1 /*
2 * Copyright (c) 1998, 2005, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package javax.security.auth;
27
28 /**
29 * This class is for authentication permissions.
30 * An AuthPermission contains a name
31 * (also referred to as a "target name")
32 * but no actions list; you either have the named permission
33 * or you don't.
34 *
35 * <p> The target name is the name of a security configuration parameter
36 * (see below). Currently the AuthPermission object is used to
37 * guard access to the Policy, Subject, LoginContext,
38 * and Configuration objects.
39 *
40 * <p> The possible target names for an Authentication Permission are:
41 *
42 * <pre>
43 * doAs - allow the caller to invoke the
44 * <code>Subject.doAs</code> methods.
45 *
46 * doAsPrivileged - allow the caller to invoke the
47 * <code>Subject.doAsPrivileged</code> methods.
48 *
49 * getSubject - allow for the retrieval of the
50 * Subject(s) associated with the
51 * current Thread.
52 *
53 * getSubjectFromDomainCombiner - allow for the retrieval of the
54 * Subject associated with the
55 * a <code>SubjectDomainCombiner</code>.
56 *
57 * setReadOnly - allow the caller to set a Subject
58 * to be read-only.
59 *
60 * modifyPrincipals - allow the caller to modify the <code>Set</code>
61 * of Principals associated with a
62 * <code>Subject</code>
63 *
64 * modifyPublicCredentials - allow the caller to modify the
65 * <code>Set</code> of public credentials
66 * associated with a <code>Subject</code>
67 *
68 * modifyPrivateCredentials - allow the caller to modify the
69 * <code>Set</code> of private credentials
70 * associated with a <code>Subject</code>
71 *
72 * refreshCredential - allow code to invoke the <code>refresh</code>
73 * method on a credential which implements
74 * the <code>Refreshable</code> interface.
75 *
76 * destroyCredential - allow code to invoke the <code>destroy</code>
77 * method on a credential <code>object</code>
78 * which implements the <code>Destroyable</code>
79 * interface.
80 *
81 * createLoginContext.{name} - allow code to instantiate a
82 * <code>LoginContext</code> with the
83 * specified <i>name</i>. <i>name</i>
84 * is used as the index into the installed login
85 * <code>Configuration</code>
86 * (that returned by
87 * <code>Configuration.getConfiguration()</code>).
88 * <i>name</i> can be wildcarded (set to '*')
89 * to allow for any name.
90 *
91 * getLoginConfiguration - allow for the retrieval of the system-wide
92 * login Configuration.
93 *
94 * createLoginConfiguration.{type} - allow code to obtain a Configuration
95 * object via
96 * <code>Configuration.getInstance</code>.
97 *
98 * setLoginConfiguration - allow for the setting of the system-wide
99 * login Configuration.
100 *
101 * refreshLoginConfiguration - allow for the refreshing of the system-wide
102 * login Configuration.
103 * </pre>
104 *
105 * <p> The following target name has been deprecated in favor of
106 * <code>createLoginContext.{name}</code>.
107 *
108 * <pre>
109 * createLoginContext - allow code to instantiate a
110 * <code>LoginContext</code>.
111 * </pre>
112 *
113 * <p> <code>javax.security.auth.Policy</code> has been
114 * deprecated in favor of <code>java.security.Policy</code>.
115 * Therefore, the following target names have also been deprecated:
116 *
117 * <pre>
118 * getPolicy - allow the caller to retrieve the system-wide
119 * Subject-based access control policy.
120 *
121 * setPolicy - allow the caller to set the system-wide
122 * Subject-based access control policy.
123 *
124 * refreshPolicy - allow the caller to refresh the system-wide
125 * Subject-based access control policy.
126 * </pre>
127 *
128 */
129 public final class AuthPermission extends
130 java.security.BasicPermission {
131
132 private static final long serialVersionUID = 5806031445061587174L;
133
134 /**
135 * Creates a new AuthPermission with the specified name.
136 * The name is the symbolic name of the AuthPermission.
137 *
138 * <p>
139 *
140 * @param name the name of the AuthPermission
141 *
142 * @throws NullPointerException if <code>name</code> is <code>null</code>.
143 * @throws IllegalArgumentException if <code>name</code> is empty.
144 */
145 public AuthPermission(String name) {
146 // for backwards compatibility --
147 // createLoginContext is deprecated in favor of createLoginContext.*
148 super("createLoginContext".equals(name) ?
149 "createLoginContext.*" : name);
150 }
151
152 /**
153 * Creates a new AuthPermission object with the specified name.
154 * The name is the symbolic name of the AuthPermission, and the
155 * actions String is currently unused and should be null.
156 *
157 * <p>
158 *
159 * @param name the name of the AuthPermission <p>
160 *
161 * @param actions should be null.
162 *
163 * @throws NullPointerException if <code>name</code> is <code>null</code>.
164 * @throws IllegalArgumentException if <code>name</code> is empty.
165 */
166 public AuthPermission(String name, String actions) {
167 // for backwards compatibility --
168 // createLoginContext is deprecated in favor of createLoginContext.*
169 super("createLoginContext".equals(name) ?
170 "createLoginContext.*" : name, actions);
171 }
172 }