Authorization providers are normally initialized once per static class context. The provider instance itself is shared among any security context instances subsequently created.
The provider must expect to be used concurrently by multiple security clients. The security provider is initialized by the CSI infrastructure with a call to the init() method, which takes as an argument a java.util.Map of configuration data specific to the provider.
The provider should take this opportunity to validate connections to external resources, if possible, so that configuration errors are manifested as early as possible in the business flow. After initialization, the provider list is provided to security context instances as they are being created. During creation, a security context calls each provider’s initContext() method, passing in an internal context java.util.Map (not to be confused with the security context). This structure should be used to store any working information that the provider needs to maintain state. Because the provider instances are used concurrently by multiple clients, each provider method’s first argument is this context object that is unique to the client’s security context.
After context initialization has completed, the following context map data is passed into the security provider methods:
| Constant | Expected Data Type | Description |
|---|---|---|
| ProviderConst.SEC_CONTEXT | SecContext | The client security context associated with the context map. |
| ProviderConst.CURRENT_SUBJECT | SecSubject | If authenticated, the subject associated with this security context. A provider can use this object to retrieve principals and credentials from the underlying JAAS subject. |
| ProviderConst.WARNING_MANAGER | WarningManager | Providers may use this object to add warnings for
the current operation. Note: Deprecated, use
ProviderServices.
|
| ProviderConst.PROVIDER_SERVICES | ProviderServices | Any service exposed internally to all providers is available through this interface, for example WarningManager, access to profiles, certificate validation, and so on. |