AuthPermission

Class Overview

This class is for authentication permissions. An AuthPermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.

The target name is the name of a security configuration parameter (see below). Currently the AuthPermission object is used to guard access to the Policy, Subject, LoginContext, and Configuration objects.

The possible target names for an Authentication Permission are:

      doAs -                  allow the caller to invoke the
                              Subject.doAs methods.

      doAsPrivileged -        allow the caller to invoke the
                              Subject.doAsPrivileged methods.

      getSubject -            allow for the retrieval of the
                              Subject(s) associated with the
                              current Thread.

      getSubjectFromDomainCombiner -  allow for the retrieval of the
                              Subject associated with the
                              a SubjectDomainCombiner.

      setReadOnly -           allow the caller to set a Subject
                              to be read-only.

      modifyPrincipals -      allow the caller to modify the Set
                              of Principals associated with a
                              Subject

      modifyPublicCredentials - allow the caller to modify the
                              Set of public credentials
                              associated with a Subject

      modifyPrivateCredentials - allow the caller to modify the
                              Set of private credentials
                              associated with a Subject

      refreshCredential -     allow code to invoke the refresh
                              method on a credential which implements
                              the Refreshable interface.

      destroyCredential -     allow code to invoke the destroy
                              method on a credential object
                              which implements the Destroyable
                              interface.

      createLoginContext.{name} -  allow code to instantiate a
                              LoginContext with the
                              specified name.  name
                              is used as the index into the installed login
                              Configuration
                              (that returned by
                              Configuration.getConfiguration()).
                              name can be wildcarded (set to '*')
                              to allow for any name.

      getLoginConfiguration - allow for the retrieval of the system-wide
                              login Configuration.

      createLoginConfiguration.{type} - allow code to obtain a Configuration
                              object via
                              Configuration.getInstance.

      setLoginConfiguration - allow for the setting of the system-wide
                              login Configuration.

      refreshLoginConfiguration - allow for the refreshing of the system-wide
                              login Configuration.
 

The following target name has been deprecated in favor of createLoginContext.{name}.

      createLoginContext -    allow code to instantiate a
                              LoginContext.
 

javax.security.auth.Policy has been deprecated in favor of java.security.Policy. Therefore, the following target names have also been deprecated:

      getPolicy -             allow the caller to retrieve the system-wide
                              Subject-based access control policy.

      setPolicy -             allow the caller to set the system-wide
                              Subject-based access control policy.

      refreshPolicy -         allow the caller to refresh the system-wide
                              Subject-based access control policy.
 

Summary

[Expand] Inherited Methods
From class java.security.BasicPermission boolean equals(Object obj) Checks two BasicPermission objects for equality. String getActions() Returns the canonical string representation of the actions, which currently is the empty string "", since there are no actions for a BasicPermission. int hashCode() Returns the hash code value for this object. boolean implies(Permission p) Checks if the specified permission is "implied" by this object. PermissionCollection newPermissionCollection() Returns a new PermissionCollection object for storing BasicPermission objects.
From class java.security.Permission void checkGuard(Object object) Implements the guard interface for a permission. abstract boolean equals(Object obj) Checks two Permission objects for equality. abstract String getActions() Returns the actions as a String. final String getName() Returns the name of this Permission. abstract int hashCode() Returns the hash code value for this Permission object. abstract boolean implies(Permission permission) Checks if the specified permission's actions are "implied by" this object's actions. PermissionCollection newPermissionCollection() Returns an empty PermissionCollection for a given Permission object, or null if one is not defined. String toString() Returns a string describing this Permission.
From class java.lang.Object Object clone() Creates and returns a copy of this object. boolean equals(Object obj) Indicates whether some other object is "equal to" this one. void finalize() Called by the garbage collector on an object when garbage collection determines that there are no more references to the object. final Class<?> getClass() Returns the runtime class of this Object. int hashCode() Returns a hash code value for the object. final void notify() Wakes up a single thread that is waiting on this object's monitor. final void notifyAll() Wakes up all threads that are waiting on this object's monitor. String toString() Returns a string representation of the object. final void wait() Causes the current thread to wait until another thread invokes the notify() method or the notifyAll() method for this object. final void wait(long timeout, int nanos) Causes the current thread to wait until another thread invokes the notify() method or the notifyAll() method for this object, or some other thread interrupts the current thread, or a certain amount of real time has elapsed. final void wait(long timeout) Causes the current thread to wait until either another thread invokes the notify() method or the notifyAll() method for this object, or a specified amount of time has elapsed.
From interface java.security.Guard abstract void checkGuard(Object object) Determines whether or not to allow access to the guarded object object.