javax.security.auth.kerberos
Class DelegationPermission
- java.lang.Object
java.security.Permission
java.security.BasicPermission
javax.security.auth.kerberos.DelegationPermission
All implemented interfaces:
java.io.Serializable, java.security.Guard
- public final class DelegationPermission
- extends java.security.BasicPermission
- implements java.io.Serializable
The target name of this Permission
specifies a pair of
kerberos service principals. The first is the subordinate service principal
being entrusted to use the TGT. The second service principal designates
the target service the subordinate service principal is to interact with on
behalf of the initiating KerberosPrincipal. This latter service principal
is specified to restrict the use of a proxiable ticket.
For example, to specify the "host" service use of a forwardable TGT the target permission is specified as follows:
DelegationPermission("\"host/foo.example.com@EXAMPLE.COM\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"");
To give the "backup" service a proxiable nfs service ticket the target permission might be specified:
DelegationPermission("\"backup/bar.example.com@EXAMPLE.COM\" \"nfs/home.EXAMPLE.COM@EXAMPLE.COM\"");
Since:
JDK1.4
See Also:
Constructor Summary
Constructor and Description |
---|
DelegationPermission(java.lang.String principals)
Create a new
DelegationPermission with the specified
subordinate and target principals.
|
DelegationPermission(java.lang.String principals,java.lang.String actions)
Create a new
DelegationPermission with the specified
subordinate and target principals.
|
Method Summary
Modifier and Type | Method and Description |
---|---|
|
equals(java.lang.Object obj)
Checks two DelegationPermission objects for equality.
|
|
hashCode()
Returns the hash code value for this object.
|
|
implies(java.security.Permission p)
Checks if this Kerberos delegation permission object "implies" the
specified permission.
|
|
newPermissionCollection()
Returns a PermissionCollection object for storing DelegationPermission
objects.
|
Methods inherited from class java.security.BasicPermission |
---|
getActions |
Methods inherited from class java.security.Permission |
---|
checkGuard, getName, toString |
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail
DelegationPermission
- public DelegationPermission(java.lang.String principals)
Parameters:
principals
- the name of the subordinate and target principals DelegationPermission
- public DelegationPermission(java.lang.String principals,
- java.lang.String actions)
Create a new
DelegationPermission
with the specified
subordinate and target principals.
Parameters:
principals
- the name of the subordinate and target principals
actions
- should be null. Method Detail
implies
- public boolean implies(java.security.Permission p)
Checks if this Kerberos delegation permission object "implies" the
specified permission.
If none of the above are true, implies
returns false.
Overrides:
implies
in class java.security.BasicPermission
Parameters:
p
- the permission to check against. Returns:
true if the specified permission is implied by this object,
false if not.
equals
- public boolean equals(java.lang.Object obj)
Checks two DelegationPermission objects for equality.
Overrides:
equals
in class java.security.BasicPermission
Parameters:
obj
- the object to test for equality with this object. Returns:
true if obj is a DelegationPermission, and has the same
subordinate and service principal as this. DelegationPermission
object.
hashCode
- public int hashCode()
Returns the hash code value for this object.
Overrides:
hashCode
in class java.security.BasicPermission
Returns:
a hash code value for this object.
newPermissionCollection
- public java.security.PermissionCollection newPermissionCollection( )
Returns a PermissionCollection object for storing DelegationPermission
objects.
DelegationPermission objects must be stored in a manner that allows them to be inserted into the collection in any order, but that also enables the PermissionCollection implies method to be implemented in an efficient (and consistent) manner.
DelegationPermission objects must be stored in a manner that allows them to be inserted into the collection in any order, but that also enables the PermissionCollection implies method to be implemented in an efficient (and consistent) manner.
Overrides:
newPermissionCollection
in class java.security.BasicPermission
Returns:
a new PermissionCollection object suitable for storing
DelegationPermissions.
DelegationPermission
with the specified subordinate and target principals.