Examples of java.security.AccessControlContext

• java.security.AccessControlContext
  An AccessControlContext is used to make system resource access decisions based on the context it encapsulates.

  More specifically, it encapsulates a context and has a single method, checkPermission, that is equivalent to the checkPermission method in the AccessController class, with one difference: The AccessControlContext checkPermission method makes access decisions based on the context it encapsulates, rather than that of the current execution thread.

  Thus, the purpose of AccessControlContext is for those situations where a security check that should be made within a given context actually needs to be done from within a different context (for example, from within a worker thread).

  An AccessControlContext is created by calling the AccessController.getContext method. The getContext method takes a "snapshot" of the current calling context, and places it in an AccessControlContext object, which it returns. A sample call is the following:

   AccessControlContext acc = AccessController.getContext() 

  Code within a different context can subsequently call the checkPermission method on the previously-saved AccessControlContext object. A sample call is the following:

   acc.checkPermission(permission) 

  @see AccessController @author Roland Schemers

     * @return the resulting class loader
     */
    public static URLClassLoader newInstance(final URL[] urls,
               final ClassLoader parent) {
  // Save the caller's context
  AccessControlContext acc = AccessController.getContext();
  // Need a privileged block to create the class loader
  URLClassLoader ucl =
      (URLClassLoader) AccessController.doPrivileged(new PrivilegedAction() {
    public Object run() {
        return new FactoryURLClassLoader(urls, parent);

     * @param urls the URLs to search for classes and resources
     * @return the resulting class loader
     */
    public static URLClassLoader newInstance(final URL[] urls) {
  // Save the caller's context
  AccessControlContext acc = AccessController.getContext();
  // Need a privileged block to create the class loader
  URLClassLoader ucl = (URLClassLoader)
      AccessController.doPrivileged(new PrivilegedAction() {
    public Object run() {
        return new FactoryURLClassLoader(urls);

                AccessController.doPrivileged(new PrivilegedAction() {
                    public Object run() {
            sm.checkPackageAccess(name.substring(0, i));
            return null;
                    }
                }, new AccessControlContext(new ProtectionDomain[] {pd}));
      }
  }
  domains.add(pd);
    }

    * @return the result
    * @throws Throwable for any error
    */
   protected static Object dispatchJoinPoint(final KernelControllerContext context, final Joinpoint joinpoint) throws Throwable
   {
      AccessControlContext access = null;
      if (context instanceof AbstractKernelControllerContext)
      {
         AbstractKernelControllerContext theContext = (AbstractKernelControllerContext) context;
         access = theContext.getAccessControlContext();
      }

        ContextManager.setCallers(subject, subject);

        try {

            AccessControlContext acc = ContextManager.getCurrentContext();

            /**
             * JACC v1.0 secion 4.1.1
             */
            WebUserDataPermission wudp = new WebUserDataPermission(request);
            acc.checkPermission(wudp);

        } catch (AccessControlException ace) {
            response.sendError(Response.SC_FORBIDDEN);
            return false;
        }

            ContextManager.setCallers(currentCaller, currentCaller);
        }

        try {

            AccessControlContext acc = ContextManager.getCurrentContext();

            /**
             * JACC v1.0 section 4.1.2
             */
            acc.checkPermission(new WebResourcePermission(request));

        } catch (AccessControlException ace) {
            response.sendError(Response.SC_FORBIDDEN);
            return false;
        }

        //Set the caller
        Subject currentCaller = ((JAASTomcatPrincipal) principal).getSubject();
        ContextManager.setCallers(currentCaller, currentCaller);

        AccessControlContext acc = ContextManager.getCurrentContext();

        try {
            /**
             * JACC v1.0 section 4.1.3
             */
            acc.checkPermission(new WebRoleRefPermission(name, role));
        } catch (AccessControlException e) {
            return false;
        }

        return true;

            String name = (type == null) ? null : type.getSpecName();

            Permission permission = new EJBMethodPermission(ejbName, name, method);

            AccessControlContext accessContext = ContextManager.getCurrentContext();

            if (permission != null) accessContext.checkPermission(permission);

        } catch (AccessControlException e) {
            return false;
        }
        return true;

    public boolean isUserInRole(Principal user, String role) {
        if (user == null || role == null) {
            return false;
        }

        AccessControlContext acc = ContextManager.getCurrentContext();
        try {
            // JACC v1.0 secion B.19
            String servletName = InternalJettyServletHolder.getCurrentServletName();
            if (servletName == null || servletName.equals("jsp")) {
                servletName = "";
            }
            acc.checkPermission(new WebRoleRefPermission(servletName, role));
        } catch (AccessControlException e) {
            return false;
        }
        return true;
    }

        SecurityManager sm = System.getSecurityManager();
        if (sm != null) sm.checkPermission(SET_CONTEXT);

        if (subject == null) throw new IllegalArgumentException("Subject must not be null");

        AccessControlContext acc = (AccessControlContext) Subject.doAsPrivileged(subject, new PrivilegedAction() {
            public Object run() {
                return AccessController.getContext();
            }
        }, null);