Identities and Access Control

The Identity class represents an agent within the Security API. Identity implements the Principal interface, which is a generic representation of a person, group, or other named entity. An Identity has a name, which it inherits from the Principal interface, and other information that verifies the identity of the agent (a public key and assorted certificates, for example). A Signer is a subclass of Identity that also includes a private key that can be used to sign data. We’ll discuss public and private keys and how they are created in more detail later in the chapter.

An Identity is created using a name for the agent being represented:

Identity fredsID = new Identity("Fred");

A public key and any available certificates can be added to Fred’s identity to support the validity of his identity:

PublicKey fredsKey = ... // Get Fred's key
Certificate fredsCert = ... // Get Fred's certificate
Certificate fredsRSACert = ... // Get another certificate for Fred

If we are also able to sign data using Fred’s identity, then we’ll also have a private key for Fred, and we can create a Signer object for him:

Signer signingFred = new Signer("Fred");
PrivateKey fredsSigningKey = ... // Get Fred's private key
PublicKey fredsPublicKey = ... // Get Fred's public key
signingFred.setKeyPair(new KeyPair(fredsPublicKey, fredsSigning Key));;

Access Control Lists

The ...

Get Java Distributed Computing now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.