| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
| <!-- NewPage --> |
| <html lang="en"> |
| <head> |
| <title>SecurityContext</title> |
| <link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style"> |
| <script type="text/javascript" src="../../../../script.js"></script> |
| |
| <link rel="shortcut icon" href="/img/jakarta-favicon.ico"> |
| </head> |
| <body> |
| <script type="text/javascript"><!-- |
| try { |
| if (location.href.indexOf('is-external=true') == -1) { |
| parent.document.title="SecurityContext"; |
| } |
| } |
| catch(err) { |
| } |
| //--> |
| var methods = {"i0":10,"i1":10,"i2":6}; |
| var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],4:["t3","Abstract Methods"],8:["t4","Concrete Methods"]}; |
| var altColor = "altColor"; |
| var rowColor = "rowColor"; |
| var tableTab = "tableTab"; |
| var activeTableTab = "activeTableTab"; |
| </script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| <!-- ========= START OF TOP NAVBAR ======= --> |
| <div class="topNav"><a name="navbar.top"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.top.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../jakarta/resource/spi/work/RetryableWorkRejectedException.html" title="class in jakarta.resource.spi.work"><span class="typeNameLink">Prev Class</span></a></li> |
| <li><a href="../../../../jakarta/resource/spi/work/TransactionContext.html" title="class in jakarta.resource.spi.work"><span class="typeNameLink">Next Class</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../index.html?jakarta/resource/spi/work/SecurityContext.html" target="_top">Frames</a></li> |
| <li><a href="SecurityContext.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_top"> |
| <li><a href="../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_top"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li>Field | </li> |
| <li><a href="#constructor.summary">Constr</a> | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li><a href="#constructor.detail">Constr</a> | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.top"> |
| <!-- --> |
| </a></div> |
| <!-- ========= END OF TOP NAVBAR ========= --> |
| <!-- ======== START OF CLASS DATA ======== --> |
| <div class="header"> |
| <div class="subTitle">jakarta.resource.spi.work</div> |
| <h2 title="Class SecurityContext" class="title">Class SecurityContext</h2> |
| </div> |
| <div class="contentContainer"> |
| <ul class="inheritance"> |
| <li>java.lang.Object</li> |
| <li> |
| <ul class="inheritance"> |
| <li>jakarta.resource.spi.work.SecurityContext</li> |
| </ul> |
| </li> |
| </ul> |
| <div class="description"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <dl> |
| <dt>All Implemented Interfaces:</dt> |
| <dd><a href="../../../../jakarta/resource/spi/work/WorkContext.html" title="interface in jakarta.resource.spi.work">WorkContext</a>, java.io.Serializable</dd> |
| </dl> |
| <hr> |
| <br> |
| <pre>public abstract class <span class="typeNameLabel">SecurityContext</span> |
| extends java.lang.Object |
| implements <a href="../../../../jakarta/resource/spi/work/WorkContext.html" title="interface in jakarta.resource.spi.work">WorkContext</a></pre> |
| <div class="block">A standard <a href="../../../../jakarta/resource/spi/work/WorkContext.html" title="interface in jakarta.resource.spi.work"><code>WorkContext</code></a> that allows a <a href="../../../../jakarta/resource/spi/work/Work.html" title="interface in jakarta.resource.spi.work"><code>Work</code></a> |
| instance to propagate security related context information from an EIS to an |
| application server. |
| <p> |
| This allows an EIS/resource adapter to flow-in security context information |
| and execute a Work instance, and call methods on a MessageEndpoint interface, |
| to effect message inflow, within that Work instance, in the context of an |
| established identity. |
| </p> |
| |
| <p> |
| A resource adapter indicates to the WorkManager, that a Work instance needs |
| to be run in a specified security execution context by submitting a Work |
| instance that implements WorkContextProvider interface and ensuring that the |
| List of WorkContexts for that Work instance contains an instance of its |
| subclass of SecurityContext. |
| </p> |
| |
| <p> |
| It should be noted however that when a resource adapter flows-in an identity |
| to be used by the application server, the propagated identity may or may not |
| belong to the application server's security domain. |
| </p> |
| |
| <p> |
| There are therefore, two scenarios while a resource adapter propagates a |
| security identity from an EIS to the application server: |
| </p> |
| |
| <ul> |
| <li>Case 1: Resource adapter flows-in an identity in the application server's |
| security domain: In this case, the application server could just set the |
| initiating principal, flown-in from the resource adapter, as the security |
| context the Work instance executes as.</li> |
| <li>Case 2: Resource adapter flows-in an identity belonging to the EIS' |
| security domain: The resource adapter establishes a connection to the EIS and |
| needs to perform a Work in the context of an EIS identity. In this case, the |
| initiating or caller principal does not exist in the application server's |
| security domain and a translation from one domain to the other needs to be |
| performed.</li> |
| </ul> |
| <p></div> |
| <dl> |
| <dt><span class="simpleTagLabel">Since:</span></dt> |
| <dd>1.6</dd> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><a href="../../../../jakarta/resource/spi/work/WorkContextProvider.html" title="interface in jakarta.resource.spi.work"><code>WorkContextProvider</code></a>, |
| <a href="../../../../serialized-form.html#jakarta.resource.spi.work.SecurityContext">Serialized Form</a></dd> |
| </dl> |
| </li> |
| </ul> |
| </div> |
| <div class="summary"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ======== CONSTRUCTOR SUMMARY ======== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="constructor.summary"> |
| <!-- --> |
| </a> |
| <h3>Constructor Summary</h3> |
| <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation"> |
| <caption><span>Constructors</span><span class="tabEnd"> </span></caption> |
| <tr> |
| <th class="colOne" scope="col">Constructor and Description</th> |
| </tr> |
| <tr class="altColor"> |
| <td class="colOne"><code><span class="memberNameLink"><a href="../../../../jakarta/resource/spi/work/SecurityContext.html#SecurityContext--">SecurityContext</a></span>()</code> </td> |
| </tr> |
| </table> |
| </li> |
| </ul> |
| <!-- ========== METHOD SUMMARY =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method.summary"> |
| <!-- --> |
| </a> |
| <h3>Method Summary</h3> |
| <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation"> |
| <caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd"> </span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd"> </span></span><span id="t3" class="tableTab"><span><a href="javascript:show(4);">Abstract Methods</a></span><span class="tabEnd"> </span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd"> </span></span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colLast" scope="col">Method and Description</th> |
| </tr> |
| <tr id="i0" class="altColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../jakarta/resource/spi/work/SecurityContext.html#getDescription--">getDescription</a></span>()</code> |
| <div class="block">Get the brief description of the role played by the |
| <code>WorkContext</code> and any other related debugging information.</div> |
| </td> |
| </tr> |
| <tr id="i1" class="rowColor"> |
| <td class="colFirst"><code>java.lang.String</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../jakarta/resource/spi/work/SecurityContext.html#getName--">getName</a></span>()</code> |
| <div class="block">Get the associated name of the <code>WorkContext</code>.</div> |
| </td> |
| </tr> |
| <tr id="i2" class="altColor"> |
| <td class="colFirst"><code>abstract void</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../jakarta/resource/spi/work/SecurityContext.html#setupSecurityContext-javax.security.auth.callback.CallbackHandler-javax.security.auth.Subject-javax.security.auth.Subject-">setupSecurityContext</a></span>(javax.security.auth.callback.CallbackHandler handler, |
| javax.security.auth.Subject executionSubject, |
| javax.security.auth.Subject serviceSubject)</code> |
| <div class="block">The container calls this method to set up the security Context for the |
| <code>Work</code> instance.</div> |
| </td> |
| </tr> |
| </table> |
| <ul class="blockList"> |
| <li class="blockList"><a name="methods.inherited.from.class.java.lang.Object"> |
| <!-- --> |
| </a> |
| <h3>Methods inherited from class java.lang.Object</h3> |
| <code>clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait</code></li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| <div class="details"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ========= CONSTRUCTOR DETAIL ======== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="constructor.detail"> |
| <!-- --> |
| </a> |
| <h3>Constructor Detail</h3> |
| <a name="SecurityContext--"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>SecurityContext</h4> |
| <pre>public SecurityContext()</pre> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <!-- ============ METHOD DETAIL ========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method.detail"> |
| <!-- --> |
| </a> |
| <h3>Method Detail</h3> |
| <a name="getDescription--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getDescription</h4> |
| <pre>public java.lang.String getDescription()</pre> |
| <div class="block">Get the brief description of the role played by the |
| <code>WorkContext</code> and any other related debugging information. |
| This could be used by the WorkManager and the resource adapter for |
| debugging purposes. |
| <p></div> |
| <dl> |
| <dt><span class="overrideSpecifyLabel">Specified by:</span></dt> |
| <dd><code><a href="../../../../jakarta/resource/spi/work/WorkContext.html#getDescription--">getDescription</a></code> in interface <code><a href="../../../../jakarta/resource/spi/work/WorkContext.html" title="interface in jakarta.resource.spi.work">WorkContext</a></code></dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>the associated description of the <code>WorkContext</code></dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="getName--"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>getName</h4> |
| <pre>public java.lang.String getName()</pre> |
| <div class="block">Get the associated name of the <code>WorkContext</code>. This could be |
| used by the WorkManager and the resource adapter for debugging purposes. |
| <p></div> |
| <dl> |
| <dt><span class="overrideSpecifyLabel">Specified by:</span></dt> |
| <dd><code><a href="../../../../jakarta/resource/spi/work/WorkContext.html#getName--">getName</a></code> in interface <code><a href="../../../../jakarta/resource/spi/work/WorkContext.html" title="interface in jakarta.resource.spi.work">WorkContext</a></code></dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>the associated name of the <code>WorkContext</code></dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="setupSecurityContext-javax.security.auth.callback.CallbackHandler-javax.security.auth.Subject-javax.security.auth.Subject-"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>setupSecurityContext</h4> |
| <pre>public abstract void setupSecurityContext(javax.security.auth.callback.CallbackHandler handler, |
| javax.security.auth.Subject executionSubject, |
| javax.security.auth.Subject serviceSubject)</pre> |
| <div class="block">The container calls this method to set up the security Context for the |
| <code>Work</code> instance. |
| <p> |
| |
| The handler argument must not be null, and the argument handler and the |
| <code>CallbackHandler</code> passed to this method must support the |
| following <code>Callback</code>s defined in the Jakarta Authentication |
| specification: |
| |
| <ul> |
| <li>CallerPrincipalCallback</li> |
| <li>GroupPrincipalCallback</li> |
| <li>PasswordValidationCallback</li> |
| </ul> |
| <p> |
| The following <code>Callback</code>s may be supported by the container. |
| </p> |
| <ul> |
| <li>CertStoreCallback</li> |
| <li>PrivateKeyCallback</li> |
| <li>SecretKeyCallback</li> |
| <li>TrustStoreCallback</li> |
| </ul> |
| |
| |
| A resource adapter might use the <code>CallerPrincipalCallback</code> "to |
| set the container's representation of the caller principal. The |
| CallbackHandler must establish the argument Principal as the caller |
| principal associated with the invocation being processed by the |
| container. When the argument Principal is null, the handler will |
| establish the container's representation of the unauthenticated caller |
| principal." |
| <p> |
| |
| A resource adapter might use the <code>GroupPrincipalCallback</code> "to |
| establish the container's representation of the corresponding group |
| principals within the Subject. When a null value is passed to the groups |
| argument, the handler will establish the container's representation of no |
| group principals within the Subject. Otherwise, the handler's processing |
| of this callback is additive, yielding the union (without duplicates) of |
| the principals existing within the Subject, and those created with the |
| names occurring within the argument array. The CallbackHandler will |
| define the type of the created principals." |
| <p> |
| |
| A resource adapter might use the <code>PasswordValidationCallback</code> |
| "to employ the password validation facilities of its containing runtime." |
| <p> |
| |
| The executionSubject argument must be non-null and it must not be |
| read-only. It is expected that this method will populate this |
| executionSubject with principals and credentials that would be flown into |
| the application server. |
| <p> |
| |
| The serviceSubject argument may be null, and when it is not null it must not be |
| read-only. It represents the application server and it may be used by the |
| Work implementation to retrieve Principals and credentials necessary to |
| establish a connection to the EIS (in the cause of mutual-auth like |
| scenarios). If the Subject is not null, the Work implementation may |
| collect the server credentials, as necessary, by using the callback |
| handler passed to them . |
| <p> |
| |
| |
| When this method is called, the method implementation |
| <ul> |
| <li>identifies the security context that needs to be flown-in to the |
| application server to serve as the execution context of the Work |
| instance.</li> |
| <li>populates the executionSubject with the EIS Principals and |
| Credentials that it wants to serve as the security context for the Work |
| instance to be executed in.</li> |
| <li>adds instances of the necessary Callbacks , usually a subset of the |
| ones listed above, to an array and invokes the handle() method in the |
| container's CallbackHandler implementation passing in the array of |
| Callback instances.</li> |
| <li>on successful return from the CallbackHandler.handle() method the |
| setSecurityContext returns after ensuring that the executionSubject is |
| populated with the valid Principals and Credentials that represent the |
| execution context of the Work instance</li> |
| </ul> |
| <p> |
| |
| See Jakarta Authentication specification and |
| related JavaDoc</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>handler</code> - A <code>CallbackHandler</code> provided by the |
| <code>WorkManager</code> that supports the |
| <code>Callback</code>s described above</dd> |
| <dd><code>executionSubject</code> - A Subject that represents the security identity that needs to |
| be established as the context for the <code>Work</code> |
| instance. It is used by the method implementation to store |
| Principals and credentials that needs to be used as the |
| security context of the <code>Work</code> instance.</dd> |
| <dd><code>serviceSubject</code> - A Subject that represents the application server It may be |
| used by the method implementation as the source of Principals |
| or credentials to be used to validate a connection to the EIS. |
| If the Subject is not null, the method implementation may add |
| additional Principals or credentials (pertaining to the |
| recipient of the service request) to the Subject. *</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <!-- ========= END OF CLASS DATA ========= --> |
| <!-- ======= START OF BOTTOM NAVBAR ====== --> |
| <div class="bottomNav"><a name="navbar.bottom"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.bottom.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../jakarta/resource/spi/work/RetryableWorkRejectedException.html" title="class in jakarta.resource.spi.work"><span class="typeNameLink">Prev Class</span></a></li> |
| <li><a href="../../../../jakarta/resource/spi/work/TransactionContext.html" title="class in jakarta.resource.spi.work"><span class="typeNameLink">Next Class</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../index.html?jakarta/resource/spi/work/SecurityContext.html" target="_top">Frames</a></li> |
| <li><a href="SecurityContext.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_bottom"> |
| <li><a href="../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_bottom"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li>Field | </li> |
| <li><a href="#constructor.summary">Constr</a> | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li><a href="#constructor.detail">Constr</a> | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.bottom"> |
| <!-- --> |
| </a></div> |
| <!-- ======== END OF BOTTOM NAVBAR ======= --> |
| </body> |
| </html> |