IBM WebSphere Application ServerTM
Release 8

com.ibm.wsspi.security.context
Interface Context

All Superinterfaces:
java.io.Serializable

public interface Context
extends java.io.Serializable

An abstraction of the security context obtained from the thread of execution.

The security context consists of the "RunAs" and "Caller" Subjects, including any credentials, authentication, authorization, and propagastion tokens.

The security context is retrieved from the running thread when instances of this interface are newly created by the factory method com.ibm.wsspi.security.context.ContextManager.getContext(). Instances of this interface may be saved to persistent storage and later restored for use by an application.

Version:
Base Enablement iFix for v6.1
See Also:
ContextManager.getContext()

Method Summary
 javax.security.auth.Subject getCallerSubject()
          Returns the current Caller Subject stored in this Context.
 Domain getDomain()
          Returns the current domain stored in this Context.
 java.util.Map getPropagationTokens()
          Returns the current Map of PropagationTokens stored in this Context.
 javax.security.auth.Subject getRunAsSubject()
          Returns the current RunAs Subject stored in this Context.
 void restoreContext()
          The security context saved by the setContext() operation is restored and set on the current thread of execution.
 java.lang.Object runWith(java.security.PrivilegedExceptionAction action)
          Run the given action using this security context.
 java.lang.Object runWithDomain(java.security.PrivilegedExceptionAction action)
          Run the given action using the security domain in this context.
 void setCallerSubject(javax.security.auth.Subject caller)
          Replaces the Caller Subject stored in this Context with the given Subject.
 void setContext()
          Set this security context on the current thread of execution.
 void setDomain(Domain domain)
          Replaces the domain stored in this Context with the given domain.
 void setPropagationTokens(java.util.Map tokens)
          Replaces the Map of PropagationTokens stored in this Context with the given Map.
 void setRunAsSubject(javax.security.auth.Subject runAs)
          Replaces the RunAs Subject stored in this Context with the given Subject.
 

Method Detail

setContext

void setContext()
                throws com.ibm.websphere.security.WSSecurityException
Set this security context on the current thread of execution.

Prior to setting this context on the thread of execution, the current security context on the thread is saved and is restored on the thread by the restoreContext() operation.

"setSecurityContext" permission is required in order to perform this operation.

Throws:
com.ibm.websphere.security.WSSecurityException - if any errors are encountered.

restoreContext

void restoreContext()
                    throws com.ibm.websphere.security.WSSecurityException
The security context saved by the setContext() operation is restored and set on the current thread of execution.

"restoreSecurityContext" permission is required in order to perform this operation.

Throws:
com.ibm.websphere.security.WSSecurityException - if any errors are encountered.

runWith

java.lang.Object runWith(java.security.PrivilegedExceptionAction action)
                         throws com.ibm.websphere.security.WSSecurityException
Run the given action using this security context. The security domain and the subjects will be pushed on the thread before running the action. The thread state will be restored, i.e the domain and subjects will be popped after the action runs.

Parameters:
action - the action to be performed using this security context
Returns:
the value returned by the action's run operation.
Throws:
com.ibm.websphere.security.WSSecurityException - if any errors are encountered.

runWithDomain

java.lang.Object runWithDomain(java.security.PrivilegedExceptionAction action)
                               throws com.ibm.websphere.security.WSSecurityException
Run the given action using the security domain in this context. The domain will be pushed on the thread, but the subjects will not, before running the action. The thread state will be restored, i.e the domain will be popped, after the action runs.

Parameters:
action - the action to be performed using this security context
Returns:
the value returned by the action's run operation.
Throws:
com.ibm.websphere.security.WSSecurityException - if any errors are encountered.

setCallerSubject

void setCallerSubject(javax.security.auth.Subject caller)
                      throws com.ibm.websphere.security.WSSecurityException
Replaces the Caller Subject stored in this Context with the given Subject. This operation does not modify the Caller Subject in thread local storage (TLS). The given Subject becomes the current Caller Subject stored in this Context and the previous value of the Caller Subject is lost and discarded.

Parameters:
caller - the Caller Subject to replace the current Caller Subject in this Context.
Throws:
com.ibm.websphere.security.WSSecurityException - if an error occurs

getCallerSubject

javax.security.auth.Subject getCallerSubject()
                                             throws com.ibm.websphere.security.WSSecurityException
Returns the current Caller Subject stored in this Context. The Caller Subject returned is not retrieved from thread local storage (TLS). The initial value of the Caller Subject is obtained from TLS at the time this Context is created and may have subsequently been modified with the setCallerSubject() operation.

Returns:
the current Caller Subject in this Context.
Throws:
com.ibm.websphere.security.WSSecurityException - if an error occurs

setRunAsSubject

void setRunAsSubject(javax.security.auth.Subject runAs)
                     throws com.ibm.websphere.security.WSSecurityException
Replaces the RunAs Subject stored in this Context with the given Subject. This operation does not modify the RunAs Subject (aka Invocation Subject) in thread local storage (TLS). The given Subject becomes the current RunAs Subject stored in this Context and the previous value of the RunAs Subject is lost and discarded.

Parameters:
runAs - the RunAs Subject to replace the current RunAs Subject in this Context.
Throws:
com.ibm.websphere.security.WSSecurityException - if an error occurs

getRunAsSubject

javax.security.auth.Subject getRunAsSubject()
                                            throws com.ibm.websphere.security.WSSecurityException
Returns the current RunAs Subject stored in this Context. The RunAs Subject returned is not retrieved from thread local storage (TLS). The initial value of the RunAs Subject is obtained from TLS at the time this Context is created and may have subsequently been modified with the setRunAsSubject() operation.

Returns:
the current RunAs Subject in this Context.
Throws:
com.ibm.websphere.security.WSSecurityException - if an error occurs

getPropagationTokens

java.util.Map getPropagationTokens()
                                   throws com.ibm.websphere.security.WSSecurityException
Returns the current Map of PropagationTokens stored in this Context. The PropagationTokens in the Map are not retrieved from thread local storage (TLS). The Map of PropagationTokens is initially obtained from TLS at the time this Context is created and may have subsequently been modified with the setPropagationTokens() operation.

Returns:
the Map of PropagationTokens stored in this Context.
Throws:
com.ibm.websphere.security.WSSecurityException - if an error occurs

setPropagationTokens

void setPropagationTokens(java.util.Map tokens)
                          throws com.ibm.websphere.security.WSSecurityException
Replaces the Map of PropagationTokens stored in this Context with the given Map. This operation does not modify the Map of PropagationTokens in thread local storage (TLS). The given Map becomes the current Map of PropagationTokens stored in this Context and the previous Map is lost and discarded.

Parameters:
tokens - the Map of PropagationTokens to replace the current Map in this Context.
Throws:
com.ibm.websphere.security.WSSecurityException - if an error occurs

getDomain

Domain getDomain()
                 throws com.ibm.websphere.security.WSSecurityException
Returns the current domain stored in this Context. The domain is not retrieved from thread local storage (TLS), it is initially obtained from TLS at the time this Context is created and may have subsequently been modified with the setDomain() operation.

Returns:
the domain stored in this Context.
Throws:
com.ibm.websphere.security.WSSecurityException - if an error occurs

setDomain

void setDomain(Domain domain)
               throws com.ibm.websphere.security.WSSecurityException
Replaces the domain stored in this Context with the given domain. This operation does not modify the domain in thread local storage (TLS). The given domain becomes the current domain stored in this Context and the previous domain is lost and discarded.

Parameters:
domain - the Domain to replace the current Domain in this Context.
Throws:
com.ibm.websphere.security.WSSecurityException - if an error occurs

IBM WebSphere Application ServerTM
Release 8