Path: blob/master/src/java.base/share/classes/java/security/DomainCombiner.java
41152 views
/*1* Copyright (c) 1999, 2021, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package java.security;2627/**28* A {@code DomainCombiner} provides a means to dynamically29* update the ProtectionDomains associated with the current30* {@code AccessControlContext}.31*32* <p> A {@code DomainCombiner} is passed as a parameter to the33* appropriate constructor for {@code AccessControlContext}.34* The newly constructed context is then passed to the35* {@code AccessController.doPrivileged(..., context)} method36* to bind the provided context (and associated {@code DomainCombiner})37* with the current execution Thread. Subsequent calls to38* {@code AccessController.getContext} or39* {@code AccessController.checkPermission}40* cause the {@code DomainCombiner.combine} to get invoked.41*42* <p> The combine method takes two arguments. The first argument represents43* an array of ProtectionDomains from the current execution Thread,44* since the most recent call to {@code AccessController.doPrivileged}.45* If no call to doPrivileged was made, then the first argument will contain46* all the ProtectionDomains from the current execution Thread.47* The second argument represents an array of inherited ProtectionDomains,48* which may be {@code null}. ProtectionDomains may be inherited49* from a parent Thread, or from a privileged context. If no call to50* doPrivileged was made, then the second argument will contain the51* ProtectionDomains inherited from the parent Thread. If one or more calls52* to doPrivileged were made, and the most recent call was to53* doPrivileged(action, context), then the second argument will contain the54* ProtectionDomains from the privileged context. If the most recent call55* was to doPrivileged(action), then there is no privileged context,56* and the second argument will be {@code null}.57*58* <p> The {@code combine} method investigates the two input arrays59* of ProtectionDomains and returns a single array containing the updated60* ProtectionDomains. In the simplest case, the {@code combine}61* method merges the two stacks into one. In more complex cases,62* the {@code combine} method returns a modified63* stack of ProtectionDomains. The modification may have added new64* ProtectionDomains, removed certain ProtectionDomains, or simply65* updated existing ProtectionDomains. Re-ordering and other optimizations66* to the ProtectionDomains are also permitted. Typically the67* {@code combine} method bases its updates on the information68* encapsulated in the {@code DomainCombiner}.69*70* <p> After the {@code AccessController.getContext} method71* receives the combined stack of ProtectionDomains back from72* the {@code DomainCombiner}, it returns a new73* AccessControlContext that has both the combined ProtectionDomains74* as well as the {@code DomainCombiner}.75*76* @see AccessController77* @see AccessControlContext78* @since 1.379* @deprecated This class is only useful in conjunction with80* {@linkplain SecurityManager the Security Manager}, which is deprecated81* and subject to removal in a future release. Consequently, this class82* is also deprecated and subject to removal. There is no replacement for83* the Security Manager or this class.84*/85@Deprecated(since="17", forRemoval=true)86public interface DomainCombiner {8788/**89* Modify or update the provided ProtectionDomains.90* ProtectionDomains may be added to or removed from the given91* ProtectionDomains. The ProtectionDomains may be re-ordered.92* Individual ProtectionDomains may be modified (with a new93* set of Permissions, for example).94*95* @param currentDomains the ProtectionDomains associated with the96* current execution Thread, up to the most recent97* privileged {@code ProtectionDomain}.98* The ProtectionDomains are listed in order of execution,99* with the most recently executing {@code ProtectionDomain}100* residing at the beginning of the array. This parameter may101* be {@code null} if the current execution Thread102* has no associated ProtectionDomains.103*104* @param assignedDomains an array of inherited ProtectionDomains.105* ProtectionDomains may be inherited from a parent Thread,106* or from a privileged {@code AccessControlContext}.107* This parameter may be {@code null}108* if there are no inherited ProtectionDomains.109*110* @return a new array consisting of the updated ProtectionDomains,111* or {@code null}.112*/113ProtectionDomain[] combine(ProtectionDomain[] currentDomains,114ProtectionDomain[] assignedDomains);115}116117118