java.lang.Object | |||
↳ | java.security.Permission | ||
↳ | java.security.BasicPermission | ||
↳ | javax.security.auth.kerberos.DelegationPermission |
This class is used to restrict the usage of the Kerberos delegation model, ie: forwardable and proxiable tickets.
The target name of this Permission
specifies a pair of
kerberos service principals. The first is the subordinate service principal
being entrusted to use the TGT. The second service principal designates
the target service the subordinate service principal is to
interact with on behalf of the initiating KerberosPrincipal. This
latter service principal is specified to restrict the use of a
proxiable ticket.
For example, to specify the "host" service use of a forwardable TGT the target permission is specified as follows:
DelegationPermission("\"host/foo.example.com@EXAMPLE.COM\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"");
To give the "backup" service a proxiable nfs service ticket the target permission might be specified:
DelegationPermission("\"backup/bar.example.com@EXAMPLE.COM\" \"nfs/home.EXAMPLE.COM@EXAMPLE.COM\"");
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Create a new
DelegationPermission
with the specified subordinate and target principals. | |||||||||||
Create a new
DelegationPermission
with the specified subordinate and target principals. |
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Checks two DelegationPermission objects for equality.
| |||||||||||
Returns the hash code value for this object.
| |||||||||||
Checks if this Kerberos delegation permission object "implies" the
specified permission.
| |||||||||||
Returns a PermissionCollection object for storing
DelegationPermission objects.
|
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.security.BasicPermission
| |||||||||||
From class
java.security.Permission
| |||||||||||
From class
java.lang.Object
| |||||||||||
From interface
java.security.Guard
|
Create a new DelegationPermission
with the specified subordinate and target principals.
principals | the name of the subordinate and target principals |
---|
NullPointerException | if principals is null . |
---|---|
IllegalArgumentException | if principals is empty.
|
Create a new DelegationPermission
with the specified subordinate and target principals.
principals | the name of the subordinate and target principals |
---|---|
actions | should be null. |
NullPointerException | if principals is null . |
---|---|
IllegalArgumentException | if principals is empty.
|
Checks two DelegationPermission objects for equality.
obj | the object to test for equality with this object. |
---|
Returns the hash code value for this object.
Checks if this Kerberos delegation permission object "implies" the specified permission.
If none of the above are true, implies
returns false.
p | the permission to check against. |
---|
Returns a PermissionCollection object for storing
DelegationPermission objects.
DelegationPermission objects must be stored in a manner that
allows them to be inserted into the collection in any order, but
that also enables the PermissionCollection implies method to
be implemented in an efficient (and consistent) manner.