src/share/classes/javax/security/auth/kerberos/DelegationPermission.java

Print this page 







  31 import java.security.PermissionCollection;
  32 import java.io.ObjectStreamField;
  33 import java.io.ObjectOutputStream;
  34 import java.io.ObjectInputStream;
  35 import java.io.IOException;
  36 
  37 /**
  38  * This class is used to restrict the usage of the Kerberos
  39  * delegation model, ie: forwardable and proxiable tickets.
  40  * <p>
  41  * The target name of this {@code Permission} specifies a pair of
  42  * kerberos service principals. The first is the subordinate service principal
  43  * being entrusted to use the TGT. The second service principal designates
  44  * the target service the subordinate service principal is to
  45  * interact with on behalf of the initiating KerberosPrincipal. This
  46  * latter service principal is specified to restrict the use of a
  47  * proxiable ticket.
  48  * <p>
  49  * For example, to specify the "host" service use of a forwardable TGT the
  50  * target permission is specified as follows:
  51  * <p>
  52  * <pre>
  53  *  DelegationPermission("\"host/foo.example.com@EXAMPLE.COM\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"");
  54  * </pre>
  55  * <p>
  56  * To give the "backup" service a proxiable nfs service ticket the target permission
  57  * might be specified:
  58  * <p>
  59  * <pre>
  60  *  DelegationPermission("\"backup/bar.example.com@EXAMPLE.COM\" \"nfs/home.EXAMPLE.COM@EXAMPLE.COM\"");
  61  * </pre>
  62  *
  63  * @since 1.4
  64  */
  65 
  66 public final class DelegationPermission extends BasicPermission
  67     implements java.io.Serializable {
  68 
  69     private static final long serialVersionUID = 883133252142523922L;
  70 
  71     private transient String subordinate, service;
  72 
  73     /**
  74      * Create a new {@code DelegationPermission}
  75      * with the specified subordinate and target principals.
  76      *
  77      * <p>
  78      *






  31 import java.security.PermissionCollection;
  32 import java.io.ObjectStreamField;
  33 import java.io.ObjectOutputStream;
  34 import java.io.ObjectInputStream;
  35 import java.io.IOException;
  36 
  37 /**
  38  * This class is used to restrict the usage of the Kerberos
  39  * delegation model, ie: forwardable and proxiable tickets.
  40  * <p>
  41  * The target name of this {@code Permission} specifies a pair of
  42  * kerberos service principals. The first is the subordinate service principal
  43  * being entrusted to use the TGT. The second service principal designates
  44  * the target service the subordinate service principal is to
  45  * interact with on behalf of the initiating KerberosPrincipal. This
  46  * latter service principal is specified to restrict the use of a
  47  * proxiable ticket.
  48  * <p>
  49  * For example, to specify the "host" service use of a forwardable TGT the
  50  * target permission is specified as follows:
  51  *
  52  * <pre>
  53  *  DelegationPermission("\"host/foo.example.com@EXAMPLE.COM\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"");
  54  * </pre>
  55  * <p>
  56  * To give the "backup" service a proxiable nfs service ticket the target permission
  57  * might be specified:
  58  *
  59  * <pre>
  60  *  DelegationPermission("\"backup/bar.example.com@EXAMPLE.COM\" \"nfs/home.EXAMPLE.COM@EXAMPLE.COM\"");
  61  * </pre>
  62  *
  63  * @since 1.4
  64  */
  65 
  66 public final class DelegationPermission extends BasicPermission
  67     implements java.io.Serializable {
  68 
  69     private static final long serialVersionUID = 883133252142523922L;
  70 
  71     private transient String subordinate, service;
  72 
  73     /**
  74      * Create a new {@code DelegationPermission}
  75      * with the specified subordinate and target principals.
  76      *
  77      * <p>
  78      *