Name
Subject
Synopsis
The
Subject class is the
key abstraction of the JAAS API. It represents a person or other
entity, and consists of:
a
java.util.SetofPrincipalobjects that specify the identity (or identities) of theSubject.a
Setof objects that specify the public credentials, such as the public key certificates of theSubject.a
Setof objects that specify the private credentials, such as the private keys and Kerberos tickets of theSubject.
Subject defines methods that allow you to retreive
each of these three sets, or to retreive a subset of each set that
contains only objects of a specified Class. Unless
the Subject is read-only, you can use the methods
of java.util.Set to modify each of the three sets.
Once setReadOnly( ) has been called, however, the
sets become immutable and their contents may not be modified.
Application code does not typically create Subject
objects itself. Instead, it obtains a Subject that
represents the authenticated user of the application by calling the
login( )
and getSubject(
) methods of a
javax.security.auth.login.LoginContext object.
Once an authenticated Subject has been obtained
from a LoginContext, an application can call the
doAs( ) method to run code using the permissions
granted to that Subject combined with the
permissions granted to the code itself. doAs( )
runs the code defined in the run( ) method of a
PrivilegedAction or
PrivilegedExceptionAction object.
doAsPrivileged( ) is a similar method but executes
the specified run( ) method ...
Get Java in a Nutshell, 5th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
