Examples of java.security.AccessControlContext

• java.security.AccessControlContext
  An AccessControlContext is used to make system resource access decisions based on the context it encapsulates.

  More specifically, it encapsulates a context and has a single method, checkPermission, that is equivalent to the checkPermission method in the AccessController class, with one difference: The AccessControlContext checkPermission method makes access decisions based on the context it encapsulates, rather than that of the current execution thread.

  Thus, the purpose of AccessControlContext is for those situations where a security check that should be made within a given context actually needs to be done from within a different context (for example, from within a worker thread).

  An AccessControlContext is created by calling the AccessController.getContext method. The getContext method takes a "snapshot" of the current calling context, and places it in an AccessControlContext object, which it returns. A sample call is the following:

   AccessControlContext acc = AccessController.getContext() 

  Code within a different context can subsequently call the checkPermission method on the previously-saved AccessControlContext object. A sample call is the following:

   acc.checkPermission(permission) 

  @see AccessController @author Roland Schemers

        // If the object is an instance of the type, just return it
        if (isAssignable(fromValue, type)) {
            return fromValue;
        }
        ConversionResult result = null;
        AccessControlContext acc = blueprintContainer.getAccessControlContext();
        if (acc == null) {
            result = convertWithConverters(fromValue, type);
        } else {
            result = AccessController.doPrivileged(new PrivilegedExceptionAction<ConversionResult>() {
                public ConversionResult run() throws Exception {

            }, accessControlContext);
        }
    }

    private AccessControlContext createAccessControlContext() {
        return new AccessControlContext(AccessController.getContext(),
                new DomainCombiner() {
                    public ProtectionDomain[] combine(ProtectionDomain[] arg0,
                                                      ProtectionDomain[] arg1) {
                        return new ProtectionDomain[] { new ProtectionDomain(null, null) {
                            public boolean implies(Permission permission) {

    private Session extendAuthentication(String workspaceName)
            throws RepositoryException, AccessDeniedException {

        Subject subject = null;
        try {
            AccessControlContext acc = AccessController.getContext();
            subject = Subject.getSubject(acc);
        } catch (SecurityException e) {
            log.warn("Can't check for preauthentication. Reason:", e.getMessage());
        }
        if (subject == null) {

        ProtectionDomain rhinoProtectionDomain
            = new ProtectionDomain(codeSource,
                                   getPermissions(codeSource));

        rhinoAccessControlContext
            = new AccessControlContext(new ProtectionDomain[]{
                rhinoProtectionDomain});
    }

        SecurityManager sm = System.getSecurityManager();
        if (sm != null) sm.checkPermission(SET_CONTEXT);

        if (subject == null) throw new IllegalArgumentException("Subject must not be null");

        AccessControlContext acc = (AccessControlContext) Subject.doAsPrivileged(subject, new PrivilegedAction() {
            public Object run() {
                return AccessController.getContext();
            }
        }, null);

        Context test = subjectContexts.get(subject);
        if (test != null) {
            return test.getContext();
        }

        AccessControlContext acc = (AccessControlContext) Subject.doAsPrivileged(subject, new PrivilegedAction() {
            public Object run() {
                return AccessController.getContext();
            }
        }, null);

    // Allow user to only read any file in docs directory
    final String aHome = System.getenv("ACCUMULO_HOME");
    PermissionCollection pc = new Permissions();
    pc.add(new FilePermission(aHome + "/docs/-", "read"));

    AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] {new ProtectionDomain(null, pc)});

    IOException e = AccessController.doPrivileged(new PrivilegedAction<IOException>() {

      @Override
      public IOException run() {

            String name = (type == null) ? null : type.getSpecName();

            Permission permission = new EJBMethodPermission(ejbName, name, method);

            AccessControlContext accessContext = ContextManager.getCurrentContext();

            if (permission != null) accessContext.checkPermission(permission);

        } catch (AccessControlException e) {
            return false;
        }
        return true;

        }

        String EJBName = deploymentInfo.getEjbName();
        if (EJBName == null) throw new IllegalArgumentException("EJBName must not be null");
        try {
            AccessControlContext context = ContextManager.getCurrentContext();
            context.checkPermission(new EJBRoleRefPermission(EJBName, role));
        } catch (AccessControlException e) {
            return false;
        }
        return true;
    }

    public void dissociate(Object previous) {
        ContextManager.popCallers((Callers) previous);
    }

    public UserIdentity newUserIdentity(Subject subject, Principal userPrincipal, List<String> groups) {
        AccessControlContext acc = ContextManager.registerSubjectShort(subject, userPrincipal, groups);
        return new JACCUserIdentity(subject, userPrincipal, groups, acc);
    }