Dynamic groups. Advances. Part V

Previously I had written that to utilize DfPrivilegedActionInRole capability in DFC you need either to modify java.policy or create special docbase module. Today, while implementing functionality for project, I revealed that both options are not suitable for that project, so I decided to dig a bit deeper into internals of DfPrivilegedActionInRole/RoleRequestManager classes and after a while I got following alternative for DfPrivilegedActionInRole class, which requires neither docbase modules nor modifying java.policy:

/**
 * @author Andrey B. Panfilov <andrew@panfilov.tel>
 */
public class PrivilegedActionInRole<T> implements PrivilegedAction<T> {

    private final PrivilegedAction<T> _action;

    private final DfRoleSpec _roleSpec;

    public PrivilegedActionInRole(DfRoleSpec roleSpec,
            PrivilegedAction<T> action) {
        _roleSpec = roleSpec;
        _action = action;
    }

    @Override
    public T run() {
        try {
            startPrivilegedRequest(_roleSpec);
            return _action.run();
        } finally {
            stopPrivilegedRequest(_roleSpec);
        }
    }

    public static DfRoleSpec startPrivilegedRequest(String groupName) {
        return startPrivilegedRequest(new DfRoleSpec(groupName));
    }

    public static DfRoleSpec startPrivilegedRequest(String groupName,
            String docbaseName) {
        return startPrivilegedRequest(new DfRoleSpec(groupName, docbaseName));
    }

    public static void stopPrivilegedRequest(DfRoleSpec roleSpec) {
        RoleRequestManager requestManager = RoleRequestManager.getInstance();
        requestManager.pop(roleSpec);
    }

    public static DfRoleSpec startPrivilegedRequest(DfRoleSpec roleSpec) {
        RoleRequestManager requestManager = RoleRequestManager.getInstance();
        requestManager.push(roleSpec, new AccessControlContext(
                new ProtectionDomain[] {}));
        return roleSpec;
    }

}

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s