1 /*
   2  * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package javax.security.auth;
  27 
  28 /**
  29  * This class is for authentication permissions. An {@code AuthPermission}
  30  * contains a name (also referred to as a "target name") but no actions
  31  * list; you either have the named permission or you don't.
  32  *
  33  * <p> The target name is the name of a security configuration parameter
  34  * (see below).  Currently the {@code AuthPermission} object is used to
  35  * guard access to the {@link Policy}, {@link Subject},
  36  * {@link javax.security.auth.login.LoginContext}, and
  37  * {@link javax.security.auth.login.Configuration} objects.
  38  *
  39  * <p> The standard target names for an Authentication Permission are:
  40  *
  41  * <pre>
  42  *      doAs -                  allow the caller to invoke the
  43  *                              {@code Subject.doAs} methods.
  44  *
  45  *      doAsPrivileged -        allow the caller to invoke the
  46  *                              {@code Subject.doAsPrivileged} methods.
  47  *
  48  *      getSubject -            allow for the retrieval of the
  49  *                              Subject(s) associated with the
  50  *                              current Thread.
  51  *
  52  *      getSubjectFromDomainCombiner -  allow for the retrieval of the
  53  *                              Subject associated with the
  54  *                              a {@code SubjectDomainCombiner}.
  55  *

 104  * <p>Please note that granting this permission with the "modifyPrincipals",
 105  * "modifyPublicCredentials" or "modifyPrivateCredentials" target allows
 106  * a JAAS login module to populate principal or credential objects into
 107  * the Subject. Although reading information inside the private credentials
 108  * set requires a {@link PrivateCredentialPermission} of the credential type to
 109  * be granted, reading information inside the principals set and the public
 110  * credentials set requires no additional permission. These objects can contain
 111  * potentially sensitive information. For example, login modules that read
 112  * local user information or perform a Kerberos login are able to add
 113  * potentially sensitive information such as user ids, groups and domain names
 114  * to the principals set.
 115  *
 116  * <p> The following target name has been deprecated in favor of
 117  * {@code createLoginContext.{name}}.
 118  *
 119  * <pre>
 120  *      createLoginContext -    allow code to instantiate a
 121  *                              {@code LoginContext}.
 122  * </pre>
 123  *
 124  * <p> {@code javax.security.auth.Policy} has been
 125  * deprecated in favor of {@code java.security.Policy}.
 126  * Therefore, the following target names have also been deprecated:
 127  *
 128  * <pre>
 129  *      getPolicy -             allow the caller to retrieve the system-wide
 130  *                              Subject-based access control policy.
 131  *
 132  *      setPolicy -             allow the caller to set the system-wide
 133  *                              Subject-based access control policy.
 134  *
 135  *      refreshPolicy -         allow the caller to refresh the system-wide
 136  *                              Subject-based access control policy.
 137  * </pre>
 138  *
 139  * @implNote
 140  * Implementations may define additional target names, but should use naming
 141  * conventions such as reverse domain name notation to avoid name clashes.
 142  * @since 1.4
 143  */
 144 public final class AuthPermission extends
 145 java.security.BasicPermission {
 146 
 147     private static final long serialVersionUID = 5806031445061587174L;
 148 
 149     /**
 150      * Creates a new AuthPermission with the specified name.
 151      * The name is the symbolic name of the AuthPermission.
 152      *
 153      * @param name the name of the AuthPermission
 154      *
 155      * @throws NullPointerException if {@code name} is {@code null}.
 156      * @throws IllegalArgumentException if {@code name} is empty.
 157      */
 158     public AuthPermission(String name) {

   1 /*
   2  * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package javax.security.auth;
  27 
  28 /**
  29  * This class is for authentication permissions. An {@code AuthPermission}
  30  * contains a name (also referred to as a "target name") but no actions
  31  * list; you either have the named permission or you don't.
  32  *
  33  * <p> The target name is the name of a security configuration parameter
  34  * (see below).  Currently the {@code AuthPermission} object is used to
  35  * guard access to the {@link Subject},
  36  * {@link javax.security.auth.login.LoginContext}, and
  37  * {@link javax.security.auth.login.Configuration} objects.
  38  *
  39  * <p> The standard target names for an Authentication Permission are:
  40  *
  41  * <pre>
  42  *      doAs -                  allow the caller to invoke the
  43  *                              {@code Subject.doAs} methods.
  44  *
  45  *      doAsPrivileged -        allow the caller to invoke the
  46  *                              {@code Subject.doAsPrivileged} methods.
  47  *
  48  *      getSubject -            allow for the retrieval of the
  49  *                              Subject(s) associated with the
  50  *                              current Thread.
  51  *
  52  *      getSubjectFromDomainCombiner -  allow for the retrieval of the
  53  *                              Subject associated with the
  54  *                              a {@code SubjectDomainCombiner}.
  55  *

 104  * <p>Please note that granting this permission with the "modifyPrincipals",
 105  * "modifyPublicCredentials" or "modifyPrivateCredentials" target allows
 106  * a JAAS login module to populate principal or credential objects into
 107  * the Subject. Although reading information inside the private credentials
 108  * set requires a {@link PrivateCredentialPermission} of the credential type to
 109  * be granted, reading information inside the principals set and the public
 110  * credentials set requires no additional permission. These objects can contain
 111  * potentially sensitive information. For example, login modules that read
 112  * local user information or perform a Kerberos login are able to add
 113  * potentially sensitive information such as user ids, groups and domain names
 114  * to the principals set.
 115  *
 116  * <p> The following target name has been deprecated in favor of
 117  * {@code createLoginContext.{name}}.
 118  *
 119  * <pre>
 120  *      createLoginContext -    allow code to instantiate a
 121  *                              {@code LoginContext}.
 122  * </pre>
 123  *















 124  * @implNote
 125  * Implementations may define additional target names, but should use naming
 126  * conventions such as reverse domain name notation to avoid name clashes.
 127  * @since 1.4
 128  */
 129 public final class AuthPermission extends
 130 java.security.BasicPermission {
 131 
 132     private static final long serialVersionUID = 5806031445061587174L;
 133 
 134     /**
 135      * Creates a new AuthPermission with the specified name.
 136      * The name is the symbolic name of the AuthPermission.
 137      *
 138      * @param name the name of the AuthPermission
 139      *
 140      * @throws NullPointerException if {@code name} is {@code null}.
 141      * @throws IllegalArgumentException if {@code name} is empty.
 142      */
 143     public AuthPermission(String name) {