package

javax.security.auth

This package provides a framework for authentication and authorization. The framework allows authentication to be performed in pluggable fashion. Different authentication modules can be plugged under an application without requiring modifications to the application itself. The authorization component allows specification of access controls based on code location, code signers and code executors (Subjects).

Interfaces

Destroyable Objects such as credentials may optionally implement this interface to provide the capability to destroy its contents. 
Refreshable Objects such as credentials may optionally implement this interface to provide the capability to refresh itself. 

Classes

AuthPermission This class is for authentication permissions. 
Policy This class is deprecated. as of JDK version 1.4 -- Replaced by java.security.Policy. java.security.Policy has a method:
      public PermissionCollection getPermissions
          (java.security.ProtectionDomain pd)

 
and ProtectionDomain has a constructor:
      public ProtectionDomain
          (CodeSource cs,
           PermissionCollection permissions,
           ClassLoader loader,
           Principal[] principals)
 
These two APIs provide callers the means to query the Policy for Principal-based Permission entries.
 
PrivateCredentialPermission This class is used to protect access to private Credentials belonging to a particular Subject
Subject

A Subject represents a grouping of related information for a single entity, such as a person. 

SubjectDomainCombiner A SubjectDomainCombiner updates ProtectionDomains with Principals from the Subject associated with this SubjectDomainCombiner

Exceptions

DestroyFailedException Signals that a destroy operation failed. 
RefreshFailedException Signals that a refresh operation failed.