A DomainCombiner provides a means to dynamically
update the ProtectionDomains associated with the current
AccessControlContext.
A DomainCombiner is passed as a parameter to the
appropriate constructor for AccessControlContext.
The newly constructed context is then passed to the
AccessController.doPrivileged(..., context) method
to bind the provided context (and associated DomainCombiner)
with the current execution Thread. Subsequent calls to
AccessController.getContext or
AccessController.checkPermission
cause the DomainCombiner.combine to get invoked.
The combine method takes two arguments.
The ProtectionDomains on the current execution Thread, since the
most recent call to AccessController.doPrivileged,
get passed to the first argument in an array.
If no call to doPrivileged was made, then all the
ProtectionDomains from the current execution Thread get passed
to the first argument. The ProtectionDomains inherited
from the parent Thread get passed to the second argument,
unless a call to doPrivileged(..., context)
had occurred. In that case, the ProtectionDomains from the
privileged context are passed to the second argument.
The combine method investigates the two input arrays
of ProtectionDomains and returns a single array containing the updated
ProtectionDomains. In the simplest case, the combine
method merges the two stacks into one. In more complex cases,
the combine method returns a modified
stack of ProtectionDomains. The modification may have added new
ProtectionDomains, removed certain ProtectionDomains, or simply
updated existing ProtectionDomains. Re-ordering and other optimizations
to the ProtectionDomains are also permitted. Typically the
combine method bases its updates on the information
encapsulated in the DomainCombiner.
After the AccessController.getContext method
receives the combined stack of ProtectionDomains back from
the DomainCombiner, it returns a new
AccessControlContext that has both the combined ProtectionDomains
as well as the DomainCombiner.
Modify or update the provided ProtectionDomains.
ProtectionDomains may be added to or removed from the given
ProtectionDomains. The ProtectionDomains may be re-ordered.
Individual ProtectionDomains may be may be modified (with a new
set of Permissions, for example).
Parameters:
currentDomains - the ProtectionDomains associated with the
current execution Thread, up to the most recent
privileged ProtectionDomain.
The ProtectionDomains are are listed in order of execution,
with the most recently executing ProtectionDomain
residing at the beginning of the array. This parameter may
be null if the current execution Thread
has no associated ProtectionDomains.
assignedDomains - the ProtectionDomains inherited from the
parent Thread, or the ProtectionDomains from the
privileged context, if a call to
AccessController.doPrivileged(..., context)
had occurred This parameter may be null
if there were no ProtectionDomains inherited from the
parent Thread, or from the privileged context.
Returns:
a new array consisting of the updated ProtectionDomains,
or null.
Submit a bug or feature For further API reference and developer documentation, see Java 2 SDK SE Developer Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.
Java, Java 2D, and JDBC are trademarks or registered trademarks of Sun Microsystems, Inc. in the US and other countries. Copyright 1993-2001 Sun Microsystems, Inc. 901 San Antonio Road Palo Alto, California, 94303, U.S.A. All Rights Reserved.