<- StyleSheet   SubjectDomainCombiner ->

API java : Subject


javax.security.auth
Class Subject

java.lang.Object
  extended by javax.security.auth.Subject
All Implemented Interfaces:
Serializable

public final class Subject
extends Object
implements Serializable

A Subject represents a grouping of related information for a single entity, such as a person. Such information includes the Subject's identities as well as its security-related attributes (passwords and cryptographic keys, for example).

Subjects may potentially have multiple identities. Each identity is represented as a Principal within the Subject. Principals simply bind names to a Subject. For example, a Subject that happens to be a person, Alice, might have two Principals: one which binds "Alice Bar", the name on her driver license, to the Subject, and another which binds, "999-99-9999", the number on her student identification card, to the Subject. Both Principals refer to the same Subject even though each has a different name.

A Subject may also own security-related attributes, which are referred to as credentials. Sensitive credentials that require special protection, such as private cryptographic keys, are stored within a private credential Set. Credentials intended to be shared, such as public key certificates or Kerberos server tickets are stored within a public credential Set. Different permissions are required to access and modify the different credential Sets.

To retrieve all the Principals associated with a Subject, invoke the getPrincipals method. To retrieve all the public or private credentials belonging to a Subject, invoke the getPublicCredentials method or getPrivateCredentials method, respectively. To modify the returned Set of Principals and credentials, use the methods defined in the Set class. For example: 

  1. Subject subject;
  2.         Principal principal;
  3.         Object credential;
  4.  
  5.         // add a Principal and credential to the Subject
  6.         subject.getPrincipals().add(principal);
  7.         subject.getPublicCredentials().add(credential);

This Subject class implements Serializable. While the Principals associated with the Subject are serialized, the credentials associated with the Subject are not. Note that the java.security.Principal class does not implement Serializable. Therefore all concrete Principal implementations associated with Subjects must implement Serializable.

See Also:
Principal, DomainCombiner, Serialized Form

Constructor Summary
Subject()
          Create an instance of a Subject with an empty Set of Principals and empty Sets of public and private credentials.
Subject(boolean readOnly, Set<? extends Principal> principals, Set<?> pubCredentials, Set<?> privCredentials)
          Create an instance of a Subject with Principals and credentials.
 
Method Summary
static Object doAs(Subject subject, PrivilegedAction action)
          Perform work as a particular Subject.
static Object doAs(Subject subject, PrivilegedExceptionAction action)
          Perform work as a particular Subject.
static Object doAsPrivileged(Subject subject, PrivilegedAction action, AccessControlContext acc)
          Perform privileged work as a particular Subject.
static Object doAsPrivileged(Subject subject, PrivilegedExceptionAction action, AccessControlContext acc)
          Perform privileged work as a particular Subject.
 boolean equals(Object o)
          Compares the specified Object with this Subject for equality.
 Set<Principal> getPrincipals()
          Return the Set of Principals associated with this Subject.
<T extends Principal>
Set<T>
getPrincipals(Class<T> c)
          Return a Set of Principals associated with this Subject that are instances or subclasses of the specified Class.
 Set<Object> getPrivateCredentials()
          Return the Set of private credentials held by this Subject.
<T> Set<T>
getPrivateCredentials(Class<T> c)
          Return a Set of private credentials associated with this Subject that are instances or subclasses of the specified Class.
 Set<Object> getPublicCredentials()
          Return the Set of public credentials held by this Subject.
<T> Set<T>
getPublicCredentials(Class<T> c)
          Return a Set of public credentials associated with this Subject that are instances or subclasses of the specified Class.
static Subject getSubject(AccessControlContext acc)
          Get the Subject associated with the provided AccessControlContext.
 int hashCode()
          Returns a hashcode for this Subject.
 boolean isReadOnly()
          Query whether this Subject is read-only.
 void setReadOnly()
          Set this Subject to be read-only.
 String toString()
          Return the String representation of this Subject.
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Constructor Detail

Subject

public Subject()
Create an instance of a Subject with an empty Set of Principals and empty Sets of public and private credentials.

The newly constructed Sets check whether this Subject has been set read-only before permitting subsequent modifications. The newly created Sets also prevent illegal modifications by ensuring that callers have sufficient permissions.

To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals"). To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials"). To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials").


Subject

public Subject(boolean readOnly,
               Set<? extends Principal> principals,
               Set<?> pubCredentials,
               Set<?> privCredentials)
Create an instance of a Subject with Principals and credentials.

The Principals and credentials from the specified Sets are copied into newly constructed Sets. These newly created Sets check whether this Subject has been set read-only before permitting subsequent modifications. The newly created Sets also prevent illegal modifications by ensuring that callers have sufficient permissions.

To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals"). To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials"). To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials").

Parameters:
readOnly - true if the Subject is to be read-only, and false otherwise.

principals - the Set of Principals to be associated with this Subject.

pubCredentials - the Set of public credentials to be associated with this Subject.

privCredentials - the Set of private credentials to be associated with this Subject.
Throws:
NullPointerException - if the specified principals, pubCredentials, or privCredentials are null.
Method Detail

setReadOnly

public void setReadOnly()
Set this Subject to be read-only.

Modifications (additions and removals) to this Subject's Principal Set and credential Sets will be disallowed. The destroy operation on this Subject's credentials will still be permitted.

Subsequent attempts to modify the Subject's Principal and credential Sets will result in an IllegalStateException being thrown. Also, once a Subject is read-only, it can not be reset to being writable again.

Throws:
SecurityException - if the caller does not have permission to set this Subject to be read-only.

isReadOnly

public boolean isReadOnly()
Query whether this Subject is read-only.

Returns:
true if this Subject is read-only, false otherwise.

getSubject

public static Subject getSubject(AccessControlContext acc)
Get the Subject associated with the provided AccessControlContext.

The AccessControlContext may contain many Subjects (from nested doAs calls). In this situation, the most recent Subject associated with the AccessControlContext is returned.

Parameters:
acc - the AccessControlContext from which to retrieve the Subject.
Returns:
the Subject associated with the provided AccessControlContext, or null if no Subject is associated with the provided AccessControlContext.
Throws:
SecurityException - if the caller does not have permission to get the Subject.

NullPointerException - if the provided AccessControlContext is null.

doAs

public static Object doAs(Subject subject,
                          PrivilegedAction action)
Perform work as a particular Subject.

This method first retrieves the current Thread's AccessControlContext via AccessController.getContext, and then instantiates a new AccessControlContext using the retrieved context along with a new SubjectDomainCombiner (constructed using the provided Subject). Finally, this method invokes AccessController.doPrivileged, passing it the provided PrivilegedAction, as well as the newly constructed AccessControlContext.

Parameters:
subject - the Subject that the specified action will run as. This parameter may be null.

action - the code to be run as the specified Subject.

Returns:
the Object returned by the PrivilegedAction's run method.
Throws:
NullPointerException - if the PrivilegedAction is null.

SecurityException - if the caller does not have permission to invoke this method.

doAs

public static Object doAs(Subject subject,
                          PrivilegedExceptionAction action)
                   throws PrivilegedActionException
Perform work as a particular Subject.

This method first retrieves the current Thread's AccessControlContext via AccessController.getContext, and then instantiates a new AccessControlContext using the retrieved context along with a new SubjectDomainCombiner (constructed using the provided Subject). Finally, this method invokes AccessController.doPrivileged, passing it the provided PrivilegedExceptionAction, as well as the newly constructed AccessControlContext.

Parameters:
subject - the Subject that the specified action will run as. This parameter may be null.

action - the code to be run as the specified Subject.

Returns:
the Object returned by the PrivilegedExceptionAction's run method.
Throws:
PrivilegedActionException - if the PrivilegedExceptionAction.run method throws a checked exception.

NullPointerException - if the specified PrivilegedExceptionAction is null.

SecurityException - if the caller does not have permission to invoke this method.

doAsPrivileged

public static Object doAsPrivileged(Subject subject,
                                    PrivilegedAction action,
                                    AccessControlContext acc)
Perform privileged work as a particular Subject.

This method behaves exactly as Subject.doAs, except that instead of retrieving the current Thread's AccessControlContext, it uses the provided AccessControlContext. If the provided AccessControlContext is null, this method instantiates a new AccessControlContext with an empty collection of ProtectionDomains.

Parameters:
subject - the Subject that the specified action will run as. This parameter may be null.

action - the code to be run as the specified Subject.

acc - the AccessControlContext to be tied to the specified subject and action.

Returns:
the Object returned by the PrivilegedAction's run method.
Throws:
NullPointerException - if the PrivilegedAction is null.

SecurityException - if the caller does not have permission to invoke this method.

doAsPrivileged

public static Object doAsPrivileged(Subject subject,
                                    PrivilegedExceptionAction action,
                                    AccessControlContext acc)
                             throws PrivilegedActionException
Perform privileged work as a particular Subject.

This method behaves exactly as Subject.doAs, except that instead of retrieving the current Thread's AccessControlContext, it uses the provided AccessControlContext. If the provided AccessControlContext is null, this method instantiates a new AccessControlContext with an empty collection of ProtectionDomains.

Parameters:
subject - the Subject that the specified action will run as. This parameter may be null.

action - the code to be run as the specified Subject.

acc - the AccessControlContext to be tied to the specified subject and action.

Returns:
the Object returned by the PrivilegedExceptionAction's run method.
Throws:
PrivilegedActionException - if the PrivilegedExceptionAction.run method throws a checked exception.

NullPointerException - if the specified PrivilegedExceptionAction is null.

SecurityException - if the caller does not have permission to invoke this method.

getPrincipals

public Set<Principal> getPrincipals()
Return the Set of Principals associated with this Subject. Each Principal represents an identity for this Subject.

The returned Set is backed by this Subject's internal Principal Set. Any modification to the returned Set affects the internal Principal Set as well.

Returns:
The Set of Principals associated with this Subject.

getPrincipals

public <T extends Principal> Set<T> getPrincipals(Class<T> c)
Return a Set of Principals associated with this Subject that are instances or subclasses of the specified Class.

The returned Set is not backed by this Subject's internal Principal Set. A new Set is created and returned for each method invocation. Modifications to the returned Set will not affect the internal Principal Set.

Parameters:
c - the returned Set of Principals will all be instances of this class.
Returns:
a Set of Principals that are instances of the specified Class.
Throws:
NullPointerException - if the specified Class is null.

getPublicCredentials

public Set<Object> getPublicCredentials()
Return the Set of public credentials held by this Subject.

The returned Set is backed by this Subject's internal public Credential Set. Any modification to the returned Set affects the internal public Credential Set as well.

Returns:
A Set of public credentials held by this Subject.

getPrivateCredentials

public Set<Object> getPrivateCredentials()
Return the Set of private credentials held by this Subject.

The returned Set is backed by this Subject's internal private Credential Set. Any modification to the returned Set affects the internal private Credential Set as well.

A caller requires permissions to access the Credentials in the returned Set, or to modify the Set itself. A SecurityException is thrown if the caller does not have the proper permissions.

While iterating through the Set, a SecurityException is thrown if the caller does not have permission to access a particular Credential. The Iterator is nevertheless advanced to next element in the Set.

Returns:
A Set of private credentials held by this Subject.

getPublicCredentials

public <T> Set<T> getPublicCredentials(Class<T> c)
Return a Set of public credentials associated with this Subject that are instances or subclasses of the specified Class.

The returned Set is not backed by this Subject's internal public Credential Set. A new Set is created and returned for each method invocation. Modifications to the returned Set will not affect the internal public Credential Set.

Parameters:
c - the returned Set of public credentials will all be instances of this class.
Returns:
a Set of public credentials that are instances of the specified Class.
Throws:
NullPointerException - if the specified Class is null.

getPrivateCredentials

public <T> Set<T> getPrivateCredentials(Class<T> c)
Return a Set of private credentials associated with this Subject that are instances or subclasses of the specified Class.

The caller must have permission to access all of the requested Credentials, or a SecurityException will be thrown.

The returned Set is not backed by this Subject's internal private Credential Set. A new Set is created and returned for each method invocation. Modifications to the returned Set will not affect the internal private Credential Set.

Parameters:
c - the returned Set of private credentials will all be instances of this class.
Returns:
a Set of private credentials that are instances of the specified Class.
Throws:
NullPointerException - if the specified Class is null.

equals

public boolean equals(Object o)
Compares the specified Object with this Subject for equality. Returns true if the given object is also a Subject and the two Subject instances are equivalent. More formally, two Subject instances are equal if their Principal and Credential Sets are equal.

Overrides:
equals in class Object
Parameters:
o - Object to be compared for equality with this Subject.
Returns:
true if the specified Object is equal to this Subject.
Throws:
SecurityException - if the caller does not have permission to access the private credentials for this Subject, or if the caller does not have permission to access the private credentials for the provided Subject.
See Also:
Object.hashCode(), Hashtable

toString

public String toString()
Return the String representation of this Subject.

Overrides:
toString in class Object
Returns:
the String representation of this Subject.

hashCode

public int hashCode()
Returns a hashcode for this Subject.

Overrides:
hashCode in class Object
Returns:
a hashcode for this Subject.
Throws:
SecurityException - if the caller does not have permission to access this Subject's private credentials.
See Also:
Object.equals(java.lang.Object), Hashtable

Ces informations proviennent du site de http://java.sun.com

Remarques

Contenu

Le contenu de cette page provient du site de Sun, et est généré depuis un cache sur l'infobrol après certains traitements automatisés. La présentation peut donc différer du document original, mais le contenu aussi. Vous pouvez utiliser ce bouton pour afficher la page originale du site de Sun :

Quels sont les motivations de cette démarche?

Maintenir les pages en cache sur différents sites peut offrir plus de disponibilité.

Chaque page est indexée dans la base de donnée, ce qui permet de retrouver facilement les informations, au moyen des sommaires, du moteur de recherche interne, etc.

Des facilités sont mises en place pour que les membres de l'infobrol puissent effectuer des traductions en français des différents documents. Ceci devrait permettre aux débutants en programmation Java de consulter les API en français s'ils maîtrisent moins bien la langue de Shakespeare. Dans le cas où une traduction a été soumise, elle est disponible au moyen d'un lien en bas de page. Si la traduction a été validée, la page s'affiche par défaut en français, et un lien en bas de page permet d'atteindre la version en anglais.

Le code sur l'infobrol est automatiquement coloré selon la syntaxe, et les différents mots clés sont transformés en liens pour accéder rapidement aux informations.

Vous avez la possibilité de partager vos expériences en proposant vos propres extraits de code en utilisant le bouton "ajouter un commentaire" en bas de page. Si vous visitez simplement l'infobrol, vous avez déjà accès à cette fonction, mais si vous étes membre du brol, vous pouvez en plus utiliser des boutons supplémentaires de mise en forme, dont la coloration automatique de vos extraits de codes.

<- StyleSheet   SubjectDomainCombiner ->

Réseaux sociaux

|Plus d'options...

Vous pouvez modifier vos préférences dans votre profil pour ne plus afficher les interactions avec les réseaux sociaux sur ces pages.

 

Nuage de mots clés

7 mots clés dont 0 définis manuellement (plus d'information...).

Avertissement

Cette page ne possède pas encore de mots clés manuels, ceci est donc un exemple automatique (les niveaux de pertinence sont fictifs, mais les liens sont valables). Pour tester le nuage avec une page qui contient des mots définis manuellement, vous pouvez cliquer ici.
auth Gaudry javax security Signaler une erreur Stéphane Gaudry subject

Vous pouvez modifier vos préférences dans votre profil pour ne plus afficher le nuage de mots clés.

 

Structure du document

Astuce pour imprimer les couleurs des cellules de tableaux : http://www.gaudry.be/ast-rf-450.html
Aucun commentaire pour cette page

© Ce document issu de l′infobrol est enregistré sous le certificat Cyber PrInterDeposit Digital Numbertection. Enregistrement IDDN n° 5329-1995
Document créé le 31/08/06 02:01, dernière modification le Vendredi 17 Juin 2011, 12:12
Source du document imprimé : http://www.gaudry.be/java-api-rf-javax/security/auth/Subject.html Document affiché 1 fois ce mois de Juin.
St.Gaudry©07.01.02
Outils (masquer)
||
Recherche (afficher)
Recherche :

Utilisateur (masquer)
Navigation (masquer)
Apparence (afficher)
Stats (afficher)
15832 documents
452 astuces.
549 niouzes.
3099 definitions.
447 membres.
8115 messages.

Document genere en :
0,45 seconde

Mises à jour :
Mises à jour du site
Citation (masquer)
Un langage de programmation est censé être une façon conventionnelle de donner des ordres à un ordinateur. Il n'est pas censé être obscur, bizarre et plein de pièges subtils (ça ce sont les attributs de la magie).

Dave Small
 
l'infobrol
Nous sommes le Samedi 02 Juin 2012, 03:22, toutes les heures sont au format GMT+1.00 Heure, heure d'été (+1)