Examples of java.security.AccessControlContext

• java.security.AccessControlContext
  An AccessControlContext is used to make system resource access decisions based on the context it encapsulates.

  More specifically, it encapsulates a context and has a single method, checkPermission, that is equivalent to the checkPermission method in the AccessController class, with one difference: The AccessControlContext checkPermission method makes access decisions based on the context it encapsulates, rather than that of the current execution thread.

  Thus, the purpose of AccessControlContext is for those situations where a security check that should be made within a given context actually needs to be done from within a different context (for example, from within a worker thread).

  An AccessControlContext is created by calling the AccessController.getContext method. The getContext method takes a "snapshot" of the current calling context, and places it in an AccessControlContext object, which it returns. A sample call is the following:

   AccessControlContext acc = AccessController.getContext() 

  Code within a different context can subsequently call the checkPermission method on the previously-saved AccessControlContext object. A sample call is the following:

   acc.checkPermission(permission) 

  @see AccessController @author Roland Schemers

                    isAuthenticated = true;
                }
            }


            AccessControlContext acc = ContextManager.getCurrentContext();

            /**
             * JACC v1.0 section 4.1.1
             */
            WebUserDataPermission wudp = new WebUserDataPermission(substitutedPathInContext, new String[]{request.getMethod()}, transportType);
            acc.checkPermission(wudp);

            WebResourcePermission webResourcePermission = new WebResourcePermission(request);
            /**
             * JACC v1.0 section 4.1.2
             */
            if (isAuthenticated) {
                //current user is logged in, this is the actual check
                acc.checkPermission(webResourcePermission);
            } else {
                //user is not logged in: if access denied, try to log them in.
                try {
                    acc.checkPermission(webResourcePermission);
                } catch (AccessControlException e) {
                    //not logged in: try to log them in.
                    Principal user = authenticator.authenticate(realm, pathInContext, request, response);
                    if (user == SecurityHandler.__NOBODY) {
                        return true;

        ContextManager.setCallers(subject, subject);

        try {

            AccessControlContext acc = ContextManager.getCurrentContext();

            /**
             * JACC v1.0 secion 4.1.1
             */
            WebUserDataPermission wudp = new WebUserDataPermission(request);
            acc.checkPermission(wudp);

        } catch (AccessControlException ace) {
            response.sendError(Response.SC_FORBIDDEN);
            return false;
        }

            ContextManager.setCallers(currentCaller, currentCaller);
        }

        try {

            AccessControlContext acc = ContextManager.getCurrentContext();


            /**
             * JACC v1.0 section 4.1.2
             */
            acc.checkPermission(new WebResourcePermission(request));

        } catch (AccessControlException ace) {
            response.sendError(Response.SC_FORBIDDEN);
            return false;
        }

        //Set the caller
        Subject currentCaller = ((JAASTomcatPrincipal) principal).getSubject();
        ContextManager.setCallers(currentCaller, currentCaller);

        AccessControlContext acc = ContextManager.getCurrentContext();

        try {
            /**
             * JACC v1.0 section 4.1.3
             */
            acc.checkPermission(new WebRoleRefPermission(name, role));
        } catch (AccessControlException e) {
            return false;
        }

        return true;

    public boolean isUserInRole(Principal user, String role) {
        if (user == null || role == null) {
            return false;
        }

        AccessControlContext acc = ContextManager.getCurrentContext();
        try {
            // JACC v1.0 secion B.19
            String servletName = JettyServletHolder.getCurrentServletName();
            if (servletName.equals("jsp")) {
                servletName = "";
            }
            acc.checkPermission(new WebRoleRefPermission(servletName, role));
        } catch (AccessControlException e) {
            return false;
        }
        return true;
    }

            }
            if (user == SecurityConstraint.__NOBODY) {
                return true;
            }

            AccessControlContext acc = ContextManager.getCurrentContext();
            ServletHttpRequest servletHttpRequest = (ServletHttpRequest) request.getWrapper();

            /**
             * JACC v1.0 secion 4.1.1
             */

            String transportType;
            if (request.isConfidential()) {
                transportType = "CONFIDENTIAL";
            } else if (request.isIntegral()) {
                transportType = "INTEGRAL";
            } else {
                transportType = "NONE";
            }
            WebUserDataPermission wudp = new WebUserDataPermission(servletHttpRequest.getServletPath(), new String[]{servletHttpRequest.getMethod()}, transportType);
            acc.checkPermission(wudp);

            /**
             * JACC v1.0 secion 4.1.2
             */
            acc.checkPermission(new WebResourcePermission(servletHttpRequest));
        } catch (HttpException he) {
            response.sendError(he.getCode(), he.getReason());
            return false;
        } catch (AccessControlException ace) {
            response.sendError(HttpResponse.__403_Forbidden);

   * @return the current user
   * @throws IOException if login fails
   */
  public synchronized
  static UserGroupInformation getCurrentUser() throws IOException {
    AccessControlContext context = AccessController.getContext();
    Subject subject = Subject.getSubject(context);
    return subject == null ? getLoginUser() : new UserGroupInformation(subject);
  }

            final ProtectionDomain pd = this.getProtectionDomain();
            if (pd == null)
            {
                return null;
            }
            return (A) new AccessControlContext(new ProtectionDomain[] {pd});

        }
        return null;
    }

        // Get the current context.
        gripper.m_system = AccessController.getContext();

        // and merge it with the current combiner (i.e., gripper)
        AccessControlContext context = (AccessControlContext) AccessController
            .doPrivileged(gripper);

        gripper.m_system = null;

        // now get the protection domains

    public Object run()
    {
        // this is a call to merge with the current context.
        if (m_system != null)
        {
            return new AccessControlContext(m_system, this);
        }

        // this is a call to get the protection domains.
        AccessController.checkPermission(ALL_PERMISSION);
        return null;