Identities and Access Control
The Identity
class represents an agent within the
Security API. Identity implements the
Principal
interface, which is a generic
representation of a person, group, or other named entity. An
Identity has a name, which it inherits from the
Principal interface, and other information that
verifies the identity of the agent (a public key and assorted
certificates, for example). A Signer is a
subclass of Identity that also includes a
private key that can be used to sign data. We’ll discuss public
and private keys and how they are created in more detail later in the
chapter.
An Identity is created using a name for the agent
being represented:
Identity fredsID = new Identity("Fred");A public key and any available certificates can be added to Fred’s identity to support the validity of his identity:
PublicKey fredsKey = ... // Get Fred's key Certificate fredsCert = ... // Get Fred's certificate Certificate fredsRSACert = ... // Get another certificate for Fred fredsID.setPublicKey(fredsKey); fredsID.addCertificate(fredsCert); fredsID.addCertificate(fredsRSACert);
If we are also able to sign data using Fred’s identity, then
we’ll also have a private key for Fred, and we can create a
Signer object for him:
Signer signingFred = new Signer("Fred");
PrivateKey fredsSigningKey = ... // Get Fred's private key
PublicKey fredsPublicKey = ... // Get Fred's public key
signingFred.setKeyPair(new KeyPair(fredsPublicKey, fredsSigning Key));;Access Control Lists
The java.security.acl ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access