模块 java.base
 javax.security.auth

类 AuthPermission

java.lang.Object
java.security.Permission
java.security.BasicPermission
javax.security.auth.AuthPermission
所有已实现的接口:
Serializable , Guard
public final class AuthPermission extends BasicPermission
此类用于身份验证权限。 AuthPermission 包含名称(也称为“目标名称”)但没有操作列表;您要么拥有命名权限,要么没有。

目标名称是安全配置参数的名称(见下文)。目前,AuthPermission 对象用于保护对 Subject LoginContext Configuration 对象的访问。

身份验证权限的标准目标名称是:

   doAs -         allow the caller to invoke the
               Subject.doAs methods.

   doAsPrivileged -    allow the caller to invoke the
               Subject.doAsPrivileged methods.

   getSubject -      allow for the retrieval of the
               Subject(s) associated with the
               current Thread.

   getSubjectFromDomainCombiner - allow for the retrieval of the
               Subject associated with the
               a SubjectDomainCombiner .

   setReadOnly -      allow the caller to set a Subject
               to be read-only.

   modifyPrincipals -   allow the caller to modify the Set 
               of Principals associated with a
               Subject 

   modifyPublicCredentials - allow the caller to modify the
               Set of public credentials
               associated with a Subject 

   modifyPrivateCredentials - allow the caller to modify the
               Set of private credentials
               associated with a Subject 

   refreshCredential -   allow code to invoke the refresh 
               method on a credential which implements
               the Refreshable interface.

   destroyCredential -   allow code to invoke the destroy 
               method on a credential object 
               which implements the Destroyable 
               interface.

   createLoginContext.{name} - allow code to instantiate a
               LoginContext with the
               specified name . name 
               is used as the index into the installed login
               Configuration 
               (that returned by
               Configuration.getConfiguration() ).
               name can be wildcarded (set to '*')
               to allow for any name.

   getLoginConfiguration - allow for the retrieval of the system-wide
               login Configuration.

   createLoginConfiguration.{type} - allow code to obtain a Configuration
               object via
               Configuration.getInstance .

   setLoginConfiguration - allow for the setting of the system-wide
               login Configuration.

   refreshLoginConfiguration - allow for the refreshing of the system-wide
               login Configuration.

请注意,使用“modifyPrincipals”、“modifyPublicCredentials”或“modifyPrivateCredentials”目标授予此权限允许 JAAS 登录模块将主体或凭证对象填充到主题中。尽管读取私有凭据集内的信息需要授予PrivateCredentialPermission 凭据类型,但读取主体集和公共凭据集内的信息不需要额外的权限。这些对象可能包含潜在的敏感信息。例如,读取本地用户信息或执行 Kerberos 登录的登录模块能够将用户 ID、组和域名等潜在敏感信息添加到主体集中。

以下目标名称已被弃用,取而代之的是 createLoginContext.{name}

   createLoginContext -  allow code to instantiate a
               LoginContext .
实现注意事项:
实现可以定义额外的目标名称,但应使用命名约定(例如反向域名表示法)以避免名称冲突。
自从:
1.4
参见:

  • 构造方法详细信息

    • AuthPermission

      public AuthPermission(String  name)
      创建具有指定名称的新 AuthPermission。该名称是 AuthPermission 的符号名称。
      参数:
      name - AuthPermission 的名称
      抛出:
      NullPointerException - 如果 namenull
      IllegalArgumentException - 如果 name 为空。

    • AuthPermission

      public AuthPermission(String  name, String  actions)
      创建具有指定名称的新 AuthPermission 对象。 name 是 AuthPermission 的符号名称,actions String 当前未使用,应为 null。
      参数:
      name - AuthPermission 的名称
      actions - 应该为空。
      抛出:
      NullPointerException - 如果 namenull
      IllegalArgumentException - 如果 name 为空。