31 import java.security.PermissionCollection; 32 import java.io.ObjectStreamField; 33 import java.io.ObjectOutputStream; 34 import java.io.ObjectInputStream; 35 import java.io.IOException; 36 37 /** 38 * This class is used to restrict the usage of the Kerberos 39 * delegation model, ie: forwardable and proxiable tickets. 40 * <p> 41 * The target name of this {@code Permission} specifies a pair of 42 * kerberos service principals. The first is the subordinate service principal 43 * being entrusted to use the TGT. The second service principal designates 44 * the target service the subordinate service principal is to 45 * interact with on behalf of the initiating KerberosPrincipal. This 46 * latter service principal is specified to restrict the use of a 47 * proxiable ticket. 48 * <p> 49 * For example, to specify the "host" service use of a forwardable TGT the 50 * target permission is specified as follows: 51 * <p> 52 * <pre> 53 * DelegationPermission("\"host/foo.example.com@EXAMPLE.COM\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\""); 54 * </pre> 55 * <p> 56 * To give the "backup" service a proxiable nfs service ticket the target permission 57 * might be specified: 58 * <p> 59 * <pre> 60 * DelegationPermission("\"backup/bar.example.com@EXAMPLE.COM\" \"nfs/home.EXAMPLE.COM@EXAMPLE.COM\""); 61 * </pre> 62 * 63 * @since 1.4 64 */ 65 66 public final class DelegationPermission extends BasicPermission 67 implements java.io.Serializable { 68 69 private static final long serialVersionUID = 883133252142523922L; 70 71 private transient String subordinate, service; 72 73 /** 74 * Create a new {@code DelegationPermission} 75 * with the specified subordinate and target principals. 76 * 77 * <p> 78 * | 31 import java.security.PermissionCollection; 32 import java.io.ObjectStreamField; 33 import java.io.ObjectOutputStream; 34 import java.io.ObjectInputStream; 35 import java.io.IOException; 36 37 /** 38 * This class is used to restrict the usage of the Kerberos 39 * delegation model, ie: forwardable and proxiable tickets. 40 * <p> 41 * The target name of this {@code Permission} specifies a pair of 42 * kerberos service principals. The first is the subordinate service principal 43 * being entrusted to use the TGT. The second service principal designates 44 * the target service the subordinate service principal is to 45 * interact with on behalf of the initiating KerberosPrincipal. This 46 * latter service principal is specified to restrict the use of a 47 * proxiable ticket. 48 * <p> 49 * For example, to specify the "host" service use of a forwardable TGT the 50 * target permission is specified as follows: 51 * 52 * <pre> 53 * DelegationPermission("\"host/foo.example.com@EXAMPLE.COM\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\""); 54 * </pre> 55 * <p> 56 * To give the "backup" service a proxiable nfs service ticket the target permission 57 * might be specified: 58 * 59 * <pre> 60 * DelegationPermission("\"backup/bar.example.com@EXAMPLE.COM\" \"nfs/home.EXAMPLE.COM@EXAMPLE.COM\""); 61 * </pre> 62 * 63 * @since 1.4 64 */ 65 66 public final class DelegationPermission extends BasicPermission 67 implements java.io.Serializable { 68 69 private static final long serialVersionUID = 883133252142523922L; 70 71 private transient String subordinate, service; 72 73 /** 74 * Create a new {@code DelegationPermission} 75 * with the specified subordinate and target principals. 76 * 77 * <p> 78 * |