Author: peter_firmstone Date: Sun Nov 17 11:09:48 2013 New Revision: 1542705
URL: http://svn.apache.org/r1542705 Log: Update to documentation in preparation for a preliminary release. Modified: river/jtsk/skunk/qa_refactor/trunk/src/net/jini/security/Security.java river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/SubjectDomain.java Modified: river/jtsk/skunk/qa_refactor/trunk/src/net/jini/security/Security.java URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/src/net/jini/security/Security.java?rev=1542705&r1=1542704&r2=1542705&view=diff ============================================================================== --- river/jtsk/skunk/qa_refactor/trunk/src/net/jini/security/Security.java (original) +++ river/jtsk/skunk/qa_refactor/trunk/src/net/jini/security/Security.java Sun Nov 17 11:09:48 2013 @@ -551,12 +551,13 @@ public final class Security { * <p> * This method retrieves the current Threads AccessControlContext and * using a SubjectDomainCombiner subclass, prepends a new ProtectionDomain - * implementing SubjectDomain, containing the Principals of the Subject, a + * implementing {@link org.apache.river.api.security.SubjectDomain}, + * containing the Principals of the Subject, a * CodeSource with a null URL and null Certificate array, with no * Permission and a null ClassLoader. * <p> * Unlike Subject.doAs, existing ProtectionDomains are not replaced unless - * they implement SubjectDomain. + * they implement {@link org.apache.river.api.security.SubjectDomain}. * <p> * Policy grants to Principals only are implied when run as the Subject, * combinations of Principal, CodeSource URL and Certificates never imply @@ -568,10 +569,13 @@ public final class Security { * The SubjectDomainCombiner used treats CodeSource and Principal grants * as separate concerns. * <p> - * If a policy provider is installed that recognises SubjectDomain, then + * If a policy provider is installed that recognises + * {@link org.apache.river.api.security.SubjectDomain}, then * Subjects who's principals are mutated are effective immediately. * <p> - * No AuthPermission is required to call this method. + * No AuthPermission is required to call this method, it cannot elevate + * privileges, only reduce them to those determined by a policy for a + * particular Subject. * <p> * @param subject The Subject the work will be performed as, may be null. * @param action The code to be run as the Subject. @@ -592,12 +596,13 @@ public final class Security { * <p> * This method retrieves the current Thread AccessControlContext and * using a SubjectDomainCombiner subclass, prepends a new ProtectionDomain - * implementing SubjectDomain, containing the Principals of the Subject, a + * implementing {@link org.apache.river.api.security.SubjectDomain}, + * containing the Principals of the Subject, a * CodeSource with a null URL and null Certificate array, with no * Permission and a null ClassLoader. * <p> * Unlike Subject.doAs, existing ProtectionDomains are not replaced unless - * they implement SubjectDomain. + * they implement {@link org.apache.river.api.security.SubjectDomain}. * <p> * Policy grants to Principals only are implied when run as the Subject, * combinations of Principal, CodeSource URL and Certificate grants never imply @@ -613,10 +618,13 @@ public final class Security { * is package private and can only be accessed through SubjectDomainCombiner * public methods. * <p> - * If a policy provider is installed that recognizes SubjectDomain, then + * If a policy provider is installed that recognizes + * {@link org.apache.river.api.security.SubjectDomain}, then * Subjects who's principals are mutated are effective immediately. * <p> - * No AuthPermission is required to call this method. + * No AuthPermission is required to call this method, it cannot elevate + * privileges, only reduce them to those determined by a policy for a + * particular Subject. * <p> * @param subject The Subject the work will be performed as, may be null. * @param action The code to be run as the Subject. Modified: river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/SubjectDomain.java URL: http://svn.apache.org/viewvc/river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/SubjectDomain.java?rev=1542705&r1=1542704&r2=1542705&view=diff ============================================================================== --- river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/SubjectDomain.java (original) +++ river/jtsk/skunk/qa_refactor/trunk/src/org/apache/river/api/security/SubjectDomain.java Sun Nov 17 11:09:48 2013 @@ -35,8 +35,8 @@ import javax.security.auth.Subject; * <p> * However in a distributed system, because code trust and Subject's are * separate concerns, methods have been provided in - * {@link net.jini.security.Security} to prepend a <code>ProtectionDomain</code> - * to the stack instead of injecting Principal's into all ProtectionDomain's on + * {@link net.jini.security.Security} to push a <code>SubjectDomain</code> + * onto the stack instead of injecting Principal's into all ProtectionDomain's on * the stack, this avoids mistakenly elevating privileges of less trusted * code, if present on a call stack at the time the doAs subject method is called. * <p>
