- java.lang.Object
-
- java.security.Permission
-
- java.security.BasicPermission
-
- javax.security.auth.AuthPermission
-
- All Implemented Interfaces:
-
Serializable,Guard
public final class AuthPermission extends BasicPermission
此类用于验证权限。 一个AuthPermission包含一个名称(也称为“目标名称”),但没有动作列表; 你有指定的权限,或者你没有。目标名称是安全配置参数的名称(见下文)。 目前
AuthPermission对象用于保护访问Policy,Subject,LoginContext,并Configuration对象。身份验证权限的标准目标名称为:
doAs - allow the caller to invoke theSubject.doAsmethods. doAsPrivileged - allow the caller to invoke theSubject.doAsPrivilegedmethods. getSubject - allow for the retrieval of the Subject(s) associated with the current Thread. getSubjectFromDomainCombiner - allow for the retrieval of the Subject associated with the aSubjectDomainCombiner. setReadOnly - allow the caller to set a Subject to be read-only. modifyPrincipals - allow the caller to modify theSetof Principals associated with aSubjectmodifyPublicCredentials - allow the caller to modify theSetof public credentials associated with aSubjectmodifyPrivateCredentials - allow the caller to modify theSetof private credentials associated with aSubjectrefreshCredential - allow code to invoke therefreshmethod on a credential which implements theRefreshableinterface. destroyCredential - allow code to invoke thedestroymethod on a credentialobjectwhich implements theDestroyableinterface. createLoginContext.{name} - allow code to instantiate aLoginContextwith the specifiedname.nameis used as the index into the installed loginConfiguration(that returned byConfiguration.getConfiguration()). name can be wildcarded (set to '*') to allow for any name. getLoginConfiguration - allow for the retrieval of the system-wide login Configuration. createLoginConfiguration.{type} - allow code to obtain a Configuration object viaConfiguration.getInstance. setLoginConfiguration - allow for the setting of the system-wide login Configuration. refreshLoginConfiguration - allow for the refreshing of the system-wide login Configuration.请注意,使用“modifyPrincipals”,“modifyPublicCredentials”或“modifyPrivateCredentials”目标授予此权限允许JAAS登录模块将主体或凭据对象填充到主题中。 虽然在私人凭证集中读取信息需要授予凭证类型的
PrivateCredentialPermission,但是在主体集合和公共凭证集中读取信息不需要其他权限。 这些对象可能包含潜在的敏感信息。 例如,读取本地用户信息或执行Kerberos登录的登录模块能够将可能敏感的信息(如用户ID,组和域名)添加到主体集。以下目标名称已被弃用,赞成
createLoginContext.{name}。createLoginContext - allow code to instantiate aLoginContext.javax.security.auth.Policy已被弃用赞成java.security.Policy。 因此,以下目标名称也已被弃用:getPolicy - allow the caller to retrieve the system-wide Subject-based access control policy. setPolicy - allow the caller to set the system-wide Subject-based access control policy. refreshPolicy - allow the caller to refresh the system-wide Subject-based access control policy.- Implementation Note:
- 实现可能会定义其他目标名称,但应使用命名约定(如反向域名符号)来避免名称冲突。
- 从以下版本开始:
- 1.4
- 另请参见:
- Serialized Form
-
-
构造方法摘要
构造方法 Constructor 描述 AuthPermission(String name)创建一个具有指定名称的新AuthPermission。AuthPermission(String name, String actions)创建一个具有指定名称的新AuthPermission对象。
-
方法摘要
-
Methods inherited from class java.security.BasicPermission
equals, getActions, hashCode, implies, newPermissionCollection
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
-
Methods inherited from class java.security.Permission
checkGuard, getName, toString
-
-
-
-
构造方法详细信息
-
AuthPermission
public AuthPermission(String name)
创建一个具有指定名称的新AuthPermission。 该名称是AuthPermission的符号名称。- 参数
-
name- AuthPermission的名称 - 异常
-
NullPointerException- 如果name是null。 -
IllegalArgumentException- 如果name为空。
-
AuthPermission
public AuthPermission(String name, String actions)
创建一个具有指定名称的新AuthPermission对象。 该名称是AuthPermission的符号名称,并且操作String当前未使用,应为null。- 参数
-
name- AuthPermission的名称 -
actions- 应为null。 - 异常
-
NullPointerException- 如果name是null。 -
IllegalArgumentException- 如果name为空。
-
-