OpenJDK 1.23 · java.security.AccessControlContext · APIdia, the JavaDoc alternative

An AccessControlContext is used to make system resource access decisions based on the context it encapsulates.

More specifically, it encapsulates a context and has a single method, checkPermission, that is equivalent to the checkPermission method in the AccessController class, with one difference: The checkPermission method makes access decisions based on the context it encapsulates, rather than that of the current execution thread.

Thus, the purpose of AccessControlContext is for those situations where a security check that should be made within a given context actually needs to be done from within a different context (for example, from within a worker thread).

An AccessControlContext is created by calling the AccessController.getContext method. The getContext method takes a "snapshot" of the current calling context, and places it in an AccessControlContext object, which it returns. A sample call is the following:

  AccessControlContext acc = AccessController.getContext()

Code within a different context can subsequently call the checkPermission method on the previously-saved AccessControlContext object. A sample call is the following:

  acc.checkPermission(permission)

Field Summary

Modifier and Type	Field and Description
private DomainCombiner	combiner References Deprecated `DomainCombiner` is deprecated or references (maybe indirectly) at least one deprecated element.
private ProtectionDomain[]	context
private static Debug	debug
private static boolean	debugInit
private boolean	isAuthorized
private boolean	isLimited
private boolean	isPrivileged
private boolean	isWrapped
private ProtectionDomain[]	limitedContext
private AccessControlContext	parent References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element.
private Permission[]	permissions
private AccessControlContext	privilegedContext References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element.

Constructor Summary

Access	Constructor and Description
public	AccessControlContext(ProtectionDomain[] the `ProtectionDomain` objects associated with this context. The non-duplicate domains are copied from the array. Subsequent changes to the array will not affect this `AccessControlContext`. context) Create an `AccessControlContext` with the given array of `ProtectionDomain` objects.
public	AccessControlContext(AccessControlContext the `AccessControlContext` associated with the provided `DomainCombiner`. acc, DomainCombiner the `DomainCombiner` to be associated with the provided `AccessControlContext`. combiner) References Deprecated `AccessControlContext` and `DomainCombiner` are deprecated or reference (maybe indirectly) at least one deprecated element. Create a new `AccessControlContext` with the given `AccessControlContext` and `DomainCombiner`.
pack-priv	AccessControlContext(AccessControlContext acc, DomainCombiner combiner, boolean preauthorized) References Deprecated `AccessControlContext` and `DomainCombiner` are deprecated or reference (maybe indirectly) at least one deprecated element. package private to allow calls from `ProtectionDomain` without performing the security check for SecurityConstants#CREATE_ACC_PERMISSION permission
pack-priv	AccessControlContext(ProtectionDomain caller, DomainCombiner combiner, AccessControlContext parent, AccessControlContext context, Permission[] perms) References Deprecated `DomainCombiner` and `AccessControlContext` are deprecated or reference (maybe indirectly) at least one deprecated element. package private for `AccessController` This "argument wrapper" context will be passed as the actual context parameter on an internal doPrivileged() call used in the implementation.
pack-priv	AccessControlContext(ProtectionDomain[] context, boolean isPrivileged) package private constructor for `AccessController.getContext()`
pack-priv	AccessControlContext(ProtectionDomain[] context, AccessControlContext privilegedContext) References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element. Constructor for `JavaSecurityAccess.doIntersectionPrivilege()`

Method Summary

Modifier and Type	Method and Description
private void	calculateFields(AccessControlContext assigned, AccessControlContext parent, Permission[] permissions) References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element.
public void	checkPermission(Permission the requested permission. perm) Determines whether the access request indicated by the specified permission should be allowed or denied, based on the security policy currently in effect, and the context in this object.
private void	checkPermission2(Permission perm)
private static ProtectionDomain[]	combine(ProtectionDomain[] current, ProtectionDomain[] assigned)
private boolean	containsAllLimits(AccessControlContext that) References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element.
private static boolean	containsAllPDs(ProtectionDomain[] thisContext, ProtectionDomain[] thatContext)
private boolean	equalContext(AccessControlContext that) References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element.
private boolean	equalLimitedContext(AccessControlContext that) References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element.
private boolean	equalPDs(ProtectionDomain[] a, ProtectionDomain[] b)
public boolean	Returns: `true` if `obj` is an `AccessControlContext`, and has the same set of `ProtectionDomain` objects as this context, `false` otherwise. equals(Object the object we are testing for equality with this object. obj) Overrides java.lang.Object.equals. Checks two `AccessControlContext` objects for equality.
pack-priv DomainCombiner	getAssignedCombiner() References Deprecated `DomainCombiner` is deprecated or references (maybe indirectly) at least one deprecated element. get the assigned combiner from the privileged or inherited context
pack-priv DomainCombiner	getCombiner() References Deprecated `DomainCombiner` is deprecated or references (maybe indirectly) at least one deprecated element. package private for `AccessController`
pack-priv ProtectionDomain[]	getContext() Returns this context's context.
pack-priv static Debug	getDebug()
public DomainCombiner	Returns: the `DomainCombiner` associated with this `AccessControlContext`, or `null` if there is none. getDomainCombiner() References Deprecated `DomainCombiner` is deprecated or references (maybe indirectly) at least one deprecated element. Get the `DomainCombiner` associated with this `AccessControlContext`.
private static AccessControlContext	getNextPC(AccessControlContext acc) References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element.
public int	Returns: the hash code value for this context hashCode() Overrides java.lang.Object.hashCode. Returns the hash code value for this context.
pack-priv boolean	isAuthorized()
pack-priv boolean	isPrivileged() Returns `true` if this context is privileged.
pack-priv AccessControlContext	optimize() References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element. Take the stack-based context (this) and combine it with the privileged or inherited context, if need be.

Inherited from java.lang.Object:: clone finalize getClass notify notifyAll toString wait wait wait

Field Detail

combiner	back to summary
private DomainCombiner combiner References Deprecated `DomainCombiner` is deprecated or references (maybe indirectly) at least one deprecated element. See corresponding docs for further information. Annotations @SuppressWarnings:removal

context	back to summary
private ProtectionDomain[] context

debug	back to summary
private static Debug debug

debugInit	back to summary
private static boolean debugInit

isAuthorized	back to summary
private boolean isAuthorized

isLimited	back to summary
private boolean isLimited

isPrivileged	back to summary
private boolean isPrivileged

isWrapped	back to summary
private boolean isWrapped

limitedContext	back to summary
private ProtectionDomain[] limitedContext

parent	back to summary
private AccessControlContext parent References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element. See corresponding docs for further information.

permissions	back to summary
private Permission[] permissions

privilegedContext	back to summary
private AccessControlContext privilegedContext References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element. See corresponding docs for further information.

Constructor Detail

AccessControlContext back to summary

AccessControlContext	back to summary
public AccessControlContext(ProtectionDomain[] context) Create an `AccessControlContext` with the given array of `ProtectionDomain` objects. Context must not be `null`. Duplicate domains will be removed from the context. Parameters context:ProtectionDomain[] the `ProtectionDomain` objects associated with this context. The non-duplicate domains are copied from the array. Subsequent changes to the array will not affect this `AccessControlContext`. Exceptions NullPointerException: if `context` is `null`

public AccessControlContext(ProtectionDomain[] context)

Create an AccessControlContext with the given array of ProtectionDomain objects. Context must not be null. Duplicate domains will be removed from the context.

Parameters

context:ProtectionDomain[]: the ProtectionDomain objects associated with this context. The non-duplicate domains are copied from the array. Subsequent changes to the array will not affect this AccessControlContext.

Exceptions

NullPointerException:: if context is null

AccessControlContext back to summary

AccessControlContext	back to summary
public AccessControlContext(AccessControlContext acc, DomainCombiner combiner) References Deprecated `AccessControlContext` and `DomainCombiner` are deprecated or reference (maybe indirectly) at least one deprecated element. See corresponding docs for further information. Create a new `AccessControlContext` with the given `AccessControlContext` and `DomainCombiner`. This constructor associates the provided `DomainCombiner` with the provided `AccessControlContext`. Parameters acc:AccessControlContext the `AccessControlContext` associated with the provided `DomainCombiner`. combiner:DomainCombiner the `DomainCombiner` to be associated with the provided `AccessControlContext`. Exceptions NullPointerException: if the provided `context` is `null`. SecurityException: if a security manager is installed and the caller does not have the "createAccessControlContext" `SecurityPermission` Since 1.3

public AccessControlContext(AccessControlContext acc, DomainCombiner combiner)

References Deprecated

AccessControlContext and DomainCombiner are deprecated or reference (maybe indirectly) at least one deprecated element.

See corresponding docs for further information.

Create a new AccessControlContext with the given AccessControlContext and DomainCombiner. This constructor associates the provided DomainCombiner with the provided AccessControlContext.

Parameters

acc:AccessControlContext: the AccessControlContext associated with the provided DomainCombiner.
combiner:DomainCombiner: the DomainCombiner to be associated with the provided AccessControlContext.

Exceptions

NullPointerException:: if the provided context is null.
SecurityException:: if a security manager is installed and the caller does not have the "createAccessControlContext" SecurityPermission

Since

1.3

AccessControlContext back to summary

AccessControlContext	back to summary
pack-priv AccessControlContext(AccessControlContext acc, DomainCombiner combiner, boolean preauthorized) References Deprecated `AccessControlContext` and `DomainCombiner` are deprecated or reference (maybe indirectly) at least one deprecated element. See corresponding docs for further information. package private to allow calls from `ProtectionDomain` without performing the security check for SecurityConstants#CREATE_ACC_PERMISSION permission

pack-priv AccessControlContext(AccessControlContext acc, DomainCombiner combiner, boolean preauthorized)

References Deprecated

AccessControlContext and DomainCombiner are deprecated or reference (maybe indirectly) at least one deprecated element.

See corresponding docs for further information.

package private to allow calls from ProtectionDomain without performing the security check for SecurityConstants#CREATE_ACC_PERMISSION permission

AccessControlContext back to summary

AccessControlContext	back to summary
pack-priv AccessControlContext(ProtectionDomain caller, DomainCombiner combiner, AccessControlContext parent, AccessControlContext context, Permission[] perms) References Deprecated `DomainCombiner` and `AccessControlContext` are deprecated or reference (maybe indirectly) at least one deprecated element. See corresponding docs for further information. package private for `AccessController` This "argument wrapper" context will be passed as the actual context parameter on an internal doPrivileged() call used in the implementation.

pack-priv AccessControlContext(ProtectionDomain caller, DomainCombiner combiner, AccessControlContext parent, AccessControlContext context, Permission[] perms)

References Deprecated

DomainCombiner and AccessControlContext are deprecated or reference (maybe indirectly) at least one deprecated element.

See corresponding docs for further information.

package private for AccessController This "argument wrapper" context will be passed as the actual context parameter on an internal doPrivileged() call used in the implementation.

AccessControlContext	back to summary
pack-priv AccessControlContext(ProtectionDomain[] context, boolean isPrivileged) package private constructor for `AccessController.getContext()`

AccessControlContext	back to summary
pack-priv AccessControlContext(ProtectionDomain[] context, AccessControlContext privilegedContext) References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element. See corresponding docs for further information. Constructor for `JavaSecurityAccess.doIntersectionPrivilege()`

Method Detail

calculateFields	back to summary
private void calculateFields(AccessControlContext assigned, AccessControlContext parent, Permission[] permissions) References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element. See corresponding docs for further information.

checkPermission back to summary

checkPermission	back to summary
public void checkPermission(Permission perm) throws AccessControlException Determines whether the access request indicated by the specified permission should be allowed or denied, based on the security policy currently in effect, and the context in this object. The request is allowed only if every `ProtectionDomain` in the context implies the permission. Otherwise the request is denied. This method quietly returns if the access request is permitted, or throws a suitable `AccessControlException` otherwise. Parameters perm:Permission the requested permission. Annotations @SuppressWarnings:removal Exceptions AccessControlException: if the specified permission is not permitted, based on the current security policy and the context encapsulated by this object. NullPointerException: if the permission to check for is `null`.

public void checkPermission(Permission perm) throws AccessControlException

Determines whether the access request indicated by the specified permission should be allowed or denied, based on the security policy currently in effect, and the context in this object. The request is allowed only if every ProtectionDomain in the context implies the permission. Otherwise the request is denied.

This method quietly returns if the access request is permitted, or throws a suitable AccessControlException otherwise.

Parameters

perm:Permission: the requested permission.

Annotations

@SuppressWarnings:removal

Exceptions

AccessControlException:: if the specified permission is not permitted, based on the current security policy and the context encapsulated by this object.
NullPointerException:: if the permission to check for is null.

checkPermission2	back to summary
private void checkPermission2(Permission perm)

combine	back to summary
private static ProtectionDomain[] combine(ProtectionDomain[] current, ProtectionDomain[] assigned)

containsAllLimits	back to summary
private boolean containsAllLimits(AccessControlContext that) References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element. See corresponding docs for further information.

containsAllPDs	back to summary
private static boolean containsAllPDs(ProtectionDomain[] thisContext, ProtectionDomain[] thatContext)

equalContext	back to summary
private boolean equalContext(AccessControlContext that) References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element. See corresponding docs for further information.

equalLimitedContext	back to summary
private boolean equalLimitedContext(AccessControlContext that) References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element. See corresponding docs for further information.

equalPDs	back to summary
private boolean equalPDs(ProtectionDomain[] a, ProtectionDomain[] b)

equals back to summary

equals	back to summary
public boolean equals(Object obj) Overrides java.lang.Object.equals. Checks two `AccessControlContext` objects for equality. Checks that `obj` is an `AccessControlContext` and has the same set of `ProtectionDomain` objects as this context. Parameters obj:Object the object we are testing for equality with this object. Returns:boolean `true` if `obj` is an `AccessControlContext`, and has the same set of `ProtectionDomain` objects as this context, `false` otherwise. Annotations @Override

public boolean equals(Object obj)

Overrides java.lang.Object.equals.

Checks two AccessControlContext objects for equality. Checks that obj is an AccessControlContext and has the same set of ProtectionDomain objects as this context.

Parameters

obj:Object: the object we are testing for equality with this object.

Returns:boolean

true if obj is an AccessControlContext, and has the same set of ProtectionDomain objects as this context, false otherwise.

Annotations

@Override

getAssignedCombiner back to summary

getAssignedCombiner	back to summary
pack-priv DomainCombiner getAssignedCombiner() References Deprecated `DomainCombiner` is deprecated or references (maybe indirectly) at least one deprecated element. See corresponding docs for further information. get the assigned combiner from the privileged or inherited context Annotations @SuppressWarnings:removal

pack-priv DomainCombiner getAssignedCombiner()

References Deprecated

DomainCombiner is deprecated or references (maybe indirectly) at least one deprecated element.

See corresponding docs for further information.

get the assigned combiner from the privileged or inherited context

Annotations

@SuppressWarnings:removal

getCombiner back to summary

getCombiner	back to summary
pack-priv DomainCombiner getCombiner() References Deprecated `DomainCombiner` is deprecated or references (maybe indirectly) at least one deprecated element. See corresponding docs for further information. package private for `AccessController` Annotations @SuppressWarnings:removal

pack-priv DomainCombiner getCombiner()

References Deprecated

DomainCombiner is deprecated or references (maybe indirectly) at least one deprecated element.

See corresponding docs for further information.

package private for AccessController

Annotations

@SuppressWarnings:removal

getContext	back to summary
pack-priv ProtectionDomain[] getContext() Returns this context's context.

getDebug	back to summary
pack-priv static Debug getDebug() Annotations @SuppressWarnings:removal

getDomainCombiner back to summary

getDomainCombiner	back to summary
public DomainCombiner getDomainCombiner() References Deprecated `DomainCombiner` is deprecated or references (maybe indirectly) at least one deprecated element. See corresponding docs for further information. Get the `DomainCombiner` associated with this `AccessControlContext`. Returns:DomainCombiner the `DomainCombiner` associated with this `AccessControlContext`, or `null` if there is none. Annotations @SuppressWarnings:removal Exceptions SecurityException: if a security manager is installed and the caller does not have the "getDomainCombiner" `SecurityPermission` Since 1.3

public DomainCombiner getDomainCombiner()

References Deprecated

DomainCombiner is deprecated or references (maybe indirectly) at least one deprecated element.

See corresponding docs for further information.

Get the DomainCombiner associated with this AccessControlContext.

Returns:DomainCombiner

the DomainCombiner associated with this AccessControlContext, or null if there is none.

Annotations

@SuppressWarnings:removal

Exceptions

SecurityException:: if a security manager is installed and the caller does not have the "getDomainCombiner" SecurityPermission

Since

1.3

getNextPC	back to summary
private static AccessControlContext getNextPC(AccessControlContext acc) References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element. See corresponding docs for further information.

hashCode	back to summary
public int hashCode() Overrides java.lang.Object.hashCode. Returns the hash code value for this context. The hash code is computed by exclusive or-ing the hash code of all the protection domains in the context together. Returns:int the hash code value for this context Annotations @Override

hashCode

back to summary

public int hashCode()

Overrides java.lang.Object.hashCode.

Returns the hash code value for this context. The hash code is computed by exclusive or-ing the hash code of all the protection domains in the context together.

Returns:int

the hash code value for this context

Annotations

@Override

isAuthorized	back to summary
pack-priv boolean isAuthorized()

isPrivileged	back to summary
pack-priv boolean isPrivileged() Returns `true` if this context is privileged.

optimize back to summary

optimize	back to summary
pack-priv AccessControlContext optimize() References Deprecated `AccessControlContext` is deprecated or references (maybe indirectly) at least one deprecated element. See corresponding docs for further information. Take the stack-based context (this) and combine it with the privileged or inherited context, if need be. Any limited privilege scope is flagged regardless of whether the assigned context comes from an immediately enclosing limited doPrivileged(). The limited privilege scope can indirectly flow from the inherited parent thread or an assigned context previously captured by getContext(). Annotations @SuppressWarnings:removal

pack-priv AccessControlContext optimize()

References Deprecated

AccessControlContext is deprecated or references (maybe indirectly) at least one deprecated element.

See corresponding docs for further information.

Take the stack-based context (this) and combine it with the privileged or inherited context, if need be. Any limited privilege scope is flagged regardless of whether the assigned context comes from an immediately enclosing limited doPrivileged(). The limited privilege scope can indirectly flow from the inherited parent thread or an assigned context previously captured by getContext().

Annotations

@SuppressWarnings:removal

public final Class AccessControlContext

Field Summary

Constructor Summary

Method Summary

Field Detail

Constructor Detail

Method Detail