Identity Scopes
The
database that an identity is held in is an identity scope. There can
be multiple identity scopes in a Java program, though typically there
is only a system identity scope. By default, the system identity
scope for all Java programs is read from a file; this file is the
database that javakey
operates on. But the
architecture of an identity scope can be more complex than a single
scope.
As Figure 2.1 shows, multiple identity scopes can be nested, or they can be disjoint. This is because an identity scope may itself be scoped—that is, just like an identity can belong to a particular scope, an identity scope can belong to another scope.
Figure B-1. Identity scopes
This architecture is not as useful as it might seem, since the
identity scope class does not give any particular semantics to the
notion of a nested identity scope. If you search the system scope in
the figure for sdo
’s identity, you may or
may not find it, depending on how the system identity scope is
implemented. That’s because there’s no requirement that
an identity scope recursively search its enclosed scopes for any
information. And the default identity scope does not do such a
recursive search.
This is not to prevent you from writing identity scope classes that use such semantics—indeed, writing such a scope is the goal of this appendix.
The idea of an identity scope, of course, is to hold one or more ...
Get Java Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.