Identity Scopes
The database that an identity is held in
is an identity scope. There can be multiple identity scopes in a Java
program, though typically there is only a system identity scope. By
default, the system identity scope for all Java programs is read from
a file; this file is the database that javakey
operates on. But the architecture of an identity scope can be more
complex than a single scope.
As Figure C-1 shows, multiple identity scopes can be nested, or they can be disjoint. This is because an identity scope may itself be scoped -- that is, just like an identity can belong to a particular scope, an identity scope can belong to another scope.
Figure C-1. Identity scopes
This architecture is not as useful as it might seem since the
identity scope class does not give any particular semantics to the
notion of a nested identity scope. If you search the system scope in
the figure for sdo
’s identity, you may or
may not find it, depending on how the system identity scope is
implemented. That’s because there’s no requirement that
an identity scope recursively search its enclosed scopes for any
information. And the default identity scope does not do such a
recursive search.
This is not to prevent you from writing identity scope classes that use such semantics -- indeed, writing such a scope is the goal of this appendix.
The idea of an identity scope, of course, is to hold one ...
Get Java Security, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.