- java.lang.Object
-
- java.security.Permission
-
- java.security.BasicPermission
-
- javax.security.auth.AuthPermission
-
- All Implemented Interfaces:
Serializable
,Guard
public final class AuthPermission extends BasicPermission
This class is for authentication permissions. AnAuthPermission
contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.The target name is the name of a security configuration parameter (see below). Currently the
AuthPermission
object is used to guard access to thePolicy
,Subject
,LoginContext
, andConfiguration
objects.The standard target names for an Authentication Permission are:
doAs - allow the caller to invoke the
Subject.doAs
methods. doAsPrivileged - allow the caller to invoke theSubject.doAsPrivileged
methods. getSubject - allow for the retrieval of the Subject(s) associated with the current Thread. getSubjectFromDomainCombiner - allow for the retrieval of the Subject associated with the aSubjectDomainCombiner
. setReadOnly - allow the caller to set a Subject to be read-only. modifyPrincipals - allow the caller to modify theSet
of Principals associated with aSubject
modifyPublicCredentials - allow the caller to modify theSet
of public credentials associated with aSubject
modifyPrivateCredentials - allow the caller to modify theSet
of private credentials associated with aSubject
refreshCredential - allow code to invoke therefresh
method on a credential which implements theRefreshable
interface. destroyCredential - allow code to invoke thedestroy
method on a credentialobject
which implements theDestroyable
interface. createLoginContext.{name} - allow code to instantiate aLoginContext
with the specifiedname
.name
is used as the index into the installed loginConfiguration
(that returned byConfiguration.getConfiguration()
). name can be wildcarded (set to '*') to allow for any name. getLoginConfiguration - allow for the retrieval of the system-wide login Configuration. createLoginConfiguration.{type} - allow code to obtain a Configuration object viaConfiguration.getInstance
. setLoginConfiguration - allow for the setting of the system-wide login Configuration. refreshLoginConfiguration - allow for the refreshing of the system-wide login Configuration.Please note that granting this permission with the "modifyPrincipals", "modifyPublicCredentials" or "modifyPrivateCredentials" target allows a JAAS login module to populate principal or credential objects into the Subject. Although reading information inside the private credentials set requires a
PrivateCredentialPermission
of the credential type to be granted, reading information inside the principals set and the public credentials set requires no additional permission. These objects can contain potentially sensitive information. For example, login modules that read local user information or perform a Kerberos login are able to add potentially sensitive information such as user ids, groups and domain names to the principals set.The following target name has been deprecated in favor of
createLoginContext.{name}
.createLoginContext - allow code to instantiate a
LoginContext
.javax.security.auth.Policy
has been deprecated in favor ofjava.security.Policy
. Therefore, the following target names have also been deprecated:getPolicy - allow the caller to retrieve the system-wide Subject-based access control policy. setPolicy - allow the caller to set the system-wide Subject-based access control policy. refreshPolicy - allow the caller to refresh the system-wide Subject-based access control policy.
- Implementation Note:
- Implementations may define additional target names, but should use naming conventions such as reverse domain name notation to avoid name clashes.
- Since:
- 1.4
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description AuthPermission(String name)
Creates a new AuthPermission with the specified name.AuthPermission(String name, String actions)
Creates a new AuthPermission object with the specified name.
-
Method Summary
-
Methods inherited from class java.security.BasicPermission
equals, getActions, hashCode, implies, newPermissionCollection
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
-
Methods inherited from class java.security.Permission
checkGuard, getName, toString
-
-
-
-
Constructor Detail
-
AuthPermission
public AuthPermission(String name)
Creates a new AuthPermission with the specified name. The name is the symbolic name of the AuthPermission.- Parameters:
name
- the name of the AuthPermission- Throws:
NullPointerException
- ifname
isnull
.IllegalArgumentException
- ifname
is empty.
-
AuthPermission
public AuthPermission(String name, String actions)
Creates a new AuthPermission object with the specified name. The name is the symbolic name of the AuthPermission, and the actions String is currently unused and should be null.- Parameters:
name
- the name of the AuthPermissionactions
- should be null.- Throws:
NullPointerException
- ifname
isnull
.IllegalArgumentException
- ifname
is empty.
-
-