public class ClientPermissionChecker extends Object implements ClientSubjectChecker
ClientSubjectChecker
that approves or rejects
client subjects based on whether or not they have been granted a particular
permission.Modifier and Type | Field and Description |
---|---|
private SoftCache |
domains |
private static CodeSource |
emptyCS |
private static ProtectionDomain |
emptyPD |
private Permission |
permission |
Constructor and Description |
---|
ClientPermissionChecker(Permission permission)
Creates instance that checks if client subjects have been granted the
specified permission.
|
Modifier and Type | Method and Description |
---|---|
void |
checkClientSubject(Subject subject)
Checks whether or not to permit exchanging or accepting data with/from a
client authenticated as the given subject, by testing if the subject has
been granted the permission that this instance was constructed with.
|
private static final CodeSource emptyCS
private static final ProtectionDomain emptyPD
private final SoftCache domains
private final Permission permission
public ClientPermissionChecker(Permission permission)
permission
- the permission to use in client subject checksNullPointerException
- if permission
is
null
public void checkClientSubject(Subject subject)
ProtectionDomain
is
constructed with an empty CodeSource
(null
location
and certificates), null
permissions, null
class loader, and the principals from the given client subject (if any),
and the implies
method of that
protection domain is invoked with the specified permission. If
true
is returned, this method returns normally, otherwise a
SecurityException
is thrown. If no security manager is
installed, this method returns normally. The given client subject must
be read-only if non-null
.checkClientSubject
in interface ClientSubjectChecker
subject
- the client subject to checkSecurityException
- if the client subject check failsIllegalArgumentException
- if the given subject is not read-onlyCopyright 2007-2013, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.