Module  java.base
软件包  javax.security.auth

Class AuthPermission

  • All Implemented Interfaces:
    SerializableGuard


    public final class AuthPermission
    extends BasicPermission
    此类用于验证权限。 一个AuthPermission包含一个名称(也称为“目标名称”),但没有动作列表; 你有指定的权限,或者你没有。

    目标名称是安全配置参数的名称(见下文)。 目前AuthPermission对象用于保护访问PolicySubjectLoginContext ,并Configuration对象。

    身份验证权限的标准目标名称为:

      doAs -                  allow the caller to invoke the
                                  Subject.doAs methods.
    
          doAsPrivileged -        allow the caller to invoke the
                                  Subject.doAsPrivileged methods.
    
          getSubject -            allow for the retrieval of the
                                  Subject(s) associated with the
                                  current Thread.
    
          getSubjectFromDomainCombiner -  allow for the retrieval of the
                                  Subject associated with the
                                  a SubjectDomainCombiner.
    
          setReadOnly -           allow the caller to set a Subject
                                  to be read-only.
    
          modifyPrincipals -      allow the caller to modify the Set
                                  of Principals associated with a
                                  Subject
    
          modifyPublicCredentials - allow the caller to modify the
                                  Set of public credentials
                                  associated with a Subject
    
          modifyPrivateCredentials - allow the caller to modify the
                                  Set of private credentials
                                  associated with a Subject
    
          refreshCredential -     allow code to invoke the refresh
                                  method on a credential which implements
                                  the Refreshable interface.
    
          destroyCredential -     allow code to invoke the destroy
                                  method on a credential object
                                  which implements the Destroyable
                                  interface.
    
          createLoginContext.{name} -  allow code to instantiate a
                                  LoginContext with the
                                  specified name.  name
                                  is used as the index into the installed login
                                  Configuration
                                  (that returned by
                                  Configuration.getConfiguration()).
                                  name can be wildcarded (set to '*')
                                  to allow for any name.
    
          getLoginConfiguration - allow for the retrieval of the system-wide
                                  login Configuration.
    
          createLoginConfiguration.{type} - allow code to obtain a Configuration
                                  object via
                                  Configuration.getInstance.
    
          setLoginConfiguration - allow for the setting of the system-wide
                                  login Configuration.
    
          refreshLoginConfiguration - allow for the refreshing of the system-wide
                                  login Configuration. 

    请注意,使用“modifyPrincipals”,“modifyPublicCredentials”或“modifyPrivateCredentials”目标授予此权限允许JAAS登录模块将主体或凭据对象填充到主题中。 虽然在私人凭证集中读取信息需要授予凭证类型的PrivateCredentialPermission ,但是在主体集合和公共凭证集中读取信息不需要其他权限。 这些对象可能包含潜在的敏感信息。 例如,读取本地用户信息或执行Kerberos登录的登录模块能够将可能敏感的信息(如用户ID,组和域名)添加到主体集。

    以下目标名称已被弃用,赞成createLoginContext.{name}

      createLoginContext -    allow code to instantiate a
                                  LoginContext. 

    javax.security.auth.Policy已被弃用赞成java.security.Policy 因此,以下目标名称也已被弃用:

      getPolicy -             allow the caller to retrieve the system-wide
                                  Subject-based access control policy.
    
          setPolicy -             allow the caller to set the system-wide
                                  Subject-based access control policy.
    
          refreshPolicy -         allow the caller to refresh the system-wide
                                  Subject-based access control policy. 
    Implementation Note:
    实现可能会定义其他目标名称,但应使用命名约定(如反向域名符号)来避免名称冲突。
    从以下版本开始:
    1.4
    另请参见:
    Serialized Form
    • 构造方法详细信息

      • AuthPermission

        public AuthPermission​(String name)
        创建一个具有指定名称的新AuthPermission。 该名称是AuthPermission的符号名称。
        参数
        name - AuthPermission的名称
        异常
        NullPointerException - 如果 namenull
        IllegalArgumentException - 如果 name为空。
      • AuthPermission

        public AuthPermission​(String name,
                              String actions)
        创建一个具有指定名称的新AuthPermission对象。 该名称是AuthPermission的符号名称,并且操作String当前未使用,应为null。
        参数
        name - AuthPermission的名称
        actions - 应为null。
        异常
        NullPointerException - 如果 namenull
        IllegalArgumentException - 如果 name为空。