AuthPermission
contains a name (also referred to as a "target name") but no actions
list; you either have the named permission or you don't.
The target name is the name of a security configuration parameter
(see below). Currently, the AuthPermission object is used to
guard access to the Subject,
javax., and
javax. objects.
The standard target names for an Authentication Permission are:
doAs - allow the caller to invoke the
Subject.doAs methods.
doAsPrivileged - allow the caller to invoke the
Subject.doAsPrivileged methods.
getSubject - allow for the retrieval of the
Subject(s) associated with the
current Thread.
getSubjectFromDomainCombiner - allow for the retrieval of the
Subject associated with the
a SubjectDomainCombiner.
setReadOnly - allow the caller to set a Subject
to be read-only.
modifyPrincipals - allow the caller to modify the Set
of Principals associated with a
Subject
modifyPublicCredentials - allow the caller to modify the
Set of public credentials
associated with a Subject
modifyPrivateCredentials - allow the caller to modify the
Set of private credentials
associated with a Subject
refreshCredential - allow code to invoke the refresh
method on a credential which implements
the Refreshable interface.
destroyCredential - allow code to invoke the destroy
method on a credential object
which implements the Destroyable
interface.
createLoginContext.{name} - allow code to instantiate a
LoginContext with the
specified name. name
is used as the index into the installed login
Configuration
(that returned by
Configuration.getConfiguration()).
name can be wildcarded (set to '*')
to allow for any name.
getLoginConfiguration - allow for the retrieval of the system-wide
login Configuration.
createLoginConfiguration.{type} - allow code to obtain a Configuration
object via
Configuration.getInstance.
setLoginConfiguration - allow for the setting of the system-wide
login Configuration.
refreshLoginConfiguration - allow for the refreshing of the system-wide
login Configuration.
Please note that granting this permission with the "modifyPrincipals",
"modifyPublicCredentials" or "modifyPrivateCredentials" target allows
a JAAS login module to populate principal or credential objects into
the Subject. Although reading information inside the private credentials
set requires a PrivateCredentialPermission of the credential type to
be granted, reading information inside the principals set and the public
credentials set requires no additional permission. These objects can contain
potentially sensitive information. For example, login modules that read
local user information or perform a Kerberos login are able to add
potentially sensitive information such as user ids, groups and domain names
to the principals set.
The following target name has been deprecated in favor of
createLoginContext.{name}.
createLoginContext - allow code to instantiate a
LoginContext.
Implementation Note
Implementations may define additional target names, but should use naming conventions such as reverse domain name notation to avoid name clashes.
| Modifier and Type | Field and Description |
|---|---|
| private static final long |
| Access | Constructor and Description |
|---|---|
| public | AuthPermission(String
the name of the AuthPermission name)Creates a new AuthPermission with the specified name. |
| public | AuthPermission(String
the name of the AuthPermission name, String should be null. actions)Creates a new AuthPermission object with the specified name. |
| serialVersionUID | back to summary |
|---|---|
| private static final long serialVersionUID Hides java. | |
| AuthPermission | back to summary |
|---|---|
| public AuthPermission(String name) Creates a new AuthPermission with the specified name. The name is the symbolic name of the AuthPermission.
| |
| AuthPermission | back to summary |
|---|---|
| public AuthPermission(String name, String actions) Creates a new AuthPermission object with the specified name. The name is the symbolic name of the AuthPermission, and the actions String is currently unused and should be null.
| |