Java™ Platform
Standard Ed. 6

javax.security.auth
Class AuthPermission

java.lang.Object
  extended by java.security.Permission
      extended by java.security.BasicPermission
          extended by javax.security.auth.AuthPermission
All Implemented Interfaces:
Serializable, Guard

public final class AuthPermission
extends BasicPermission

This class is for authentication permissions. An AuthPermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.

The target name is the name of a security configuration parameter (see below). Currently the AuthPermission object is used to guard access to the Policy, Subject, LoginContext, and Configuration objects.

The possible target names for an Authentication Permission are:

        doAs -                  allow the caller to invoke the
                                Subject.doAs methods.

        doAsPrivileged -        allow the caller to invoke the
                                Subject.doAsPrivileged methods.

        getSubject -            allow for the retrieval of the
                                Subject(s) associated with the
                                current Thread.

        getSubjectFromDomainCombiner -  allow for the retrieval of the
                                Subject associated with the
                                a SubjectDomainCombiner.

        setReadOnly -           allow the caller to set a Subject
                                to be read-only.

        modifyPrincipals -      allow the caller to modify the Set
                                of Principals associated with a
                                Subject

        modifyPublicCredentials - allow the caller to modify the
                                Set of public credentials
                                associated with a Subject

        modifyPrivateCredentials - allow the caller to modify the
                                Set of private credentials
                                associated with a Subject

        refreshCredential -     allow code to invoke the refresh
                                method on a credential which implements
                                the Refreshable interface.

        destroyCredential -     allow code to invoke the destroy
                                method on a credential object
                                which implements the Destroyable
                                interface.

        createLoginContext.{name} -  allow code to instantiate a
                                LoginContext with the
                                specified name.  name
                                is used as the index into the installed login
                                Configuration
                                (that returned by
                                Configuration.getConfiguration()).
                                name can be wildcarded (set to '*')
                                to allow for any name.

        getLoginConfiguration - allow for the retrieval of the system-wide
                                login Configuration.

        createLoginConfiguration.{type} - allow code to obtain a Configuration
                                object via
                                Configuration.getInstance.

        setLoginConfiguration - allow for the setting of the system-wide
                                login Configuration.

        refreshLoginConfiguration - allow for the refreshing of the system-wide
                                login Configuration.
 

The following target name has been deprecated in favor of createLoginContext.{name}.

        createLoginContext -    allow code to instantiate a
                                LoginContext.
 

javax.security.auth.Policy has been deprecated in favor of java.security.Policy. Therefore, the following target names have also been deprecated:

        getPolicy -             allow the caller to retrieve the system-wide
                                Subject-based access control policy.

        setPolicy -             allow the caller to set the system-wide
                                Subject-based access control policy.

        refreshPolicy -         allow the caller to refresh the system-wide
                                Subject-based access control policy.
 

See Also:
Serialized Form

Constructor Summary
AuthPermission(String name)
          Creates a new AuthPermission with the specified name.
AuthPermission(String name, String actions)
          Creates a new AuthPermission object with the specified name.
 
Method Summary
 
Methods inherited from class java.security.BasicPermission
equals, getActions, hashCode, implies, newPermissionCollection
 
Methods inherited from class java.security.Permission
checkGuard, getName, toString
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Constructor Detail

AuthPermission

public AuthPermission(String name)
Creates a new AuthPermission with the specified name. The name is the symbolic name of the AuthPermission.

Parameters:
name - the name of the AuthPermission
Throws:
NullPointerException - if name is null.
IllegalArgumentException - if name is empty.

AuthPermission

public AuthPermission(String name,
                      String actions)
Creates a new AuthPermission object with the specified name. The name is the symbolic name of the AuthPermission, and the actions String is currently unused and should be null.

Parameters:
name - the name of the AuthPermission

actions - should be null.
Throws:
NullPointerException - if name is null.
IllegalArgumentException - if name is empty.

Java™ Platform
Standard Ed. 6

Submit a bug or feature
For further API reference and developer documentation, see Java SE Developer Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.

Copyright 2006 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. Also see the documentation redistribution policy.