FileDocCategorySizeDatePackage
DelegationPermission.javaAPI DocJava SE 5 API11113Fri Aug 26 14:57:48 BST 2005javax.security.auth.kerberos

DelegationPermission

public final class DelegationPermission extends BasicPermission implements Serializable
This class is used to restrict the usage of the Kerberos delegation model, ie: forwardable and proxiable tickets.

The target name of this Permission specifies a pair of kerberos service principals. The first is the subordinate service principal being entrusted to use the TGT. The second service principal designates the target service the subordinate service principal is to interact with on behalf of the initiating KerberosPrincipal. This latter service principal is specified to restrict the use of a proxiable ticket.

For example, to specify the "host" service use of a forwardable TGT the target permission is specified as follows: 

DelegationPermission("\"host/foo.example.com@EXAMPLE.COM\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"");

To give the "backup" service a proxiable nfs service ticket the target permission might be specified: 

DelegationPermission("\"backup/bar.example.com@EXAMPLE.COM\" \"nfs/home.EXAMPLE.COM@EXAMPLE.COM\"");
since
JDK1.4

Fields Summary
private static final long
serialVersionUID
private transient String
subordinate
private transient String
service
Constructors Summary
public DelegationPermission(String principals)
Create a new DelegationPermission with the specified subordinate and target principals.

param
principals the name of the subordinate and target principals


                               
       
	super(principals);
	init(principals);
public DelegationPermission(String principals, String actions)
Create a new DelegationPermission with the specified subordinate and target principals.

param
principals the name of the subordinate and target principals

param
actions should be null.

	super(principals, actions);
	init(principals);
Methods Summary
public booleanequals(java.lang.Object obj)
Checks two DelegationPermission objects for equality.

param
obj the object to test for equality with this object.
return
true if obj is a DelegationPermission, and has the same subordinate and service principal as this. DelegationPermission object.

	if (obj == this)
	    return true;

	if (! (obj instanceof DelegationPermission))
	    return false;

	DelegationPermission that = (DelegationPermission) obj;
	return implies(that);
public inthashCode()
Returns the hash code value for this object.

return
a hash code value for this object.

	return getName().hashCode();
public booleanimplies(java.security.Permission p)
Checks if this Kerberos delegation permission object "implies" the specified permission.

If none of the above are true, implies returns false.

param
p the permission to check against.
return
true if the specified permission is implied by this object, false if not.

	if (!(p instanceof DelegationPermission))
	    return false;

	DelegationPermission that = (DelegationPermission) p;
	if (this.subordinate.equals(that.subordinate) &&
	    this.service.equals(that.service))
	    return true;

	return false;
private voidinit(java.lang.String target)
Initialize the DelegationPermission object.


	StringTokenizer t = null;
	if (!target.startsWith("\"")) {
	    throw new IllegalArgumentException
		("service principal [" + target +
		 "] syntax invalid: " +
		 "improperly quoted");
	} else {
	    t = new StringTokenizer(target, "\"", false);
	    subordinate = t.nextToken();
	    if (t.countTokens() == 2) {
		t.nextToken();	// bypass whitespace
		service = t.nextToken();
	    } else if (t.countTokens() > 0) {
		throw new IllegalArgumentException
		    ("service principal [" + t.nextToken() +
		     "] syntax invalid: " +
		     "improperly quoted");
	    }
	}
public java.security.PermissionCollectionnewPermissionCollection()
Returns a PermissionCollection object for storing DelegationPermission objects.
DelegationPermission objects must be stored in a manner that allows them to be inserted into the collection in any order, but that also enables the PermissionCollection implies method to be implemented in an efficient (and consistent) manner.

return
a new PermissionCollection object suitable for storing DelegationPermissions.

	return new KrbDelegationPermissionCollection();
private synchronized voidreadObject(java.io.ObjectInputStream s)
readObject is called to restore the state of the DelegationPermission from a stream.

	// Read in the action, then initialize the rest
	s.defaultReadObject();
	init(getName());
private synchronized voidwriteObject(java.io.ObjectOutputStream s)
WriteObject is called to save the state of the DelegationPermission to a stream. The actions are serialized, and the superclass takes care of the name.

	s.defaultWriteObject();