tomee-8.0/javadoc/javax/resource/spi/work/SecurityContext.html - tomee-site-pub - Git at Google

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!-- NewPage -->
 <html lang="en">
 <head>
 <title>SecurityContext</title>
 <link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
 <script type="text/javascript" src="../../../../script.js"></script>
 </head>
 <body>
 <script type="text/javascript"><!--
     try {
         if (location.href.indexOf('is-external=true') == -1) {
             parent.document.title="SecurityContext";
         }
     }
     catch(err) {
     }
 //-->
 var methods = {"i0":10,"i1":10,"i2":6};
 var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],4:["t3","Abstract Methods"],8:["t4","Concrete Methods"]};
 var altColor = "altColor";
 var rowColor = "rowColor";
 var tableTab = "tableTab";
 var activeTableTab = "activeTableTab";
 </script>
 <noscript>
 <div>JavaScript is disabled on your browser.</div>
 </noscript>
 <!-- ========= START OF TOP NAVBAR ======= -->
 <div class="topNav"><a name="navbar.top">
 <!--   -->
 </a>
 <div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
 <a name="navbar.top.firstrow">
 <!--   -->
 </a>
 <ul class="navList" title="Navigation">
 <li><a href="../../../../overview-summary.html">Overview</a></li>
 <li><a href="package-summary.html">Package</a></li>
 <li class="navBarCell1Rev">Class</li>
 <li><a href="package-tree.html">Tree</a></li>
 <li><a href="../../../../deprecated-list.html">Deprecated</a></li>
 <li><a href="../../../../index-all.html">Index</a></li>
 <li><a href="../../../../help-doc.html">Help</a></li>
 </ul>
 </div>
 <div class="subNav">
 <ul class="navList">
 <li><a href="../../../../javax/resource/spi/work/RetryableWorkRejectedException.html" title="class in javax.resource.spi.work"><span class="typeNameLink">Prev&nbsp;Class</span></a></li>
 <li><a href="../../../../javax/resource/spi/work/TransactionContext.html" title="class in javax.resource.spi.work"><span class="typeNameLink">Next&nbsp;Class</span></a></li>
 </ul>
 <ul class="navList">
 <li><a href="../../../../index.html?javax/resource/spi/work/SecurityContext.html" target="_top">Frames</a></li>
 <li><a href="SecurityContext.html" target="_top">No&nbsp;Frames</a></li>
 </ul>
 <ul class="navList" id="allclasses_navbar_top">
 <li><a href="../../../../allclasses-noframe.html">All&nbsp;Classes</a></li>
 </ul>
 <div>
 <script type="text/javascript"><!--
   allClassesLink = document.getElementById("allclasses_navbar_top");
   if(window==top) {
     allClassesLink.style.display = "block";
   }
   else {
     allClassesLink.style.display = "none";
   }
   //-->
 </script>
 </div>
 <div>
 <ul class="subNavList">
 <li>Summary:&nbsp;</li>
 <li>Nested&nbsp;|&nbsp;</li>
 <li>Field&nbsp;|&nbsp;</li>
 <li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
 <li><a href="#method.summary">Method</a></li>
 </ul>
 <ul class="subNavList">
 <li>Detail:&nbsp;</li>
 <li>Field&nbsp;|&nbsp;</li>
 <li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
 <li><a href="#method.detail">Method</a></li>
 </ul>
 </div>
 <a name="skip.navbar.top">
 <!--   -->
 </a></div>
 <!-- ========= END OF TOP NAVBAR ========= -->
 <!-- ======== START OF CLASS DATA ======== -->
 <div class="header">
 <div class="subTitle">javax.resource.spi.work</div>
 <h2 title="Class SecurityContext" class="title">Class SecurityContext</h2>
 </div>
 <div class="contentContainer">
 <ul class="inheritance">
 <li>java.lang.Object</li>
 <li>
 <ul class="inheritance">
 <li>javax.resource.spi.work.SecurityContext</li>
 </ul>
 </li>
 </ul>
 <div class="description">
 <ul class="blockList">
 <li class="blockList">
 <dl>
 <dt>All Implemented Interfaces:</dt>
 <dd>java.io.Serializable, <a href="../../../../javax/resource/spi/work/WorkContext.html" title="interface in javax.resource.spi.work">WorkContext</a></dd>
 </dl>
 <hr>
 <br>
 <pre>public abstract class <span class="typeNameLabel">SecurityContext</span>
 extends java.lang.Object
 implements <a href="../../../../javax/resource/spi/work/WorkContext.html" title="interface in javax.resource.spi.work">WorkContext</a></pre>
 <div class="block">A standard <a href="../../../../javax/resource/spi/work/WorkContext.html" title="interface in javax.resource.spi.work"><code>WorkContext</code></a> that allows a <a href="../../../../javax/resource/spi/work/Work.html" title="interface in javax.resource.spi.work"><code>Work</code></a>
  instance to propagate security related context information from an EIS to an
  application server.
  <p>


  This allows an EIS/resource adapter to flow-in security context information
  and execute a Work instance, and call methods on a MessageEndpoint interface,
  to effect message inflow, within that Work instance, in the context of an
  established identity.
  <p>


  A resource adapter indicates to the WorkManager, that a Work instance needs
  to be run in a specified security execution context by submitting a Work
  instance that implements WorkContextProvider interface and ensuring that the
  List of WorkContexts for that Work instance contains an instance of its
  subclass of Securitytext.
  <p>


  It should be noted however that when a resource adapter flows-in an identity
  to be used by the application server, the propagated identity may or may not
  belong to the application server's security domain.
  <p>


  There are therefore, two scenarios while a resource adapter propagates a
  security identity from an EIS to the application server:
  <p>

  <ul>
  <li>Case 1: Resource adapter flows-in an identity in the application server's
  security domain: In this case, the application server could just set the
  initiating principal, flown-in from the resource adapter, as the security
  context the Work instance executes as.</li>
  <li>Case 2: Resource adapter flows-in an identity belonging to the EIS'
  security domain: The resource adapter establishes a connection to the EIS and
  needs to perform a Work in the context of an EIS identity. In this case, the
  initiating or caller principal does not exist in the application server's
  security domain and a translation from one domain to the other needs to be
  performed.</li>
  </ul>
  <p></div>
 <dl>
 <dt><span class="simpleTagLabel">Since:</span></dt>
 <dd>1.6</dd>
 <dt><span class="seeLabel">See Also:</span></dt>
 <dd><a href="../../../../javax/resource/spi/work/WorkContextProvider.html" title="interface in javax.resource.spi.work"><code>WorkContextProvider</code></a>,
 <a href="../../../../serialized-form.html#javax.resource.spi.work.SecurityContext">Serialized Form</a></dd>
 </dl>
 </li>
 </ul>
 </div>
 <div class="summary">
 <ul class="blockList">
 <li class="blockList">
 <!-- ======== CONSTRUCTOR SUMMARY ======== -->
 <ul class="blockList">
 <li class="blockList"><a name="constructor.summary">
 <!--   -->
 </a>
 <h3>Constructor Summary</h3>
 <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation">
 <caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
 <tr>
 <th class="colOne" scope="col">Constructor and Description</th>
 </tr>
 <tr class="altColor">
 <td class="colOne"><code><span class="memberNameLink"><a href="../../../../javax/resource/spi/work/SecurityContext.html#SecurityContext--">SecurityContext</a></span>()</code>&nbsp;</td>
 </tr>
 </table>
 </li>
 </ul>
 <!-- ========== METHOD SUMMARY =========== -->
 <ul class="blockList">
 <li class="blockList"><a name="method.summary">
 <!--   -->
 </a>
 <h3>Method Summary</h3>
 <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
 <caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t3" class="tableTab"><span><a href="javascript:show(4);">Abstract Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
 <tr>
 <th class="colFirst" scope="col">Modifier and Type</th>
 <th class="colLast" scope="col">Method and Description</th>
 </tr>
 <tr id="i0" class="altColor">
 <td class="colFirst"><code>java.lang.String</code></td>
 <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/resource/spi/work/SecurityContext.html#getDescription--">getDescription</a></span>()</code>
 <div class="block">Get the brief description of the role played by the
  <code>WorkContext</code> and any other related debugging information.</div>
 </td>
 </tr>
 <tr id="i1" class="rowColor">
 <td class="colFirst"><code>java.lang.String</code></td>
 <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/resource/spi/work/SecurityContext.html#getName--">getName</a></span>()</code>
 <div class="block">Get the associated name of the <code>WorkContext</code>.</div>
 </td>
 </tr>
 <tr id="i2" class="altColor">
 <td class="colFirst"><code>abstract void</code></td>
 <td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/resource/spi/work/SecurityContext.html#setupSecurityContext-javax.security.auth.callback.CallbackHandler-javax.security.auth.Subject-javax.security.auth.Subject-">setupSecurityContext</a></span>(javax.security.auth.callback.CallbackHandler&nbsp;handler,
                     javax.security.auth.Subject&nbsp;executionSubject,
                     javax.security.auth.Subject&nbsp;serviceSubject)</code>
 <div class="block">The container calls this method to set up the security Context for the
  <code>Work</code> instance.</div>
 </td>
 </tr>
 </table>
 <ul class="blockList">
 <li class="blockList"><a name="methods.inherited.from.class.java.lang.Object">
 <!--   -->
 </a>
 <h3>Methods inherited from class&nbsp;java.lang.Object</h3>
 <code>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</code></li>
 </ul>
 </li>
 </ul>
 </li>
 </ul>
 </div>
 <div class="details">
 <ul class="blockList">
 <li class="blockList">
 <!-- ========= CONSTRUCTOR DETAIL ======== -->
 <ul class="blockList">
 <li class="blockList"><a name="constructor.detail">
 <!--   -->
 </a>
 <h3>Constructor Detail</h3>
 <a name="SecurityContext--">
 <!--   -->
 </a>
 <ul class="blockListLast">
 <li class="blockList">
 <h4>SecurityContext</h4>
 <pre>public&nbsp;SecurityContext()</pre>
 </li>
 </ul>
 </li>
 </ul>
 <!-- ============ METHOD DETAIL ========== -->
 <ul class="blockList">
 <li class="blockList"><a name="method.detail">
 <!--   -->
 </a>
 <h3>Method Detail</h3>
 <a name="getDescription--">
 <!--   -->
 </a>
 <ul class="blockList">
 <li class="blockList">
 <h4>getDescription</h4>
 <pre>public&nbsp;java.lang.String&nbsp;getDescription()</pre>
 <div class="block">Get the brief description of the role played by the
  <code>WorkContext</code> and any other related debugging information.
  This could be used by the WorkManager and the resource adapter for
  debugging purposes.
  <p></div>
 <dl>
 <dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
 <dd><code><a href="../../../../javax/resource/spi/work/WorkContext.html#getDescription--">getDescription</a></code>&nbsp;in interface&nbsp;<code><a href="../../../../javax/resource/spi/work/WorkContext.html" title="interface in javax.resource.spi.work">WorkContext</a></code></dd>
 <dt><span class="returnLabel">Returns:</span></dt>
 <dd>the associated description of the <code>WorkContext</code></dd>
 </dl>
 </li>
 </ul>
 <a name="getName--">
 <!--   -->
 </a>
 <ul class="blockList">
 <li class="blockList">
 <h4>getName</h4>
 <pre>public&nbsp;java.lang.String&nbsp;getName()</pre>
 <div class="block">Get the associated name of the <code>WorkContext</code>. This could be
  used by the WorkManager and the resource adapter for debugging purposes.
  <p></div>
 <dl>
 <dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
 <dd><code><a href="../../../../javax/resource/spi/work/WorkContext.html#getName--">getName</a></code>&nbsp;in interface&nbsp;<code><a href="../../../../javax/resource/spi/work/WorkContext.html" title="interface in javax.resource.spi.work">WorkContext</a></code></dd>
 <dt><span class="returnLabel">Returns:</span></dt>
 <dd>the associated name of the <code>WorkContext</code></dd>
 </dl>
 </li>
 </ul>
 <a name="setupSecurityContext-javax.security.auth.callback.CallbackHandler-javax.security.auth.Subject-javax.security.auth.Subject-">
 <!--   -->
 </a>
 <ul class="blockListLast">
 <li class="blockList">
 <h4>setupSecurityContext</h4>
 <pre>public abstract&nbsp;void&nbsp;setupSecurityContext(javax.security.auth.callback.CallbackHandler&nbsp;handler,
                                           javax.security.auth.Subject&nbsp;executionSubject,
                                           javax.security.auth.Subject&nbsp;serviceSubject)</pre>
 <div class="block">The container calls this method to set up the security Context for the
  <code>Work</code> instance.
  <p>

  The handler argument must not be null, and the argument handler and the
  <code>CallbackHandler</code> passed to this method must support the
  following <code>Callback</code>s defined in JSR 196: Java Authentication
  SPI for Containers specification:
  <p>
  <ul>
  <li>CallerPrincipalCallback</li>
  <li>GroupPrincipalCallback</li>
  <li>PasswordValidationCallback</li>
  </ul>
  <p>
  The following <code>Callback</code>s may be supported by the container.
  <p>
  <ul>
  <li>CertStoreCallback</li>
  <li>PrivateKeyCallback</li>
  <li>SecretKeyCallback</li>
  <li>TrustStoreCallback</li>
  </ul>
  <p>

  A resource adapter might use the <code>CallerPrincipalCallback</code> "to
  set the container's representation of the caller principal. The
  CallbackHandler must establish the argument Principal as the caller
  principal associated with the invocation being processed by the
  container. When the argument Principal is null, the handler will
  establish the container's representation of the unauthenticated caller
  principal."
  <p>

  A resource adapter might use the <code>GroupPrincipalCallback</code> "to
  establish the container's representation of the corresponding group
  principals within the Subject. When a null value is passed to the groups
  argument, the handler will establish the container's representation of no
  group principals within the Subject. Otherwise, the handler's processing
  of this callback is additive, yielding the union (without duplicates) of
  the principals existing within the Subject, and those created with the
  names occurring within the argument array. The CallbackHandler will
  define the type of the created principals."
  <p>

  A resource adapter might use the <code>PasswordValidationCallback</code>
  "to employ the password validation facilities of its containing runtime."
  <p>

  The executionSubject argument must be non-null and it must not be
  read-only. It is expected that this method will populate this
  executionSubject with principals and credentials that would be flown into
  the application server.
  <p>

  The serviceSubject argument may be null, and when it is not null it must not be
  read-only. It represents the application server and it may be used by the
  Work implementation to retrieve Principals and credentials necessary to
  establish a connection to the EIS (in the cause of mutual-auth like
  scenarios). If the Subject is not null, the Work implementation may
  collect the server credentials, as necessary, by using the callback
  handler passed to them .
  <p>


  When this method is called, the method implementation
  <ul>
  <li>identifies the security context that needs to be flown-in to the
  application server to serve as the execution context of the Work
  instance.</li>
  <li>populates the executionSubject with the EIS Principals and
  Credentials that it wants to serve as the security context for the Work
  instance to be executed in.</li>
  <li>adds instances of the necessary Callbacks , usually a subset of the
  ones listed above, to an array and invokes the handle() method in the
  container's CallbackHandler implementation passing in the array of
  Callback instances.</li>
  <li>on successful return from the CallbackHandler.handle() method the
  setSecurityContext returns after ensuring that the executionSubject is
  populated with the valid Principals and Credentials that represent the
  execution context of the Work instance</li>
  </ul>
  <p></div>
 <dl>
 <dt><span class="paramLabel">Parameters:</span></dt>
 <dd><code>handler</code> - A <code>CallbackHandler</code> provided by the
             <code>WorkManager</code> that supports the
             <code>Callback</code>s described above</dd>
 <dd><code>executionSubject</code> - A Subject that represents the security identity that needs to
             be established as the context for the <code>Work</code>
             instance. It is used by the method implementation to store
             Principals and credentials that needs to be used as the
             security context of the <code>Work</code> instance.</dd>
 <dd><code>serviceSubject</code> - A Subject that represents the application server It may be
             used by the method implementation as the source of Principals
             or credentials to be used to validate a connection to the EIS.
             If the Subject is not null, the method implementation may add
             additional Principals or credentials (pertaining to the
             recipient of the service request) to the Subject. *</dd>
 <dt><span class="seeLabel">See Also:</span></dt>
 <dd><code>196: Java Authentication SPI for Containers specification and
       related JavaDoc</code></dd>
 </dl>
 </li>
 </ul>
 </li>
 </ul>
 </li>
 </ul>
 </div>
 </div>
 <!-- ========= END OF CLASS DATA ========= -->
 <!-- ======= START OF BOTTOM NAVBAR ====== -->
 <div class="bottomNav"><a name="navbar.bottom">
 <!--   -->
 </a>
 <div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
 <a name="navbar.bottom.firstrow">
 <!--   -->
 </a>
 <ul class="navList" title="Navigation">
 <li><a href="../../../../overview-summary.html">Overview</a></li>
 <li><a href="package-summary.html">Package</a></li>
 <li class="navBarCell1Rev">Class</li>
 <li><a href="package-tree.html">Tree</a></li>
 <li><a href="../../../../deprecated-list.html">Deprecated</a></li>
 <li><a href="../../../../index-all.html">Index</a></li>
 <li><a href="../../../../help-doc.html">Help</a></li>
 </ul>
 </div>
 <div class="subNav">
 <ul class="navList">
 <li><a href="../../../../javax/resource/spi/work/RetryableWorkRejectedException.html" title="class in javax.resource.spi.work"><span class="typeNameLink">Prev&nbsp;Class</span></a></li>
 <li><a href="../../../../javax/resource/spi/work/TransactionContext.html" title="class in javax.resource.spi.work"><span class="typeNameLink">Next&nbsp;Class</span></a></li>
 </ul>
 <ul class="navList">
 <li><a href="../../../../index.html?javax/resource/spi/work/SecurityContext.html" target="_top">Frames</a></li>
 <li><a href="SecurityContext.html" target="_top">No&nbsp;Frames</a></li>
 </ul>
 <ul class="navList" id="allclasses_navbar_bottom">
 <li><a href="../../../../allclasses-noframe.html">All&nbsp;Classes</a></li>
 </ul>
 <div>
 <script type="text/javascript"><!--
   allClassesLink = document.getElementById("allclasses_navbar_bottom");
   if(window==top) {
     allClassesLink.style.display = "block";
   }
   else {
     allClassesLink.style.display = "none";
   }
   //-->
 </script>
 </div>
 <div>
 <ul class="subNavList">
 <li>Summary:&nbsp;</li>
 <li>Nested&nbsp;|&nbsp;</li>
 <li>Field&nbsp;|&nbsp;</li>
 <li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
 <li><a href="#method.summary">Method</a></li>
 </ul>
 <ul class="subNavList">
 <li>Detail:&nbsp;</li>
 <li>Field&nbsp;|&nbsp;</li>
 <li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
 <li><a href="#method.detail">Method</a></li>
 </ul>
 </div>
 <a name="skip.navbar.bottom">
 <!--   -->
 </a></div>
 <!-- ======== END OF BOTTOM NAVBAR ======= -->
 </body>
 </html>
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
	<!-- NewPage -->
	<html lang="en">
	<head>
	<title>SecurityContext</title>
	<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
	<script type="text/javascript" src="../../../../script.js"></script>
	</head>
	<body>
	<script type="text/javascript"><!--
	try {
	if (location.href.indexOf('is-external=true') == -1) {
	parent.document.title="SecurityContext";
	}
	}
	catch(err) {
	}
	//-->
	var methods = {"i0":10,"i1":10,"i2":6};
	var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],4:["t3","Abstract Methods"],8:["t4","Concrete Methods"]};
	var altColor = "altColor";
	var rowColor = "rowColor";
	var tableTab = "tableTab";
	var activeTableTab = "activeTableTab";
	</script>
	<noscript>
	<div>JavaScript is disabled on your browser.</div>
	</noscript>
	<!-- ========= START OF TOP NAVBAR ======= -->
	<div class="topNav"><a name="navbar.top">
	<!-- -->
	</a>
	<div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
	<a name="navbar.top.firstrow">
	<!-- -->
	</a>
	<ul class="navList" title="Navigation">
	<li><a href="../../../../overview-summary.html">Overview</a></li>
	<li><a href="package-summary.html">Package</a></li>
	<li class="navBarCell1Rev">Class</li>
	<li><a href="package-tree.html">Tree</a></li>
	<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
	<li><a href="../../../../index-all.html">Index</a></li>
	<li><a href="../../../../help-doc.html">Help</a></li>
	</ul>
	</div>
	<div class="subNav">
	<ul class="navList">
	<li><a href="../../../../javax/resource/spi/work/RetryableWorkRejectedException.html" title="class in javax.resource.spi.work"><span class="typeNameLink">Prev Class</span></a></li>
	<li><a href="../../../../javax/resource/spi/work/TransactionContext.html" title="class in javax.resource.spi.work"><span class="typeNameLink">Next Class</span></a></li>
	</ul>
	<ul class="navList">
	<li><a href="../../../../index.html?javax/resource/spi/work/SecurityContext.html" target="_top">Frames</a></li>
	<li><a href="SecurityContext.html" target="_top">No Frames</a></li>
	</ul>
	<ul class="navList" id="allclasses_navbar_top">
	<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
	</ul>
	<div>
	<script type="text/javascript"><!--
	allClassesLink = document.getElementById("allclasses_navbar_top");
	if(window==top) {
	allClassesLink.style.display = "block";
	}
	else {
	allClassesLink.style.display = "none";
	}
	//-->
	</script>
	</div>
	<div>
	<ul class="subNavList">
	<li>Summary: </li>
	<li>Nested \| </li>
	<li>Field \| </li>
	<li><a href="#constructor.summary">Constr</a> \| </li>
	<li><a href="#method.summary">Method</a></li>
	</ul>
	<ul class="subNavList">
	<li>Detail: </li>
	<li>Field \| </li>
	<li><a href="#constructor.detail">Constr</a> \| </li>
	<li><a href="#method.detail">Method</a></li>
	</ul>
	</div>
	<a name="skip.navbar.top">
	<!-- -->
	</a></div>
	<!-- ========= END OF TOP NAVBAR ========= -->
	<!-- ======== START OF CLASS DATA ======== -->
	<div class="header">
	<div class="subTitle">javax.resource.spi.work</div>
	<h2 title="Class SecurityContext" class="title">Class SecurityContext</h2>
	</div>
	<div class="contentContainer">
	<ul class="inheritance">
	<li>java.lang.Object</li>
	<li>
	<ul class="inheritance">
	<li>javax.resource.spi.work.SecurityContext</li>
	</ul>
	</li>
	</ul>
	<div class="description">
	<ul class="blockList">
	<li class="blockList">
	<dl>
	<dt>All Implemented Interfaces:</dt>
	<dd>java.io.Serializable, <a href="../../../../javax/resource/spi/work/WorkContext.html" title="interface in javax.resource.spi.work">WorkContext</a></dd>
	</dl>
	<hr>
	<br>
	<pre>public abstract class <span class="typeNameLabel">SecurityContext</span>
	extends java.lang.Object
	implements <a href="../../../../javax/resource/spi/work/WorkContext.html" title="interface in javax.resource.spi.work">WorkContext</a></pre>
	<div class="block">A standard <a href="../../../../javax/resource/spi/work/WorkContext.html" title="interface in javax.resource.spi.work"><code>WorkContext</code></a> that allows a <a href="../../../../javax/resource/spi/work/Work.html" title="interface in javax.resource.spi.work"><code>Work</code></a>
	instance to propagate security related context information from an EIS to an
	application server.
	<p>


	This allows an EIS/resource adapter to flow-in security context information
	and execute a Work instance, and call methods on a MessageEndpoint interface,
	to effect message inflow, within that Work instance, in the context of an
	established identity.
	<p>


	A resource adapter indicates to the WorkManager, that a Work instance needs
	to be run in a specified security execution context by submitting a Work
	instance that implements WorkContextProvider interface and ensuring that the
	List of WorkContexts for that Work instance contains an instance of its
	subclass of Securitytext.
	<p>


	It should be noted however that when a resource adapter flows-in an identity
	to be used by the application server, the propagated identity may or may not
	belong to the application server's security domain.
	<p>


	There are therefore, two scenarios while a resource adapter propagates a
	security identity from an EIS to the application server:
	<p>

	<ul>
	<li>Case 1: Resource adapter flows-in an identity in the application server's
	security domain: In this case, the application server could just set the
	initiating principal, flown-in from the resource adapter, as the security
	context the Work instance executes as.</li>
	<li>Case 2: Resource adapter flows-in an identity belonging to the EIS'
	security domain: The resource adapter establishes a connection to the EIS and
	needs to perform a Work in the context of an EIS identity. In this case, the
	initiating or caller principal does not exist in the application server's
	security domain and a translation from one domain to the other needs to be
	performed.</li>
	</ul>
	<p></div>
	<dl>
	<dt><span class="simpleTagLabel">Since:</span></dt>
	<dd>1.6</dd>
	<dt><span class="seeLabel">See Also:</span></dt>
	<dd><a href="../../../../javax/resource/spi/work/WorkContextProvider.html" title="interface in javax.resource.spi.work"><code>WorkContextProvider</code></a>,
	<a href="../../../../serialized-form.html#javax.resource.spi.work.SecurityContext">Serialized Form</a></dd>
	</dl>
	</li>
	</ul>
	</div>
	<div class="summary">
	<ul class="blockList">
	<li class="blockList">
	<!-- ======== CONSTRUCTOR SUMMARY ======== -->
	<ul class="blockList">
	<li class="blockList"><a name="constructor.summary">
	<!-- -->
	</a>
	<h3>Constructor Summary</h3>
	<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation">
	<caption><span>Constructors</span><span class="tabEnd"> </span></caption>
	<tr>
	<th class="colOne" scope="col">Constructor and Description</th>
	</tr>
	<tr class="altColor">
	<td class="colOne"><code><span class="memberNameLink"><a href="../../../../javax/resource/spi/work/SecurityContext.html#SecurityContext--">SecurityContext</a></span>()</code> </td>
	</tr>
	</table>
	</li>
	</ul>
	<!-- ========== METHOD SUMMARY =========== -->
	<ul class="blockList">
	<li class="blockList"><a name="method.summary">
	<!-- -->
	</a>
	<h3>Method Summary</h3>
	<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
	<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd"> </span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd"> </span></span><span id="t3" class="tableTab"><span><a href="javascript:show(4);">Abstract Methods</a></span><span class="tabEnd"> </span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd"> </span></span></caption>
	<tr>
	<th class="colFirst" scope="col">Modifier and Type</th>
	<th class="colLast" scope="col">Method and Description</th>
	</tr>
	<tr id="i0" class="altColor">
	<td class="colFirst"><code>java.lang.String</code></td>
	<td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/resource/spi/work/SecurityContext.html#getDescription--">getDescription</a></span>()</code>
	<div class="block">Get the brief description of the role played by the
	<code>WorkContext</code> and any other related debugging information.</div>
	</td>
	</tr>
	<tr id="i1" class="rowColor">
	<td class="colFirst"><code>java.lang.String</code></td>
	<td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/resource/spi/work/SecurityContext.html#getName--">getName</a></span>()</code>
	<div class="block">Get the associated name of the <code>WorkContext</code>.</div>
	</td>
	</tr>
	<tr id="i2" class="altColor">
	<td class="colFirst"><code>abstract void</code></td>
	<td class="colLast"><code><span class="memberNameLink"><a href="../../../../javax/resource/spi/work/SecurityContext.html#setupSecurityContext-javax.security.auth.callback.CallbackHandler-javax.security.auth.Subject-javax.security.auth.Subject-">setupSecurityContext</a></span>(javax.security.auth.callback.CallbackHandler handler,
	javax.security.auth.Subject executionSubject,
	javax.security.auth.Subject serviceSubject)</code>
	<div class="block">The container calls this method to set up the security Context for the
	<code>Work</code> instance.</div>
	</td>
	</tr>
	</table>
	<ul class="blockList">
	<li class="blockList"><a name="methods.inherited.from.class.java.lang.Object">
	<!-- -->
	</a>
	<h3>Methods inherited from class java.lang.Object</h3>
	<code>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</code></li>
	</ul>
	</li>
	</ul>
	</li>
	</ul>
	</div>
	<div class="details">
	<ul class="blockList">
	<li class="blockList">
	<!-- ========= CONSTRUCTOR DETAIL ======== -->
	<ul class="blockList">
	<li class="blockList"><a name="constructor.detail">
	<!-- -->
	</a>
	<h3>Constructor Detail</h3>
	<a name="SecurityContext--">
	<!-- -->
	</a>
	<ul class="blockListLast">
	<li class="blockList">
	<h4>SecurityContext</h4>
	<pre>public SecurityContext()</pre>
	</li>
	</ul>
	</li>
	</ul>
	<!-- ============ METHOD DETAIL ========== -->
	<ul class="blockList">
	<li class="blockList"><a name="method.detail">
	<!-- -->
	</a>
	<h3>Method Detail</h3>
	<a name="getDescription--">
	<!-- -->
	</a>
	<ul class="blockList">
	<li class="blockList">
	<h4>getDescription</h4>
	<pre>public java.lang.String getDescription()</pre>
	<div class="block">Get the brief description of the role played by the
	<code>WorkContext</code> and any other related debugging information.
	This could be used by the WorkManager and the resource adapter for
	debugging purposes.
	<p></div>
	<dl>
	<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
	<dd><code><a href="../../../../javax/resource/spi/work/WorkContext.html#getDescription--">getDescription</a></code> in interface <code><a href="../../../../javax/resource/spi/work/WorkContext.html" title="interface in javax.resource.spi.work">WorkContext</a></code></dd>
	<dt><span class="returnLabel">Returns:</span></dt>
	<dd>the associated description of the <code>WorkContext</code></dd>
	</dl>
	</li>
	</ul>
	<a name="getName--">
	<!-- -->
	</a>
	<ul class="blockList">
	<li class="blockList">
	<h4>getName</h4>
	<pre>public java.lang.String getName()</pre>
	<div class="block">Get the associated name of the <code>WorkContext</code>. This could be
	used by the WorkManager and the resource adapter for debugging purposes.
	<p></div>
	<dl>
	<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
	<dd><code><a href="../../../../javax/resource/spi/work/WorkContext.html#getName--">getName</a></code> in interface <code><a href="../../../../javax/resource/spi/work/WorkContext.html" title="interface in javax.resource.spi.work">WorkContext</a></code></dd>
	<dt><span class="returnLabel">Returns:</span></dt>
	<dd>the associated name of the <code>WorkContext</code></dd>
	</dl>
	</li>
	</ul>
	<a name="setupSecurityContext-javax.security.auth.callback.CallbackHandler-javax.security.auth.Subject-javax.security.auth.Subject-">
	<!-- -->
	</a>
	<ul class="blockListLast">
	<li class="blockList">
	<h4>setupSecurityContext</h4>
	<pre>public abstract void setupSecurityContext(javax.security.auth.callback.CallbackHandler handler,
	javax.security.auth.Subject executionSubject,
	javax.security.auth.Subject serviceSubject)</pre>
	<div class="block">The container calls this method to set up the security Context for the
	<code>Work</code> instance.
	<p>

	The handler argument must not be null, and the argument handler and the
	<code>CallbackHandler</code> passed to this method must support the
	following <code>Callback</code>s defined in JSR 196: Java Authentication
	SPI for Containers specification:
	<p>
	<ul>
	<li>CallerPrincipalCallback</li>
	<li>GroupPrincipalCallback</li>
	<li>PasswordValidationCallback</li>
	</ul>
	<p>
	The following <code>Callback</code>s may be supported by the container.
	<p>
	<ul>
	<li>CertStoreCallback</li>
	<li>PrivateKeyCallback</li>
	<li>SecretKeyCallback</li>
	<li>TrustStoreCallback</li>
	</ul>
	<p>

	A resource adapter might use the <code>CallerPrincipalCallback</code> "to
	set the container's representation of the caller principal. The
	CallbackHandler must establish the argument Principal as the caller
	principal associated with the invocation being processed by the
	container. When the argument Principal is null, the handler will
	establish the container's representation of the unauthenticated caller
	principal."
	<p>

	A resource adapter might use the <code>GroupPrincipalCallback</code> "to
	establish the container's representation of the corresponding group
	principals within the Subject. When a null value is passed to the groups
	argument, the handler will establish the container's representation of no
	group principals within the Subject. Otherwise, the handler's processing
	of this callback is additive, yielding the union (without duplicates) of
	the principals existing within the Subject, and those created with the
	names occurring within the argument array. The CallbackHandler will
	define the type of the created principals."
	<p>

	A resource adapter might use the <code>PasswordValidationCallback</code>
	"to employ the password validation facilities of its containing runtime."
	<p>

	The executionSubject argument must be non-null and it must not be
	read-only. It is expected that this method will populate this
	executionSubject with principals and credentials that would be flown into
	the application server.
	<p>

	The serviceSubject argument may be null, and when it is not null it must not be
	read-only. It represents the application server and it may be used by the
	Work implementation to retrieve Principals and credentials necessary to
	establish a connection to the EIS (in the cause of mutual-auth like
	scenarios). If the Subject is not null, the Work implementation may
	collect the server credentials, as necessary, by using the callback
	handler passed to them .
	<p>


	When this method is called, the method implementation
	<ul>
	<li>identifies the security context that needs to be flown-in to the
	application server to serve as the execution context of the Work
	instance.</li>
	<li>populates the executionSubject with the EIS Principals and
	Credentials that it wants to serve as the security context for the Work
	instance to be executed in.</li>
	<li>adds instances of the necessary Callbacks , usually a subset of the
	ones listed above, to an array and invokes the handle() method in the
	container's CallbackHandler implementation passing in the array of
	Callback instances.</li>
	<li>on successful return from the CallbackHandler.handle() method the
	setSecurityContext returns after ensuring that the executionSubject is
	populated with the valid Principals and Credentials that represent the
	execution context of the Work instance</li>
	</ul>
	<p></div>
	<dl>
	<dt><span class="paramLabel">Parameters:</span></dt>
	<dd><code>handler</code> - A <code>CallbackHandler</code> provided by the
	<code>WorkManager</code> that supports the
	<code>Callback</code>s described above</dd>
	<dd><code>executionSubject</code> - A Subject that represents the security identity that needs to
	be established as the context for the <code>Work</code>
	instance. It is used by the method implementation to store
	Principals and credentials that needs to be used as the
	security context of the <code>Work</code> instance.</dd>
	<dd><code>serviceSubject</code> - A Subject that represents the application server It may be
	used by the method implementation as the source of Principals
	or credentials to be used to validate a connection to the EIS.
	If the Subject is not null, the method implementation may add
	additional Principals or credentials (pertaining to the
	recipient of the service request) to the Subject. *</dd>
	<dt><span class="seeLabel">See Also:</span></dt>
	<dd><code>196: Java Authentication SPI for Containers specification and
	related JavaDoc</code></dd>
	</dl>
	</li>
	</ul>
	</li>
	</ul>
	</li>
	</ul>
	</div>
	</div>
	<!-- ========= END OF CLASS DATA ========= -->
	<!-- ======= START OF BOTTOM NAVBAR ====== -->
	<div class="bottomNav"><a name="navbar.bottom">
	<!-- -->
	</a>
	<div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
	<a name="navbar.bottom.firstrow">
	<!-- -->
	</a>
	<ul class="navList" title="Navigation">
	<li><a href="../../../../overview-summary.html">Overview</a></li>
	<li><a href="package-summary.html">Package</a></li>
	<li class="navBarCell1Rev">Class</li>
	<li><a href="package-tree.html">Tree</a></li>
	<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
	<li><a href="../../../../index-all.html">Index</a></li>
	<li><a href="../../../../help-doc.html">Help</a></li>
	</ul>
	</div>
	<div class="subNav">
	<ul class="navList">
	<li><a href="../../../../javax/resource/spi/work/RetryableWorkRejectedException.html" title="class in javax.resource.spi.work"><span class="typeNameLink">Prev Class</span></a></li>
	<li><a href="../../../../javax/resource/spi/work/TransactionContext.html" title="class in javax.resource.spi.work"><span class="typeNameLink">Next Class</span></a></li>
	</ul>
	<ul class="navList">
	<li><a href="../../../../index.html?javax/resource/spi/work/SecurityContext.html" target="_top">Frames</a></li>
	<li><a href="SecurityContext.html" target="_top">No Frames</a></li>
	</ul>
	<ul class="navList" id="allclasses_navbar_bottom">
	<li><a href="../../../../allclasses-noframe.html">All Classes</a></li>
	</ul>
	<div>
	<script type="text/javascript"><!--
	allClassesLink = document.getElementById("allclasses_navbar_bottom");
	if(window==top) {
	allClassesLink.style.display = "block";
	}
	else {
	allClassesLink.style.display = "none";
	}
	//-->
	</script>
	</div>
	<div>
	<ul class="subNavList">
	<li>Summary: </li>
	<li>Nested \| </li>
	<li>Field \| </li>
	<li><a href="#constructor.summary">Constr</a> \| </li>
	<li><a href="#method.summary">Method</a></li>
	</ul>
	<ul class="subNavList">
	<li>Detail: </li>
	<li>Field \| </li>
	<li><a href="#constructor.detail">Constr</a> \| </li>
	<li><a href="#method.detail">Method</a></li>
	</ul>
	</div>
	<a name="skip.navbar.bottom">
	<!-- -->
	</a></div>
	<!-- ======== END OF BOTTOM NAVBAR ======= -->
	</body>
	</html>