Subjectpublic final class Subject extends Object implements Serializable A Subject represents a grouping of related information
for a single entity, such as a person.
Such information includes the Subject's identities as well as
its security-related attributes
(passwords and cryptographic keys, for example).
Subjects may potentially have multiple identities.
Each identity is represented as a Principal
within the Subject . Principals simply bind names to a
Subject . For example, a Subject that happens
to be a person, Alice, might have two Principals:
one which binds "Alice Bar", the name on her driver license,
to the Subject , and another which binds,
"999-99-9999", the number on her student identification card,
to the Subject . Both Principals refer to the same
Subject even though each has a different name.
A Subject may also own security-related attributes,
which are referred to as credentials.
Sensitive credentials that require special protection, such as
private cryptographic keys, are stored within a private credential
Set . Credentials intended to be shared, such as
public key certificates or Kerberos server tickets are stored
within a public credential Set . Different permissions
are required to access and modify the different credential Sets.
To retrieve all the Principals associated with a Subject ,
invoke the getPrincipals method. To retrieve
all the public or private credentials belonging to a Subject ,
invoke the getPublicCredentials method or
getPrivateCredentials method, respectively.
To modify the returned Set of Principals and credentials,
use the methods defined in the Set class.
For example:
Subject subject;
Principal principal;
Object credential;
// add a Principal and credential to the Subject
subject.getPrincipals().add(principal);
subject.getPublicCredentials().add(credential);
This Subject class implements Serializable .
While the Principals associated with the Subject are serialized,
the credentials associated with the Subject are not.
Note that the java.security.Principal class
does not implement Serializable . Therefore all concrete
Principal implementations associated with Subjects
must implement Serializable . |
Fields Summary |
---|
private static final long | serialVersionUID | Set | principalsA Set that provides a view of all of this
Subject's Principals
| transient Set | pubCredentialsSets that provide a view of all of this
Subject's Credentials | transient Set | privCredentials | private volatile boolean | readOnlyWhether this Subject is read-only | private static final int | PRINCIPAL_SET | private static final int | PUB_CREDENTIAL_SET | private static final int | PRIV_CREDENTIAL_SET |
Constructors Summary |
---|
public Subject()Create an instance of a Subject
with an empty Set of Principals and empty
Sets of public and private credentials.
The newly constructed Sets check whether this Subject
has been set read-only before permitting subsequent modifications.
The newly created Sets also prevent illegal modifications
by ensuring that callers have sufficient permissions.
To modify the Principals Set, the caller must have
AuthPermission("modifyPrincipals") .
To modify the public credential Set, the caller must have
AuthPermission("modifyPublicCredentials") .
To modify the private credential Set, the caller must have
AuthPermission("modifyPrivateCredentials") .
this.principals = Collections.synchronizedSet
(new SecureSet(this, PRINCIPAL_SET));
this.pubCredentials = Collections.synchronizedSet
(new SecureSet(this, PUB_CREDENTIAL_SET));
this.privCredentials = Collections.synchronizedSet
(new SecureSet(this, PRIV_CREDENTIAL_SET));
| public Subject(boolean readOnly, Set principals, Set pubCredentials, Set privCredentials)Create an instance of a Subject with
Principals and credentials.
The Principals and credentials from the specified Sets
are copied into newly constructed Sets.
These newly created Sets check whether this Subject
has been set read-only before permitting subsequent modifications.
The newly created Sets also prevent illegal modifications
by ensuring that callers have sufficient permissions.
To modify the Principals Set, the caller must have
AuthPermission("modifyPrincipals") .
To modify the public credential Set, the caller must have
AuthPermission("modifyPublicCredentials") .
To modify the private credential Set, the caller must have
AuthPermission("modifyPrivateCredentials") .
if (principals == null ||
pubCredentials == null ||
privCredentials == null)
throw new NullPointerException
(ResourcesMgr.getString("invalid null input(s)"));
this.principals = Collections.synchronizedSet(new SecureSet
(this, PRINCIPAL_SET, principals));
this.pubCredentials = Collections.synchronizedSet(new SecureSet
(this, PUB_CREDENTIAL_SET, pubCredentials));
this.privCredentials = Collections.synchronizedSet(new SecureSet
(this, PRIV_CREDENTIAL_SET, privCredentials));
this.readOnly = readOnly;
|
Methods Summary |
---|
private static java.security.AccessControlContext | createContext(javax.security.auth.Subject subject, java.security.AccessControlContext acc)
return (AccessControlContext)
java.security.AccessController.doPrivileged
(new java.security.PrivilegedAction() {
public Object run() {
if (subject == null)
return new AccessControlContext(acc, null);
else
return new AccessControlContext
(acc,
new SubjectDomainCombiner(subject));
}
});
| public static T | doAs(javax.security.auth.Subject subject, java.security.PrivilegedAction action)Perform work as a particular Subject .
This method first retrieves the current Thread's
AccessControlContext via
AccessController.getContext ,
and then instantiates a new AccessControlContext
using the retrieved context along with a new
SubjectDomainCombiner (constructed using
the provided Subject ).
Finally, this method invokes AccessController.doPrivileged ,
passing it the provided PrivilegedAction ,
as well as the newly constructed AccessControlContext .
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SecurityConstants.DO_AS_PERMISSION);
}
if (action == null)
throw new NullPointerException
(ResourcesMgr.getString("invalid null action provided"));
// set up the new Subject-based AccessControlContext
// for doPrivileged
final AccessControlContext currentAcc = AccessController.getContext();
// call doPrivileged and push this new context on the stack
return java.security.AccessController.doPrivileged
(action,
createContext(subject, currentAcc));
| public static T | doAs(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction action)Perform work as a particular Subject .
This method first retrieves the current Thread's
AccessControlContext via
AccessController.getContext ,
and then instantiates a new AccessControlContext
using the retrieved context along with a new
SubjectDomainCombiner (constructed using
the provided Subject ).
Finally, this method invokes AccessController.doPrivileged ,
passing it the provided PrivilegedExceptionAction ,
as well as the newly constructed AccessControlContext .
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SecurityConstants.DO_AS_PERMISSION);
}
if (action == null)
throw new NullPointerException
(ResourcesMgr.getString("invalid null action provided"));
// set up the new Subject-based AccessControlContext for doPrivileged
final AccessControlContext currentAcc = AccessController.getContext();
// call doPrivileged and push this new context on the stack
return java.security.AccessController.doPrivileged
(action,
createContext(subject, currentAcc));
| public static T | doAsPrivileged(javax.security.auth.Subject subject, java.security.PrivilegedAction action, java.security.AccessControlContext acc)Perform privileged work as a particular Subject .
This method behaves exactly as Subject.doAs ,
except that instead of retrieving the current Thread's
AccessControlContext , it uses the provided
AccessControlContext . If the provided
AccessControlContext is null ,
this method instantiates a new AccessControlContext
with an empty collection of ProtectionDomains.
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SecurityConstants.DO_AS_PRIVILEGED_PERMISSION);
}
if (action == null)
throw new NullPointerException
(ResourcesMgr.getString("invalid null action provided"));
// set up the new Subject-based AccessControlContext
// for doPrivileged
final AccessControlContext callerAcc =
(acc == null ?
new AccessControlContext(new ProtectionDomain[0]) :
acc);
// call doPrivileged and push this new context on the stack
return java.security.AccessController.doPrivileged
(action,
createContext(subject, callerAcc));
| public static T | doAsPrivileged(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction action, java.security.AccessControlContext acc)Perform privileged work as a particular Subject .
This method behaves exactly as Subject.doAs ,
except that instead of retrieving the current Thread's
AccessControlContext , it uses the provided
AccessControlContext . If the provided
AccessControlContext is null ,
this method instantiates a new AccessControlContext
with an empty collection of ProtectionDomains.
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(SecurityConstants.DO_AS_PRIVILEGED_PERMISSION);
}
if (action == null)
throw new NullPointerException
(ResourcesMgr.getString("invalid null action provided"));
// set up the new Subject-based AccessControlContext for doPrivileged
final AccessControlContext callerAcc =
(acc == null ?
new AccessControlContext(new ProtectionDomain[0]) :
acc);
// call doPrivileged and push this new context on the stack
return java.security.AccessController.doPrivileged
(action,
createContext(subject, callerAcc));
| public boolean | equals(java.lang.Object o)Compares the specified Object with this Subject
for equality. Returns true if the given object is also a Subject
and the two Subject instances are equivalent.
More formally, two Subject instances are
equal if their Principal and Credential
Sets are equal.
if (o == null)
return false;
if (this == o)
return true;
if (o instanceof Subject) {
final Subject that = (Subject)o;
// check the principal and credential sets
Set thatPrincipals;
synchronized(that.principals) {
// avoid deadlock from dual locks
thatPrincipals = new HashSet(that.principals);
}
if (!principals.equals(thatPrincipals)) {
return false;
}
Set thatPubCredentials;
synchronized(that.pubCredentials) {
// avoid deadlock from dual locks
thatPubCredentials = new HashSet(that.pubCredentials);
}
if (!pubCredentials.equals(thatPubCredentials)) {
return false;
}
Set thatPrivCredentials;
synchronized(that.privCredentials) {
// avoid deadlock from dual locks
thatPrivCredentials = new HashSet(that.privCredentials);
}
if (!privCredentials.equals(thatPrivCredentials)) {
return false;
}
return true;
}
return false;
| private int | getCredHashCode(java.lang.Object o)get a credential's hashcode
try {
return o.hashCode();
} catch (IllegalStateException ise) {
return o.getClass().toString().hashCode();
}
| public java.util.Set | getPrincipals()Return the Set of Principals associated with this
Subject . Each Principal represents
an identity for this Subject .
The returned Set is backed by this Subject's
internal Principal Set . Any modification
to the returned Set affects the internal
Principal Set as well.
// always return an empty Set instead of null
// so LoginModules can add to the Set if necessary
return principals;
| public java.util.Set | getPrincipals(java.lang.Class c)Return a Set of Principals associated with this
Subject that are instances or subclasses of the specified
Class .
The returned Set is not backed by this Subject's
internal Principal Set . A new
Set is created and returned for each method invocation.
Modifications to the returned Set
will not affect the internal Principal Set .
if (c == null)
throw new NullPointerException
(ResourcesMgr.getString("invalid null Class provided"));
// always return an empty Set instead of null
// so LoginModules can add to the Set if necessary
return new ClassSet(PRINCIPAL_SET, c);
| public java.util.Set | getPrivateCredentials()Return the Set of private credentials held by this
Subject .
The returned Set is backed by this Subject's
internal private Credential Set . Any modification
to the returned Set affects the internal private
Credential Set as well.
A caller requires permissions to access the Credentials
in the returned Set , or to modify the
Set itself. A SecurityException
is thrown if the caller does not have the proper permissions.
While iterating through the Set ,
a SecurityException is thrown
if the caller does not have permission to access a
particular Credential. The Iterator
is nevertheless advanced to next element in the Set .
// XXX
// we do not need a security check for
// AuthPermission(getPrivateCredentials)
// because we already restrict access to private credentials
// via the PrivateCredentialPermission. all the extra AuthPermission
// would do is protect the set operations themselves
// (like size()), which don't seem security-sensitive.
// always return an empty Set instead of null
// so LoginModules can add to the Set if necessary
return privCredentials;
| public java.util.Set | getPrivateCredentials(java.lang.Class c)Return a Set of private credentials associated with this
Subject that are instances or subclasses of the specified
Class .
The caller must have permission to access all of the
requested Credentials, or a SecurityException
will be thrown.
The returned Set is not backed by this Subject's
internal private Credential Set . A new
Set is created and returned for each method invocation.
Modifications to the returned Set
will not affect the internal private Credential Set .
// XXX
// we do not need a security check for
// AuthPermission(getPrivateCredentials)
// because we already restrict access to private credentials
// via the PrivateCredentialPermission. all the extra AuthPermission
// would do is protect the set operations themselves
// (like size()), which don't seem security-sensitive.
if (c == null)
throw new NullPointerException
(ResourcesMgr.getString("invalid null Class provided"));
// always return an empty Set instead of null
// so LoginModules can add to the Set if necessary
return new ClassSet<T>(PRIV_CREDENTIAL_SET, c);
| public java.util.Set | getPublicCredentials()Return the Set of public credentials held by this
Subject .
The returned Set is backed by this Subject's
internal public Credential Set . Any modification
to the returned Set affects the internal public
Credential Set as well.
// always return an empty Set instead of null
// so LoginModules can add to the Set if necessary
return pubCredentials;
| public java.util.Set | getPublicCredentials(java.lang.Class c)Return a Set of public credentials associated with this
Subject that are instances or subclasses of the specified
Class .
The returned Set is not backed by this Subject's
internal public Credential Set . A new
Set is created and returned for each method invocation.
Modifications to the returned Set
will not affect the internal public Credential Set .
if (c == null)
throw new NullPointerException
(ResourcesMgr.getString("invalid null Class provided"));
// always return an empty Set instead of null
// so LoginModules can add to the Set if necessary
return new ClassSet<T>(PUB_CREDENTIAL_SET, c);
| public static javax.security.auth.Subject | getSubject(java.security.AccessControlContext acc)Get the Subject associated with the provided
AccessControlContext .
The AccessControlContext may contain many
Subjects (from nested doAs calls).
In this situation, the most recent Subject associated
with the AccessControlContext is returned.
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new AuthPermission("getSubject"));
}
if (acc == null) {
throw new NullPointerException(ResourcesMgr.getString
("invalid null AccessControlContext provided"));
}
// return the Subject from the DomainCombiner of the provided context
return (Subject)AccessController.doPrivileged
(new java.security.PrivilegedAction() {
public Object run() {
DomainCombiner dc = acc.getDomainCombiner();
if (!(dc instanceof SubjectDomainCombiner))
return null;
SubjectDomainCombiner sdc = (SubjectDomainCombiner)dc;
return sdc.getSubject();
}
});
| public int | hashCode()Returns a hashcode for this Subject .
/**
* The hashcode is derived exclusive or-ing the
* hashcodes of this Subject's Principals and credentials.
*
* If a particular credential was destroyed
* (<code>credential.hashCode()</code> throws an
* <code>IllegalStateException</code>),
* the hashcode for that credential is derived via:
* <code>credential.getClass().toString().hashCode()</code>.
*/
int hashCode = 0;
synchronized(principals) {
Iterator pIterator = principals.iterator();
while (pIterator.hasNext()) {
Principal p = (Principal)pIterator.next();
hashCode ^= p.hashCode();
}
}
synchronized(pubCredentials) {
Iterator pubCIterator = pubCredentials.iterator();
while (pubCIterator.hasNext()) {
hashCode ^= getCredHashCode(pubCIterator.next());
}
}
return hashCode;
| public boolean | isReadOnly()Query whether this Subject is read-only.
return this.readOnly;
| private void | readObject(java.io.ObjectInputStream s)Reads this object from a stream (i.e., deserializes it)
s.defaultReadObject();
// The Credential <code>Set</code> is not serialized, but we do not
// want the default deserialization routine to set it to null.
this.pubCredentials = Collections.synchronizedSet
(new SecureSet(this, PUB_CREDENTIAL_SET));
this.privCredentials = Collections.synchronizedSet
(new SecureSet(this, PRIV_CREDENTIAL_SET));
| public void | setReadOnly()Set this Subject to be read-only.
Modifications (additions and removals) to this Subject's
Principal Set and
credential Sets will be disallowed.
The destroy operation on this Subject's credentials will
still be permitted.
Subsequent attempts to modify the Subject's Principal
and credential Sets will result in an
IllegalStateException being thrown.
Also, once a Subject is read-only,
it can not be reset to being writable again.
java.lang.SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new AuthPermission("setReadOnly"));
}
this.readOnly = true;
| public java.lang.String | toString()Return the String representation of this Subject .
return toString(true);
| java.lang.String | toString(boolean includePrivateCredentials)package private convenience method to print out the Subject
without firing off a security check when trying to access
the Private Credentials
String s = ResourcesMgr.getString("Subject:\n");
String suffix = "";
synchronized(principals) {
Iterator pI = principals.iterator();
while (pI.hasNext()) {
Principal p = (Principal)pI.next();
suffix = suffix + ResourcesMgr.getString("\tPrincipal: ") +
p.toString() + ResourcesMgr.getString("\n");
}
}
synchronized(pubCredentials) {
Iterator pI = pubCredentials.iterator();
while (pI.hasNext()) {
Object o = pI.next();
suffix = suffix +
ResourcesMgr.getString("\tPublic Credential: ") +
o.toString() + ResourcesMgr.getString("\n");
}
}
if (includePrivateCredentials) {
synchronized(privCredentials) {
Iterator pI = privCredentials.iterator();
while (pI.hasNext()) {
try {
Object o = pI.next();
suffix += ResourcesMgr.getString
("\tPrivate Credential: ") +
o.toString() +
ResourcesMgr.getString("\n");
} catch (SecurityException se) {
suffix += ResourcesMgr.getString
("\tPrivate Credential inaccessible\n");
break;
}
}
}
}
return s + suffix;
| private void | writeObject(java.io.ObjectOutputStream oos)Writes this object out to a stream (i.e., serializes it).
synchronized(principals) {
oos.defaultWriteObject();
}
|
|