1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155
/* * @(#)AuthPermission.java 1.55 06/04/21 * * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package javax.security.auth; /** * This class is for authentication permissions. * An AuthPermission contains a name * (also referred to as a "target name") * but no actions list; you either have the named permission * or you don't. * * <p> The target name is the name of a security configuration parameter * (see below). Currently the AuthPermission object is used to * guard access to the Policy, Subject, LoginContext, * and Configuration objects. * * <p> The possible target names for an Authentication Permission are: * * <pre> * doAs - allow the caller to invoke the * <code>Subject.doAs</code> methods. * * doAsPrivileged - allow the caller to invoke the * <code>Subject.doAsPrivileged</code> methods. * * getSubject - allow for the retrieval of the * Subject(s) associated with the * current Thread. * * getSubjectFromDomainCombiner - allow for the retrieval of the * Subject associated with the * a <code>SubjectDomainCombiner</code>. * * setReadOnly - allow the caller to set a Subject * to be read-only. * * modifyPrincipals - allow the caller to modify the <code>Set</code> * of Principals associated with a * <code>Subject</code> * * modifyPublicCredentials - allow the caller to modify the * <code>Set</code> of public credentials * associated with a <code>Subject</code> * * modifyPrivateCredentials - allow the caller to modify the * <code>Set</code> of private credentials * associated with a <code>Subject</code> * * refreshCredential - allow code to invoke the <code>refresh</code> * method on a credential which implements * the <code>Refreshable</code> interface. * * destroyCredential - allow code to invoke the <code>destroy</code> * method on a credential <code>object</code> * which implements the <code>Destroyable</code> * interface. * * createLoginContext.{name} - allow code to instantiate a * <code>LoginContext</code> with the * specified <i>name</i>. <i>name</i> * is used as the index into the installed login * <code>Configuration</code> * (that returned by * <code>Configuration.getConfiguration()</code>). * <i>name</i> can be wildcarded (set to '*') * to allow for any name. * * getLoginConfiguration - allow for the retrieval of the system-wide * login Configuration. * * createLoginConfiguration.{type} - allow code to obtain a Configuration * object via * <code>Configuration.getInstance</code>. * * setLoginConfiguration - allow for the setting of the system-wide * login Configuration. * * refreshLoginConfiguration - allow for the refreshing of the system-wide * login Configuration. * </pre> * * <p> The following target name has been deprecated in favor of * <code>createLoginContext.{name}</code>. * * <pre> * createLoginContext - allow code to instantiate a * <code>LoginContext</code>. * </pre> * * <p> <code>javax.security.auth.Policy</code> has been * deprecated in favor of <code>java.security.Policy</code>. * Therefore, the following target names have also been deprecated: * * <pre> * getPolicy - allow the caller to retrieve the system-wide * Subject-based access control policy. * * setPolicy - allow the caller to set the system-wide * Subject-based access control policy. * * refreshPolicy - allow the caller to refresh the system-wide * Subject-based access control policy. * </pre> * * @version 1.55, 04/21/06 */ public final class AuthPermission extends java.security.BasicPermission { private static final long serialVersionUID = 5806031445061587174L; /** * Creates a new AuthPermission with the specified name. * The name is the symbolic name of the AuthPermission. * * <p> * * @param name the name of the AuthPermission * * @throws NullPointerException if <code>name</code> is <code>null</code>. * @throws IllegalArgumentException if <code>name</code> is empty. */ public AuthPermission(String name) { // for backwards compatibility -- // createLoginContext is deprecated in favor of createLoginContext.* super("createLoginContext".equals(name) ? "createLoginContext.*" : name); } /** * Creates a new AuthPermission object with the specified name. * The name is the symbolic name of the AuthPermission, and the * actions String is currently unused and should be null. * * <p> * * @param name the name of the AuthPermission <p> * * @param actions should be null. * * @throws NullPointerException if <code>name</code> is <code>null</code>. * @throws IllegalArgumentException if <code>name</code> is empty. */ public AuthPermission(String name, String actions) { // for backwards compatibility -- // createLoginContext is deprecated in favor of createLoginContext.* super("createLoginContext".equals(name) ? "createLoginContext.*" : name, actions); } }