FileDocCategorySizeDatePackage
Subject.javaAPI DocJava SE 5 API43792Fri Aug 26 14:57:46 BST 2005javax.security.auth

Subject

public final class Subject extends Object implements Serializable

A Subject represents a grouping of related information for a single entity, such as a person. Such information includes the Subject's identities as well as its security-related attributes (passwords and cryptographic keys, for example).

Subjects may potentially have multiple identities. Each identity is represented as a Principal within the Subject. Principals simply bind names to a Subject. For example, a Subject that happens to be a person, Alice, might have two Principals: one which binds "Alice Bar", the name on her driver license, to the Subject, and another which binds, "999-99-9999", the number on her student identification card, to the Subject. Both Principals refer to the same Subject even though each has a different name.

A Subject may also own security-related attributes, which are referred to as credentials. Sensitive credentials that require special protection, such as private cryptographic keys, are stored within a private credential Set. Credentials intended to be shared, such as public key certificates or Kerberos server tickets are stored within a public credential Set. Different permissions are required to access and modify the different credential Sets.

To retrieve all the Principals associated with a Subject, invoke the getPrincipals method. To retrieve all the public or private credentials belonging to a Subject, invoke the getPublicCredentials method or getPrivateCredentials method, respectively. To modify the returned Set of Principals and credentials, use the methods defined in the Set class. For example:

Subject subject;
Principal principal;
Object credential;

// add a Principal and credential to the Subject
subject.getPrincipals().add(principal);
subject.getPublicCredentials().add(credential);

This Subject class implements Serializable. While the Principals associated with the Subject are serialized, the credentials associated with the Subject are not. Note that the java.security.Principal class does not implement Serializable. Therefore all concrete Principal implementations associated with Subjects must implement Serializable.

version
1.123, 05/05/04
see
java.security.Principal
see
java.security.DomainCombiner

Fields Summary
private static final long
serialVersionUID
Set
principals
A Set that provides a view of all of this Subject's Principals

transient Set
pubCredentials
Sets that provide a view of all of this Subject's Credentials
transient Set
privCredentials
private volatile boolean
readOnly
Whether this Subject is read-only
private static final int
PRINCIPAL_SET
private static final int
PUB_CREDENTIAL_SET
private static final int
PRIV_CREDENTIAL_SET
Constructors Summary
public Subject()
Create an instance of a Subject with an empty Set of Principals and empty Sets of public and private credentials.

The newly constructed Sets check whether this Subject has been set read-only before permitting subsequent modifications. The newly created Sets also prevent illegal modifications by ensuring that callers have sufficient permissions.

To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals"). To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials"). To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials").


                                                                                              
      

	this.principals = Collections.synchronizedSet
				(new SecureSet(this, PRINCIPAL_SET));
	this.pubCredentials = Collections.synchronizedSet
				(new SecureSet(this, PUB_CREDENTIAL_SET));
	this.privCredentials = Collections.synchronizedSet
				(new SecureSet(this, PRIV_CREDENTIAL_SET));
    
public Subject(boolean readOnly, Set principals, Set pubCredentials, Set privCredentials)
Create an instance of a Subject with Principals and credentials.

The Principals and credentials from the specified Sets are copied into newly constructed Sets. These newly created Sets check whether this Subject has been set read-only before permitting subsequent modifications. The newly created Sets also prevent illegal modifications by ensuring that callers have sufficient permissions.

To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals"). To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials"). To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials").

param
readOnly true if the Subject is to be read-only, and false otherwise.

param
principals the Set of Principals to be associated with this Subject.

param
pubCredentials the Set of public credentials to be associated with this Subject.

param
privCredentials the Set of private credentials to be associated with this Subject.
exception
NullPointerException if the specified principals, pubCredentials, or privCredentials are null.


	if (principals == null ||
	    pubCredentials == null ||
	    privCredentials == null)
	    throw new NullPointerException
		(ResourcesMgr.getString("invalid null input(s)"));

	this.principals = Collections.synchronizedSet(new SecureSet
				(this, PRINCIPAL_SET, principals));
	this.pubCredentials = Collections.synchronizedSet(new SecureSet
				(this, PUB_CREDENTIAL_SET, pubCredentials));
	this.privCredentials = Collections.synchronizedSet(new SecureSet
				(this, PRIV_CREDENTIAL_SET, privCredentials));
	this.readOnly = readOnly;
    
Methods Summary
private static java.security.AccessControlContextcreateContext(javax.security.auth.Subject subject, java.security.AccessControlContext acc)



	return (AccessControlContext)
	    java.security.AccessController.doPrivileged
	    (new java.security.PrivilegedAction() {
	    public Object run() {
		if (subject == null)
	            return new AccessControlContext(acc, null);
		else
		    return new AccessControlContext
					(acc,
					new SubjectDomainCombiner(subject));
	    }
	});
    
public static java.lang.ObjectdoAs(javax.security.auth.Subject subject, java.security.PrivilegedAction action)
Perform work as a particular Subject.

This method first retrieves the current Thread's AccessControlContext via AccessController.getContext, and then instantiates a new AccessControlContext using the retrieved context along with a new SubjectDomainCombiner (constructed using the provided Subject). Finally, this method invokes AccessController.doPrivileged, passing it the provided PrivilegedAction, as well as the newly constructed AccessControlContext.

param
subject the Subject that the specified action will run as. This parameter may be null.

param
action the code to be run as the specified Subject.

return
the Object returned by the PrivilegedAction's run method.
exception
NullPointerException if the PrivilegedAction is null.

exception
SecurityException if the caller does not have permission to invoke this method.


	java.lang.SecurityManager sm = System.getSecurityManager();
	if (sm != null) {
	    sm.checkPermission(SecurityConstants.DO_AS_PERMISSION);
	}
	if (action == null)
	    throw new NullPointerException
		(ResourcesMgr.getString("invalid null action provided"));

	// set up the new Subject-based AccessControlContext
	// for doPrivileged
	final AccessControlContext currentAcc = AccessController.getContext();

	// call doPrivileged and push this new context on the stack
	return java.security.AccessController.doPrivileged
					(action,
					createContext(subject, currentAcc));
    
public static java.lang.ObjectdoAs(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction action)
Perform work as a particular Subject.

This method first retrieves the current Thread's AccessControlContext via AccessController.getContext, and then instantiates a new AccessControlContext using the retrieved context along with a new SubjectDomainCombiner (constructed using the provided Subject). Finally, this method invokes AccessController.doPrivileged, passing it the provided PrivilegedExceptionAction, as well as the newly constructed AccessControlContext.

param
subject the Subject that the specified action will run as. This parameter may be null.

param
action the code to be run as the specified Subject.

return
the Object returned by the PrivilegedExceptionAction's run method.
exception
PrivilegedActionException if the PrivilegedExceptionAction.run method throws a checked exception.

exception
NullPointerException if the specified PrivilegedExceptionAction is null.

exception
SecurityException if the caller does not have permission to invoke this method.


	java.lang.SecurityManager sm = System.getSecurityManager();
	if (sm != null) {
	    sm.checkPermission(SecurityConstants.DO_AS_PERMISSION);
	}

	if (action == null)
	    throw new NullPointerException
		(ResourcesMgr.getString("invalid null action provided"));

	// set up the new Subject-based AccessControlContext for doPrivileged
	final AccessControlContext currentAcc = AccessController.getContext();

	// call doPrivileged and push this new context on the stack
	return java.security.AccessController.doPrivileged
					(action,
					createContext(subject, currentAcc));
    
public static java.lang.ObjectdoAsPrivileged(javax.security.auth.Subject subject, java.security.PrivilegedAction action, java.security.AccessControlContext acc)
Perform privileged work as a particular Subject.

This method behaves exactly as Subject.doAs, except that instead of retrieving the current Thread's AccessControlContext, it uses the provided AccessControlContext. If the provided AccessControlContext is null, this method instantiates a new AccessControlContext with an empty collection of ProtectionDomains.

param
subject the Subject that the specified action will run as. This parameter may be null.

param
action the code to be run as the specified Subject.

param
acc the AccessControlContext to be tied to the specified subject and action.

return
the Object returned by the PrivilegedAction's run method.
exception
NullPointerException if the PrivilegedAction is null.

exception
SecurityException if the caller does not have permission to invoke this method.


	java.lang.SecurityManager sm = System.getSecurityManager();
	if (sm != null) {
	    sm.checkPermission(SecurityConstants.DO_AS_PRIVILEGED_PERMISSION);
	}

	if (action == null)
	    throw new NullPointerException
		(ResourcesMgr.getString("invalid null action provided"));

	// set up the new Subject-based AccessControlContext
	// for doPrivileged
	final AccessControlContext callerAcc =
		(acc == null ?
		new AccessControlContext(new ProtectionDomain[0]) :
		acc);

	// call doPrivileged and push this new context on the stack
	return java.security.AccessController.doPrivileged
					(action,
					createContext(subject, callerAcc));
    
public static java.lang.ObjectdoAsPrivileged(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction action, java.security.AccessControlContext acc)
Perform privileged work as a particular Subject.

This method behaves exactly as Subject.doAs, except that instead of retrieving the current Thread's AccessControlContext, it uses the provided AccessControlContext. If the provided AccessControlContext is null, this method instantiates a new AccessControlContext with an empty collection of ProtectionDomains.

param
subject the Subject that the specified action will run as. This parameter may be null.

param
action the code to be run as the specified Subject.

param
acc the AccessControlContext to be tied to the specified subject and action.

return
the Object returned by the PrivilegedExceptionAction's run method.
exception
PrivilegedActionException if the PrivilegedExceptionAction.run method throws a checked exception.

exception
NullPointerException if the specified PrivilegedExceptionAction is null.

exception
SecurityException if the caller does not have permission to invoke this method.


	java.lang.SecurityManager sm = System.getSecurityManager();
	if (sm != null) {
	    sm.checkPermission(SecurityConstants.DO_AS_PRIVILEGED_PERMISSION);
	}

	if (action == null)
	    throw new NullPointerException
		(ResourcesMgr.getString("invalid null action provided"));

	// set up the new Subject-based AccessControlContext for doPrivileged
	final AccessControlContext callerAcc =
		(acc == null ?
		new AccessControlContext(new ProtectionDomain[0]) :
		acc);

	// call doPrivileged and push this new context on the stack
	return java.security.AccessController.doPrivileged
					(action,
					createContext(subject, callerAcc));
    
public booleanequals(java.lang.Object o)
Compares the specified Object with this Subject for equality. Returns true if the given object is also a Subject and the two Subject instances are equivalent. More formally, two Subject instances are equal if their Principal and Credential Sets are equal.

param
o Object to be compared for equality with this Subject.
return
true if the specified Object is equal to this Subject.
exception
SecurityException if the caller does not have permission to access the private credentials for this Subject, or if the caller does not have permission to access the private credentials for the provided Subject.


	if (o == null)
	    return false;

	if (this == o)
	    return true;

	if (o instanceof Subject) {

	    final Subject that = (Subject)o;

	    // check the principal and credential sets
	    Set thatPrincipals;
	    synchronized(that.principals) {
		// avoid deadlock from dual locks
		thatPrincipals = new HashSet(that.principals);
	    }
	    if (!principals.equals(thatPrincipals)) {
		return false;
	    }

	    Set thatPubCredentials;
	    synchronized(that.pubCredentials) {
		// avoid deadlock from dual locks
		thatPubCredentials = new HashSet(that.pubCredentials);
	    }
	    if (!pubCredentials.equals(thatPubCredentials)) {
		return false;
	    }

	    Set thatPrivCredentials;
	    synchronized(that.privCredentials) {
		// avoid deadlock from dual locks
		thatPrivCredentials = new HashSet(that.privCredentials);
	    }
	    if (!privCredentials.equals(thatPrivCredentials)) {
		return false;
	    }
	    return true;
	}
	return false;
    
private intgetCredHashCode(java.lang.Object o)
get a credential's hashcode

	try {
	    return o.hashCode();
	} catch (IllegalStateException ise) {
	    return o.getClass().toString().hashCode();
	}
    
public java.util.SetgetPrincipals()
Return the Set of Principals associated with this Subject. Each Principal represents an identity for this Subject.

The returned Set is backed by this Subject's internal Principal Set. Any modification to the returned Set affects the internal Principal Set as well.

return
The Set of Principals associated with this Subject.


	// always return an empty Set instead of null
	// so LoginModules can add to the Set if necessary
	return principals;
    
public java.util.SetgetPrincipals(java.lang.Class c)
Return a Set of Principals associated with this Subject that are instances or subclasses of the specified Class.

The returned Set is not backed by this Subject's internal Principal Set. A new Set is created and returned for each method invocation. Modifications to the returned Set will not affect the internal Principal Set.

param
c the returned Set of Principals will all be instances of this class.
return
a Set of Principals that are instances of the specified Class.
exception
NullPointerException if the specified Class is null.


	if (c == null)
	    throw new NullPointerException
		(ResourcesMgr.getString("invalid null Class provided"));

	// always return an empty Set instead of null
	// so LoginModules can add to the Set if necessary
	return new ClassSet(PRINCIPAL_SET, c);
    
public java.util.SetgetPrivateCredentials()
Return the Set of private credentials held by this Subject.

The returned Set is backed by this Subject's internal private Credential Set. Any modification to the returned Set affects the internal private Credential Set as well.

A caller requires permissions to access the Credentials in the returned Set, or to modify the Set itself. A SecurityException is thrown if the caller does not have the proper permissions.

While iterating through the Set, a SecurityException is thrown if the caller does not have permission to access a particular Credential. The Iterator is nevertheless advanced to next element in the Set.

return
A Set of private credentials held by this Subject.


	// XXX
	// we do not need a security check for
	// AuthPermission(getPrivateCredentials)
	// because we already restrict access to private credentials
	// via the PrivateCredentialPermission.  all the extra AuthPermission
	// would do is protect the set operations themselves
	// (like size()), which don't seem security-sensitive.

	// always return an empty Set instead of null
	// so LoginModules can add to the Set if necessary
	return privCredentials;
    
public java.util.SetgetPrivateCredentials(java.lang.Class c)
Return a Set of private credentials associated with this Subject that are instances or subclasses of the specified Class.

The caller must have permission to access all of the requested Credentials, or a SecurityException will be thrown.

The returned Set is not backed by this Subject's internal private Credential Set. A new Set is created and returned for each method invocation. Modifications to the returned Set will not affect the internal private Credential Set.

param
c the returned Set of private credentials will all be instances of this class.
return
a Set of private credentials that are instances of the specified Class.
exception
NullPointerException if the specified Class is null.


	// XXX
	// we do not need a security check for
	// AuthPermission(getPrivateCredentials)
	// because we already restrict access to private credentials
	// via the PrivateCredentialPermission.  all the extra AuthPermission
	// would do is protect the set operations themselves
	// (like size()), which don't seem security-sensitive.

	if (c == null)
	    throw new NullPointerException
		(ResourcesMgr.getString("invalid null Class provided"));

	// always return an empty Set instead of null
	// so LoginModules can add to the Set if necessary
	return new ClassSet<T>(PRIV_CREDENTIAL_SET, c);
    
public java.util.SetgetPublicCredentials()
Return the Set of public credentials held by this Subject.

The returned Set is backed by this Subject's internal public Credential Set. Any modification to the returned Set affects the internal public Credential Set as well.

return
A Set of public credentials held by this Subject.


	// always return an empty Set instead of null
	// so LoginModules can add to the Set if necessary
	return pubCredentials;
    
public java.util.SetgetPublicCredentials(java.lang.Class c)
Return a Set of public credentials associated with this Subject that are instances or subclasses of the specified Class.

The returned Set is not backed by this Subject's internal public Credential Set. A new Set is created and returned for each method invocation. Modifications to the returned Set will not affect the internal public Credential Set.

param
c the returned Set of public credentials will all be instances of this class.
return
a Set of public credentials that are instances of the specified Class.
exception
NullPointerException if the specified Class is null.


	if (c == null)
	    throw new NullPointerException
		(ResourcesMgr.getString("invalid null Class provided"));

	// always return an empty Set instead of null
	// so LoginModules can add to the Set if necessary
	return new ClassSet<T>(PUB_CREDENTIAL_SET, c);
    
public static javax.security.auth.SubjectgetSubject(java.security.AccessControlContext acc)
Get the Subject associated with the provided AccessControlContext.

The AccessControlContext may contain many Subjects (from nested doAs calls). In this situation, the most recent Subject associated with the AccessControlContext is returned.

param
acc the AccessControlContext from which to retrieve the Subject.
return
the Subject associated with the provided AccessControlContext, or null if no Subject is associated with the provided AccessControlContext.
exception
SecurityException if the caller does not have permission to get the Subject.

exception
NullPointerException if the provided AccessControlContext is null.


	java.lang.SecurityManager sm = System.getSecurityManager();
	if (sm != null) {
	    sm.checkPermission(new AuthPermission("getSubject"));
	}

	if (acc == null) {
	    throw new NullPointerException(ResourcesMgr.getString
		("invalid null AccessControlContext provided"));
	}

	// return the Subject from the DomainCombiner of the provided context
	return (Subject)AccessController.doPrivileged
	    (new java.security.PrivilegedAction() {
	    public Object run() {
		DomainCombiner dc = acc.getDomainCombiner();
		if (!(dc instanceof SubjectDomainCombiner))
		    return null;
		SubjectDomainCombiner sdc = (SubjectDomainCombiner)dc;
		return sdc.getSubject();
	    }
	});
    
public inthashCode()
Returns a hashcode for this Subject.

return
a hashcode for this Subject.
exception
SecurityException if the caller does not have permission to access this Subject's private credentials.


	/** 
	 * The hashcode is derived exclusive or-ing the
	 * hashcodes of this Subject's Principals and credentials.
	 *
	 * If a particular credential was destroyed
	 * (<code>credential.hashCode()</code> throws an
	 * <code>IllegalStateException</code>),
	 * the hashcode for that credential is derived via:
	 * <code>credential.getClass().toString().hashCode()</code>.
	 */

	int hashCode = 0;

	synchronized(principals) {
	    Iterator pIterator = principals.iterator();
	    while (pIterator.hasNext()) {
		Principal p = (Principal)pIterator.next();
		hashCode ^= p.hashCode();
	    }
	}

	synchronized(pubCredentials) {
	    Iterator pubCIterator = pubCredentials.iterator();
	    while (pubCIterator.hasNext()) {
		hashCode ^= getCredHashCode(pubCIterator.next());
	    }
	}
	return hashCode;
    
public booleanisReadOnly()
Query whether this Subject is read-only.

return
true if this Subject is read-only, false otherwise.

	return this.readOnly;
    
private voidreadObject(java.io.ObjectInputStream s)
Reads this object from a stream (i.e., deserializes it)


	s.defaultReadObject();

	// The Credential <code>Set</code> is not serialized, but we do not
	// want the default deserialization routine to set it to null.
	this.pubCredentials = Collections.synchronizedSet
				(new SecureSet(this, PUB_CREDENTIAL_SET));
	this.privCredentials = Collections.synchronizedSet
				(new SecureSet(this, PRIV_CREDENTIAL_SET));
    
public voidsetReadOnly()
Set this Subject to be read-only.

Modifications (additions and removals) to this Subject's Principal Set and credential Sets will be disallowed. The destroy operation on this Subject's credentials will still be permitted.

Subsequent attempts to modify the Subject's Principal and credential Sets will result in an IllegalStateException being thrown. Also, once a Subject is read-only, it can not be reset to being writable again.

exception
SecurityException if the caller does not have permission to set this Subject to be read-only.

	java.lang.SecurityManager sm = System.getSecurityManager();
	if (sm != null) {
	    sm.checkPermission(new AuthPermission("setReadOnly"));
	}

	this.readOnly = true;
    
public java.lang.StringtoString()
Return the String representation of this Subject.

return
the String representation of this Subject.

	return toString(true);
    
java.lang.StringtoString(boolean includePrivateCredentials)
package private convenience method to print out the Subject without firing off a security check when trying to access the Private Credentials


	String s = new String(ResourcesMgr.getString("Subject:\n"));
	String suffix = new String();

	synchronized(principals) {
	    Iterator pI = principals.iterator();
	    while (pI.hasNext()) {
		Principal p = (Principal)pI.next();
		suffix = suffix + ResourcesMgr.getString("\tPrincipal: ") +
			p.toString() + ResourcesMgr.getString("\n");
	    }
	}

	synchronized(pubCredentials) {
	    Iterator pI = pubCredentials.iterator();
	    while (pI.hasNext()) {
		Object o = pI.next();
		suffix = suffix +
			ResourcesMgr.getString("\tPublic Credential: ") +
			o.toString() + ResourcesMgr.getString("\n");
	    }
	}
		   
	if (includePrivateCredentials) {
	    synchronized(privCredentials) {
		Iterator pI = privCredentials.iterator();
		while (pI.hasNext()) {
		    try {
			Object o = pI.next();
			suffix += ResourcesMgr.getString
					("\tPrivate Credential: ") +
					o.toString() +
					ResourcesMgr.getString("\n");
		    } catch (SecurityException se) {
			suffix += ResourcesMgr.getString
				("\tPrivate Credential inaccessible\n");
			break;
		    }
		}
	    }
	}
	return s + suffix;
    
private voidwriteObject(java.io.ObjectOutputStream oos)
Writes this object out to a stream (i.e., serializes it).

	synchronized(principals) {
	    oos.defaultWriteObject();
	}