- java.lang.Object
-
- java.security.Permission
-
- java.security.BasicPermission
-
- javax.security.auth.AuthPermission
-
- All Implemented Interfaces:
-
Serializable
,Guard
public final class AuthPermission extends BasicPermission
此类用于验证权限。 一个AuthPermission
包含一个名称(也称为“目标名称”),但没有动作列表; 你有指定的权限,或者你没有。目标名称是安全配置参数的名称(见下文)。 目前
AuthPermission
对象用于保护访问Policy
,Subject
,LoginContext
,并Configuration
对象。身份验证权限的标准目标名称为:
doAs - allow the caller to invoke the
Subject.doAs
methods. doAsPrivileged - allow the caller to invoke theSubject.doAsPrivileged
methods. getSubject - allow for the retrieval of the Subject(s) associated with the current Thread. getSubjectFromDomainCombiner - allow for the retrieval of the Subject associated with the aSubjectDomainCombiner
. setReadOnly - allow the caller to set a Subject to be read-only. modifyPrincipals - allow the caller to modify theSet
of Principals associated with aSubject
modifyPublicCredentials - allow the caller to modify theSet
of public credentials associated with aSubject
modifyPrivateCredentials - allow the caller to modify theSet
of private credentials associated with aSubject
refreshCredential - allow code to invoke therefresh
method on a credential which implements theRefreshable
interface. destroyCredential - allow code to invoke thedestroy
method on a credentialobject
which implements theDestroyable
interface. createLoginContext.{name} - allow code to instantiate aLoginContext
with the specifiedname
.name
is used as the index into the installed loginConfiguration
(that returned byConfiguration.getConfiguration()
). name can be wildcarded (set to '*') to allow for any name. getLoginConfiguration - allow for the retrieval of the system-wide login Configuration. createLoginConfiguration.{type} - allow code to obtain a Configuration object viaConfiguration.getInstance
. setLoginConfiguration - allow for the setting of the system-wide login Configuration. refreshLoginConfiguration - allow for the refreshing of the system-wide login Configuration.请注意,使用“modifyPrincipals”,“modifyPublicCredentials”或“modifyPrivateCredentials”目标授予此权限允许JAAS登录模块将主体或凭据对象填充到主题中。 虽然在私人凭证集中读取信息需要授予凭证类型的
PrivateCredentialPermission
,但是在主体集合和公共凭证集中读取信息不需要其他权限。 这些对象可能包含潜在的敏感信息。 例如,读取本地用户信息或执行Kerberos登录的登录模块能够将可能敏感的信息(如用户ID,组和域名)添加到主体集。以下目标名称已被弃用,赞成
createLoginContext.{name}
。createLoginContext - allow code to instantiate a
LoginContext
.javax.security.auth.Policy
已被弃用赞成java.security.Policy
。 因此,以下目标名称也已被弃用:getPolicy - allow the caller to retrieve the system-wide Subject-based access control policy. setPolicy - allow the caller to set the system-wide Subject-based access control policy. refreshPolicy - allow the caller to refresh the system-wide Subject-based access control policy.
- Implementation Note:
- 实现可能会定义其他目标名称,但应使用命名约定(如反向域名符号)来避免名称冲突。
- 从以下版本开始:
- 1.4
- 另请参见:
- Serialized Form
-
-
构造方法摘要
构造方法 Constructor 描述 AuthPermission(String name)
创建一个具有指定名称的新AuthPermission。AuthPermission(String name, String actions)
创建一个具有指定名称的新AuthPermission对象。
-
方法摘要
-
Methods inherited from class java.security.BasicPermission
equals, getActions, hashCode, implies, newPermissionCollection
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
-
Methods inherited from class java.security.Permission
checkGuard, getName, toString
-
-
-
-
构造方法详细信息
-
AuthPermission
public AuthPermission(String name)
创建一个具有指定名称的新AuthPermission。 该名称是AuthPermission的符号名称。- 参数
-
name
- AuthPermission的名称 - 异常
-
NullPointerException
- 如果name
是null
。 -
IllegalArgumentException
- 如果name
为空。
-
AuthPermission
public AuthPermission(String name, String actions)
创建一个具有指定名称的新AuthPermission对象。 该名称是AuthPermission的符号名称,并且操作String当前未使用,应为null。- 参数
-
name
- AuthPermission的名称 -
actions
- 应为null。 - 异常
-
NullPointerException
- 如果name
是null
。 -
IllegalArgumentException
- 如果name
为空。
-
-