20-10 Oracle Fusion Middleware Application Security Guide param-valuePolicyServletparam-value init-param filter filter-mapping filter-nameJpsFilterfilter-name servlet-namePolicyServletservlet-name dispatcherREQUESTdispatcher filter-mapping... Code Example In the following example, Subject.doAsPrivileged may be replaced by JpsSubject.doAsPrivileged: import javax.security.auth.Subject; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.PrintWriter; import java.io.StringWriter; import java.security.; import java.util.Date; import java.util.PropertyPermission; import java.io.FilePermission; public class PolicyServlet extends HttpServlet { public PolicyServlet { super; } public void initServletConfig config throws ServletException { super.initconfig; } public void doGetHttpServletRequest request, HttpServletResponse response throws ServletException, IOException { final ServletOutputStream out = response.getOutputStream; response.setContentTypetexthtml; out.printlnHTMLBODY bgcolor=\FFFFFF\; out.printlnTime stamp: + new Date.toString; out.println brrequest.getRemoteUser = + request.getRemoteUser + br; out.printlnrequest.isUserInRolesr_developer = + request.isUserInRolesr_developer + br; out.printlnrequest.getUserPrincipal = + request.getUserPrincipal + br; Subject s = null; s = Subject.getSubjectAccessController.getContext; out.printlnSubject in servlet + s; out.printlnbr; final RuntimePermission rtPerm = new RuntimePermissiongetClassLoader; try { The OPSS Policy Model 20-11 Subject.doAsPrivilegeds, new PrivilegedAction { public Object run { try { AccessController.checkPermissionrtPerm; out.printlnbr; out.printlnCheckPermission passed for permission: + rtPerm+ seeded in application policy; out.printlnbr; } catch IOException e { e.printStackTrace; printException IOException, e, out; } catch AccessControlException ace { ace.printStackTrace; printException Accesscontrol Exception, ace, out; } return null; } }, null; } catch Throwable e { e.printStackTrace; printExceptionapplication policy check failed, e, out; } out.printlnBODY; out.printlnHTML; } void printExceptionString msg, Throwable e, ServletOutputStream out { Throwable t; try { StringWriter sw = new StringWriter; PrintWriter pw = new PrintWritersw, true; e.printStackTracepw; out.printlnp + msg + p; out.printlncode; out.printlnsw.getBuffer.toString; t = e; Print the root cause while t = t.getCause = null { sw = new StringWriter; pw = new PrintWritersw, true; t.printStackTracepw; out.printlnhr; out.printlnp Caused By ... p; out.printlnsw.getBuffer.toString; } out.printlncodep; } catch IOException ioe { ioe.printStackTrace; } } }

20.3.3.2 Using the Methods doAs and doAsPrivileged

Oracle Fusion Middleware supports the methods doAs and doAsPrivileged in the standard class javax.security.auth.Subject.