Impersonation

Your code can act on behalf of a user or the system by setting the thread security context. In the rule engine this is done by setting the Subject on the event used to call the rule. If your code does not call a rule you will need to create a PrivilegedExceptionAction and use the Subject.doAs() method.

If a user has been authenticated by the OWSecurityAPI class on the client then any OWEvents created by that client will have the Subject set that corresponds to that user. If you need to call a rule as another user or the System User, you must create the appropriate Subject and place the new Subject on the event. The following code example shows how this is done.

Subject sysSubject = new Subject();

sysSubject.getPrincipals().add(IOWSecurityDef.OWARE_SYSTEM_USER_PRINCIPAL};

myEvent.set_OW_Subject(sysSubject);

If your code does not call a rule, as when using the OWBOMFatClient, you must create the Subject you want to use and a PrivilegedExceptionAction. Then you must execute the PrivilegedExceptionAction using the Subject.doAs() method. Typically, the PrivilegedExceptionAction is created as an anonymous inner class. Anonymous inner classes cannot act on non-final object references so you must create final references for each object that will be accessed by the inner class.

[spacer]

This does not make the Object final, only the reference to that object.

The following code shows how the application may do these actions.

final IOWBean _tempObject = pObject;

try

{

Subject.doAs( pSubject , new PrivilegedExceptionAction()

{

public Object run() throws PrivilegedActionException

{

//work code goes here

try

{

getBOM().deleteObject(_tempObject);

return null;

}

catch(Exception e2)

{

throw new PrivilegedActionException(e2);

}

} } ); }

 

catch(PrivilegedActionException _pax)

{

Exception _rootException = _pax.getException();

if(_rootException instanceof OWBOMAPIException)

{

throw (OWBOMAPIException)_rootException;

}

if(_rootException instanceof OWBOMObjectLockByAnotherException)

{

throw (OWBOMObjectLockByAnotherException)_rootException;

}

if(_rootException instanceof OWRuleEngineException)

{

throw (OWRuleEngineException)_rootException;

}

if(_rootException instanceof OWBOMDupAddObjectException)

{

throw (OWBOMDupAddObjectException)_rootException;

}

if(_rootException instanceof OWBOMCommitObjectException)

{

throw (OWBOMCommitObjectException)_rootException;

}

}