: Delegation Chaining
A series of objects may be involved in a given service request. For example, suppose some object A (client) invokes a method on another object B (target). Object B might complete the task on its own or might in turn invoke a method on another object, C. In this context, object B which was earlier the target (for A's invocation) becomes a client for the method invocation on object C. Thus objects that are at first targets may later become clients. This effectively forms a delegation chain where object A is the initiator, object C is the final target and object B is an intermediate.
There are three different approaches, or modes, that may apply
to such chains (see Figure 
):
After obtaining the delegation certificate from a delegator, an intermediate object might invoke a method on another object down the chain. At this point, the intermediate may decide to use only the delegator's privileges or combine it with its own privileges. This decision of either passing delegator's privileges only (impersonation) or combining its privileges too (composite) is based on the delegation mode specified for the intermediate object. Mode specification may be explicit through the application, or may be implicitly set by the administrator of that object service.
public class TravelAsst {
:
public void makeReservation() {
:
AccessController.enablePrivileged(managerRole);
AccessController.enableSimpleDelegation();
remoteAdmin.purchaseTicket();
AccessController.disableDelegation();
AccessController.disablePrivilege();
:
}
}