SubjectDelegator.java 文件源码

public synchronized AccessControlContext
    delegatedContext(AccessControlContext authenticatedACC,
                     Subject delegatedSubject,
                     boolean removeCallerContext)
        throws SecurityException {

    if (System.getSecurityManager() != null && authenticatedACC == null) {
        throw new SecurityException("Illegal AccessControlContext: null");
    }
    if (principalsCache == null || accCache == null) {
        principalsCache =
                new CacheMap<>(PRINCIPALS_CACHE_SIZE);
        accCache =
                new CacheMap<>(ACC_CACHE_SIZE);
    }

    // Retrieve the principals for the given
    // delegated subject from the cache
    //
    Principal[] delegatedPrincipals = principalsCache.get(delegatedSubject);

    // Convert the set of principals stored in the
    // delegated subject into an array of principals
    // and store it in the cache
    //
    if (delegatedPrincipals == null) {
        delegatedPrincipals =
            delegatedSubject.getPrincipals().toArray(new Principal[0]);
        principalsCache.put(delegatedSubject, delegatedPrincipals);
    }

    // Retrieve the access control context for the
    // given delegated subject from the cache
    //
    AccessControlContext delegatedACC = accCache.get(delegatedSubject);

    // Build the access control context to be used
    // when executing code as the delegated subject
    // and store it in the cache
    //
    if (delegatedACC == null) {
        if (removeCallerContext) {
            delegatedACC =
                JMXSubjectDomainCombiner.getDomainCombinerContext(
                                                          delegatedSubject);
        } else {
            delegatedACC =
                JMXSubjectDomainCombiner.getContext(delegatedSubject);
        }
        accCache.put(delegatedSubject, delegatedACC);
    }

    // Check if the subject delegation permission allows the
    // authenticated subject to assume the identity of each
    // principal in the delegated subject
    //
    final Principal[] dp = delegatedPrincipals;
    final Collection<Permission> permissions = new ArrayList<>(dp.length);
    for(Principal p : dp) {
        final String pname = p.getClass().getName() + "." + p.getName();
        permissions.add(new SubjectDelegationPermission(pname));
    }
    PrivilegedAction<Void> action =
        new PrivilegedAction<Void>() {
            public Void run() {
                for (Permission sdp : permissions) {
                    AccessController.checkPermission(sdp);
                }
                return null;
            }
        };
    AccessController.doPrivileged(action, authenticatedACC);

    return delegatedACC;
}