1 /* 2 * @(#)DomainCombiner.java 1.7 03/12/19 3 * 4 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 5 * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. 6 */ 7 8 package java.security; 9 10 /** 11 * A <code>DomainCombiner</code> provides a means to dynamically 12 * update the ProtectionDomains associated with the current 13 * <code>AccessControlContext</code>. 14 * 15 * <p> A <code>DomainCombiner</code> is passed as a parameter to the 16 * appropriate constructor for <code>AccessControlContext</code>. 17 * The newly constructed context is then passed to the 18 * <code>AccessController.doPrivileged(..., context)</code> method 19 * to bind the provided context (and associated <code>DomainCombiner</code>) 20 * with the current execution Thread. Subsequent calls to 21 * <code>AccessController.getContext</code> or 22 * <code>AccessController.checkPermission</code> 23 * cause the <code>DomainCombiner.combine</code> to get invoked. 24 * 25 * <p> The combine method takes two arguments. The first argument represents 26 * an array of ProtectionDomains from the current execution Thread, 27 * since the most recent call to <code>AccessController.doPrivileged</code>. 28 * If no call to doPrivileged was made, then the first argument will contain 29 * all the ProtectionDomains from the current execution Thread. 30 * The second argument represents an array of inherited ProtectionDomains, 31 * which may be <code>null</code>. ProtectionDomains may be inherited 32 * from a parent Thread, or from a privileged context. If no call to 33 * doPrivileged was made, then the second argument will contain the 34 * ProtectionDomains inherited from the parent Thread. If one or more calls 35 * to doPrivileged were made, and the most recent call was to 36 * doPrivileged(action, context), then the second argument will contain the 37 * ProtectionDomains from the privileged context. If the most recent call 38 * was to doPrivileged(action), then there is no privileged context, 39 * and the second argument will be <code>null</code>. 40 * 41 * <p> The <code>combine</code> method investigates the two input arrays 42 * of ProtectionDomains and returns a single array containing the updated 43 * ProtectionDomains. In the simplest case, the <code>combine</code> 44 * method merges the two stacks into one. In more complex cases, 45 * the <code>combine</code> method returns a modified 46 * stack of ProtectionDomains. The modification may have added new 47 * ProtectionDomains, removed certain ProtectionDomains, or simply 48 * updated existing ProtectionDomains. Re-ordering and other optimizations 49 * to the ProtectionDomains are also permitted. Typically the 50 * <code>combine</code> method bases its updates on the information 51 * encapsulated in the <code>DomainCombiner</code>. 52 * 53 * <p> After the <code>AccessController.getContext</code> method 54 * receives the combined stack of ProtectionDomains back from 55 * the <code>DomainCombiner</code>, it returns a new 56 * AccessControlContext that has both the combined ProtectionDomains 57 * as well as the <code>DomainCombiner</code>. 58 * 59 * @see AccessController 60 * @see AccessControlContext 61 * @version 1.7, 12/19/03 62 */ 63 public interface DomainCombiner { 64 65 /** 66 * Modify or update the provided ProtectionDomains. 67 * ProtectionDomains may be added to or removed from the given 68 * ProtectionDomains. The ProtectionDomains may be re-ordered. 69 * Individual ProtectionDomains may be may be modified (with a new 70 * set of Permissions, for example). 71 * 72 * <p> 73 * 74 * @param currentDomains the ProtectionDomains associated with the 75 * current execution Thread, up to the most recent 76 * privileged <code>ProtectionDomain</code>. 77 * The ProtectionDomains are are listed in order of execution, 78 * with the most recently executing <code>ProtectionDomain</code> 79 * residing at the beginning of the array. This parameter may 80 * be <code>null</code> if the current execution Thread 81 * has no associated ProtectionDomains.<p> 82 * 83 * @param assignedDomains an array of inherited ProtectionDomains. 84 * ProtectionDomains may be inherited from a parent Thread, 85 * or from a privileged <code>AccessControlContext</code>. 86 * This parameter may be <code>null</code> 87 * if there are no inherited ProtectionDomains. 88 * 89 * @return a new array consisting of the updated ProtectionDomains, 90 * or <code>null</code>. 91 */ 92 ProtectionDomain[] combine(ProtectionDomain[] currentDomains, 93 ProtectionDomain[] assignedDomains); 94 } 95