com.ibm.sec.authz.jaccplus
Class ApplicationEvaluationContext
- java.lang.Object
com.ibm.sec.authz.jaccplus.ApplicationEvaluationContext
All implemented interfaces:
- public final class ApplicationEvaluationContext
- extends java.lang.Object
An implementation of EvaluationContext
that requires the application
code to create and register an ApplicationSubject
instance representing
the currently authenticated user. This is an alternative to ContainerEvaluationContext
.
Use this implementation in the following use cases:
- The application is not running in an environment supported by
ContainerEvaluationContext
. - The application is running in WebSphere Application Server (for example), but application security is disabled. This is often the case where another framework, such as Spring, manages authentication.
A subject can be set in the context instance as follows:
ApplicationSubject subj = new ApplicationSubject(); subj.setUserPrincipal( new ApplicationUserPrincipal( "cn=alice,o=ibm,c=us" ) ); subj.setGroupPrincipals( new Principal[] { new ApplicationGroupPrincipal( "cn=users,o=ibm,c=us" ) } ); context.getHandlerData().put( ApplicationSubjectContext.SUBJECT_KEY, subj );
Once created, reuse the instance of EvaluationContext for the life of the application and across threads.
See Also:
Constructor Summary
Constructor and Description |
---|
ApplicationEvaluationContext()
Construct a EvaluationContext instance.
|
Method Summary
Modifier and Type | Method and Description |
---|---|
|
getContext(java.lang.String key)
|
|
getHandlerData()
|
|
getKeys()
|
|
registerHandler(java.lang.String key,IEvaluationContextHandler handler,boolean replace)
|
Methods inherited from class java.lang.Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail
ApplicationEvaluationContext
- public ApplicationEvaluationContext( )
Construct a EvaluationContext instance.
Throws:
PolicyContextException
Method Detail
registerHandler
- public void registerHandler(java.lang.String key,
- IEvaluationContextHandler handler,
- boolean replace)
- throws PolicyContextException
Description copied from interface:
EvaluationContext
This method registers a
PolicyContextHandler
implementation for a particular
key. A single handler implementation can be registered to handle multiple keys.
Specified by:
registerHandler
in interface EvaluationContext
Parameters:
key
- the key. handler
- the policy context handler implementation. replace
- this boolean value defines the behaviour of this method if,
when it is called, a policy context handler implementation
has already been registered to handle the same key.
In that case and if the value of this argument is true,
the existing handler is replaced with the argument handler.
If the value of this parameter is false, the existing registration is
preserved and an exception is thrown. Throws:
PolicyContextException
- if an error occurs. getKeys
- public java.util.Set<java.lang.String> getKeys( )
Description copied from interface:
EvaluationContext
Returns the set of keys that this evaluation context can handle.
Specified by:
getKeys
in interface EvaluationContext
Returns:
the set of keys.
getContext
- public java.lang.Object getContext( java.lang.String key)
- throws PolicyContextException
Description copied from interface:
EvaluationContext
Given a key, returns the corresponding context object.
Specified by:
getContext
in interface EvaluationContext
Parameters:
key
- the key. Returns:
the attribute.
Throws:
PolicyContextException
getHandlerData
- public java.util.Map<java.lang.String,java.lang.Object> getHandlerData( )
Description copied from interface:
EvaluationContext
Gets the thread-scoped handler data object.
Specified by:
getHandlerData
in interface EvaluationContext
Returns:
The thread-local handler data map.