src/share/classes/javax/security/auth/login/LoginContext.java
Print this page
*** 99,113 ****
* <li> {@code Subject}
* <ul>
* <li> If the constructor has a Subject
* input parameter, the LoginContext uses the caller-specified
* Subject object.
! * <p>
* <li> If the caller specifies a {@code null} Subject
* and a {@code null} value is permitted,
* the LoginContext instantiates a new Subject.
! * <p>
* <li> If the constructor does <b>not</b> have a Subject
* input parameter, the LoginContext instantiates a new Subject.
* <p>
* </ul>
*
--- 99,113 ----
* <li> {@code Subject}
* <ul>
* <li> If the constructor has a Subject
* input parameter, the LoginContext uses the caller-specified
* Subject object.
! *
* <li> If the caller specifies a {@code null} Subject
* and a {@code null} value is permitted,
* the LoginContext instantiates a new Subject.
! *
* <li> If the constructor does <b>not</b> have a Subject
* input parameter, the LoginContext instantiates a new Subject.
* <p>
* </ul>
*
*** 130,149 ****
* If the Configuration has no entries for the specified <i>name</i>,
* then the {@code LoginContext} calls
* {@code getAppConfigurationEntry} with the name, "<i>other</i>"
* (the default entry name). If there is no entry for "<i>other</i>",
* then a {@code LoginException} is thrown.
! * <p>
* <li> When LoginContext uses the installed Configuration, the caller
* requires the createLoginContext.<em>name</em> and possibly
* createLoginContext.other AuthPermissions. Furthermore, the
* LoginContext will invoke configured modules from within an
* {@code AccessController.doPrivileged} call so that modules that
* perform security-sensitive tasks (such as connecting to remote hosts,
* and updating the Subject) will require the respective permissions, but
* the callers of the LoginContext will not require those permissions.
! * <p>
* <li> When LoginContext uses a caller-specified Configuration, the caller
* does not require any createLoginContext AuthPermission. The LoginContext
* saves the {@code AccessControlContext} for the caller,
* and invokes the configured modules from within an
* {@code AccessController.doPrivileged} call constrained by that context.
--- 130,149 ----
* If the Configuration has no entries for the specified <i>name</i>,
* then the {@code LoginContext} calls
* {@code getAppConfigurationEntry} with the name, "<i>other</i>"
* (the default entry name). If there is no entry for "<i>other</i>",
* then a {@code LoginException} is thrown.
! *
* <li> When LoginContext uses the installed Configuration, the caller
* requires the createLoginContext.<em>name</em> and possibly
* createLoginContext.other AuthPermissions. Furthermore, the
* LoginContext will invoke configured modules from within an
* {@code AccessController.doPrivileged} call so that modules that
* perform security-sensitive tasks (such as connecting to remote hosts,
* and updating the Subject) will require the respective permissions, but
* the callers of the LoginContext will not require those permissions.
! *
* <li> When LoginContext uses a caller-specified Configuration, the caller
* does not require any createLoginContext AuthPermission. The LoginContext
* saves the {@code AccessControlContext} for the caller,
* and invokes the configured modules from within an
* {@code AccessController.doPrivileged} call constrained by that context.
*** 156,166 ****
* <li> {@code CallbackHandler}
* <ul>
* <li> If the constructor has a CallbackHandler
* input parameter, the LoginContext uses the caller-specified
* CallbackHandler object.
! * <p>
* <li> If the constructor does <b>not</b> have a CallbackHandler
* input parameter, or if the caller specifies a {@code null}
* CallbackHandler object (and a {@code null} value is permitted),
* the LoginContext queries the
* {@code auth.login.defaultCallbackHandler} security property for the
--- 156,166 ----
* <li> {@code CallbackHandler}
* <ul>
* <li> If the constructor has a CallbackHandler
* input parameter, the LoginContext uses the caller-specified
* CallbackHandler object.
! *
* <li> If the constructor does <b>not</b> have a CallbackHandler
* input parameter, or if the caller specifies a {@code null}
* CallbackHandler object (and a {@code null} value is permitted),
* the LoginContext queries the
* {@code auth.login.defaultCallbackHandler} security property for the
*** 169,179 ****
* then the underlying modules will not have a
* CallbackHandler for use in communicating
* with users. The caller thus assumes that the configured
* modules have alternative means for authenticating the user.
*
! * <p>
* <li> When the LoginContext uses the installed Configuration (instead of
* a caller-specified Configuration, see above),
* then this LoginContext must wrap any
* caller-specified or default CallbackHandler implementation
* in a new CallbackHandler implementation
--- 169,179 ----
* then the underlying modules will not have a
* CallbackHandler for use in communicating
* with users. The caller thus assumes that the configured
* modules have alternative means for authenticating the user.
*
! *
* <li> When the LoginContext uses the installed Configuration (instead of
* a caller-specified Configuration, see above),
* then this LoginContext must wrap any
* caller-specified or default CallbackHandler implementation
* in a new CallbackHandler implementation