The Subject class is the key abstraction of the JAAS API. It represents a person or other entity, and consists of:
Subject defines methods that allow you to retreive each of these three sets, or to retreive a subset of each set that contains only objects of a specified Class . Unless the Subject is read-only, you can use the methods of java.util.Set to modify each of the three sets. Once setReadOnly( ) has been called, however, the sets become immutable and their contents may not be modified. Application code does not typically create Subject objects itself. Instead, it obtains a Subject that represents the authenticated user of the application by calling the login( ) and getSubject( ) methods of a javax.security.auth.login.LoginContext object. Once an authenticated Subject has been obtained from a LoginContext , an application can call the doAs( ) method to run code using the permissions granted to that Subject combined with the permissions granted to the code itself. doAs( ) runs the code defined in the run( ) method of a PrivilegedAction or PrivilegedExceptionAction object. doAsPrivileged( ) is a similar method but executes the specified run( ) method using the Subject's permissions only, unconstrained by unprivileged code in the call stack. Note that many of the methods of this class throw a SecurityException if the caller has not been granted the requisite AuthPermission . Figure 19-4. javax.security.auth.Subjectpublic final class Subject implements Serializable { // Public Constructors public Subject ( ); public Subject (boolean readOnly , java.util.Set<? extends java.security.Principal> principals , java.util.Set<?> pubCredentials , java.util.Set<?> privCredentials ); // Public Class Methods public static Object doAs (Subject subject , java.security.PrivilegedExceptionAction action ) throws java.security.PrivilegedActionException; public static Object doAs (Subject subject , java.security.PrivilegedAction action ); public static Object doAsPrivileged (Subject subject , java.security. PrivilegedExceptionAction action , java.security.AccessControlContext acc ) throws java.security.PrivilegedActionException; public static Object doAsPrivileged (Subject subject , java.security.PrivilegedAction action , java.security.AccessControlContext acc ); public static Subject getSubject (java.security.AccessControlContext acc ); // Public Instance Methods public java.util.Set<java.security.Principal> getPrincipals ( ); public <T extends java.security.Principal> java.util.Set<T> getPrincipals (Class<T> c ); public java.util.Set<Object> getPrivateCredentials ( ); public <T> java.util.Set<T> getPrivateCredentials (Class<T> c ); public java.util.Set<Object> getPublicCredentials ( ); public <T> java.util.Set<T> getPublicCredentials (Class<T> c ); public boolean isReadOnly ( ); default:false public void setReadOnly ( ); // Public Methods Overriding Object public boolean equals (Object o ); public int hashCode ( ); public String toString ( ); } Passed Tojava.security.AuthProvider.login( ) , javax.security.auth.Policy.getPermissions( ) , SubjectDomainCombiner.SubjectDomainCombiner( ) , javax.security.auth.login.LoginContext.LoginContext( ) , javax.security.auth.spi.LoginModule.initialize( ) Returned BySubjectDomainCombiner.getSubject( ) , javax.security.auth.login.LoginContext.getSubject( ) |