A Subject
represents a grouping of related information
for a single entity, such as a person.
Such information includes the Subject's identities as well as
its security-related attributes
(passwords and cryptographic keys, for example).
Subjects may potentially have multiple identities.
Each identity is represented as a Principal
within the Subject
. Principals simply bind names to a
Subject
. For example, a Subject
that happens
to be a person, Alice, might have two Principals:
one which binds "Alice Bar", the name on her driver license,
to the Subject
, and another which binds,
"999-99-9999", the number on her student identification card,
to the Subject
. Both Principals refer to the same
Subject
even though each has a different name.
A Subject
may also own security-related attributes,
which are referred to as credentials.
Sensitive credentials that require special protection, such as
private cryptographic keys, are stored within a private credential
Set
. Credentials intended to be shared, such as
public key certificates or Kerberos server tickets are stored
within a public credential Set
. Different permissions
are required to access and modify the different credential Sets.
To retrieve all the Principals associated with a Subject
,
invoke the getPrincipals
method. To retrieve
all the public or private credentials belonging to a Subject
,
invoke the getPublicCredentials
method or
getPrivateCredentials
method, respectively.
To modify the returned Set
of Principals and credentials,
use the methods defined in the Set
class.
For example:
Subject subject;
Principal principal;
Object credential;
// add a Principal and credential to the Subject
subject.getPrincipals().add(principal);
subject.getPublicCredentials().add(credential);
This Subject
class implements Serializable
.
While the Principals associated with the Subject
are serialized,
the credentials associated with the Subject
are not.
Note that the java.security.Principal
class
does not implement Serializable
. Therefore all concrete
Principal
implementations associated with Subjects
must implement Serializable
.