileged context, and the second argument will be null.

  The combine method investigates the two input arrays of ProtectionDomains and returns a single array containing the updated ProtectionDomains. In the simplest case, the combine method merges the two stacks into one. In more complex cases, the combine method returns a modified stack of ProtectionDomains. The modification may have added new ProtectionDomains, removed certain ProtectionDomains, or simply updated existing ProtectionDomains. Re-ordering and other optimizations to the ProtectionDomains are also permitted. Typically the combine method bases its updates on the information encapsulated in the DomainCombiner.

  After the AccessController.getContext method receives the combined stack of ProtectionDomains back from the DomainCombiner, it returns a new AccessControlContext that has both the combined ProtectionDomains as well as the DomainCombiner. @see AccessController @see AccessControlContext @version 1.9, 04/07/06 @since 1.3

        PrivilegedAction<DomainCombiner> action = new PrivilegedAction<DomainCombiner>() {
            public DomainCombiner run() {
                return context.getDomainCombiner();
            }
        };
        DomainCombiner combiner = AccessController.doPrivileged(action);

        if ((combiner == null) || !(combiner instanceof SubjectDomainCombiner)) {
            return null;
        }
        return ((SubjectDomainCombiner) combiner).getSubject();

        }
    }

    private AccessControlContext createAccessControlContext() {
        return new AccessControlContext(AccessController.getContext(),
                new DomainCombiner() {
                    public ProtectionDomain[] combine(ProtectionDomain[] arg0,
                                                      ProtectionDomain[] arg1) {
                        return new ProtectionDomain[] { new ProtectionDomain(null, null) {
                            public boolean implies(Permission permission) {
                                return bundleContext.getBundle().hasPermission(permission);

        }
    }

    private AccessControlContext createAccessControlContext() {
        return new AccessControlContext(AccessController.getContext(),
                new DomainCombiner() {
                    public ProtectionDomain[] combine(ProtectionDomain[] arg0,
                                                      ProtectionDomain[] arg1) {
                        return new ProtectionDomain[] { new ProtectionDomain(null, null) {
                            public boolean implies(Permission permission) {
                                return bundleContext.getBundle().hasPermission(permission);

     * Case 0: If no Config provided by user, then LoginContext uses
     * its own context to invoke LoginModule's methods.
     */
    public void testContextUsage_0() throws Exception {
        Subject dummySubj = new Subject();
        final DomainCombiner dc = new SubjectDomainCombiner(dummySubj);
        AccessControlContext acc = new AccessControlContext(AccessController
                .getContext(), dc);
        PrivilegedExceptionAction<Void> action = new PrivilegedExceptionAction<Void>() {
            public Void run() throws Exception {
                implTestContextUsage(true, dc);

     * uses stored user's context and performs all call to LoginModule's
     * methods in that context.
     */
    public void testContextUsage_1() throws Exception {
        Subject dummySubj = new Subject();
        final DomainCombiner dc = new SubjectDomainCombiner(dummySubj);
        AccessControlContext acc = new AccessControlContext(AccessController
                .getContext(), dc);
        PrivilegedExceptionAction<Void> action = new PrivilegedExceptionAction<Void>() {
            public Void run() throws Exception {
                implTestContextUsage(false, dc);

            fail("must not pass here");
        } catch (LoginException _) {
            // gut
        }

        DomainCombiner match = useInstalledConfig ? null : dc;
        //
        if (checkModuleStatic) {
            assertSame(TestLoginModule_Contexted.accStatic.getDomainCombiner(),
                    match);
        }

        // return the Subject from the DomainCombiner of the provided context
        return AccessController.doPrivileged
            (new java.security.PrivilegedAction<Subject>() {
            public Subject run() {
                DomainCombiner dc = acc.getDomainCombiner();
                if (!(dc instanceof SubjectDomainCombiner))
                    return null;
                SubjectDomainCombiner sdc = (SubjectDomainCombiner)dc;
                return sdc.getSubject();
            }

        PrivilegedAction<DomainCombiner> action = new PrivilegedAction<DomainCombiner>() {
            public DomainCombiner run() {
                return context.getDomainCombiner();
            }
        };
        DomainCombiner combiner = AccessController.doPrivileged(action);

        if ((combiner == null) || !(combiner instanceof SubjectDomainCombiner)) {
            return null;
        }
        return ((SubjectDomainCombiner) combiner).getSubject();

                            throw new RuntimeException(throwable);
                        }
                    }
                    return null;
                }
            }, new AccessControlContext(getContext(), new DomainCombiner() {
                @Override
                public ProtectionDomain[] combine(final ProtectionDomain[] currentDomains, final ProtectionDomain[] assignedDomains) {
                    return assignedDomains;
                }
            }));

                            errors.add(e);
                        }
                    }
                    return null;
                }
            }, new AccessControlContext(getContext(), new DomainCombiner() {
                @Override
                public ProtectionDomain[] combine(final ProtectionDomain[] currentDomains, final ProtectionDomain[] assignedDomains) {
                    return assignedDomains;
                }
            }));