Package javax.security.auth

Class Subject

  • All Implemented Interfaces:
    Serializable
    public final class Subject
extends Object
implements Serializable
    The central class of the javax.security.auth package representing an authenticated user or entity (both referred to as "subject"). IT defines also the static methods that allow code to be run, and do modifications according to the subject's permissions.

    A subject has the following features:

    • A set of Principal objects specifying the identities bound to a Subject that distinguish it.
    • Credentials (public and private) such as certificates, keys, or authentication proofs such as tickets
    See Also:
    Serialized Form

    • Constructor Detail

      • Subject

        public Subject()
        The default constructor initializing the sets of public and private credentials and principals with the empty set.

      • Subject

        public Subject​(boolean readOnly,
               Set<? extends Principal> subjPrincipals,
               Set<?> pubCredentials,
               Set<?> privCredentials)
        The constructor for the subject, setting its public and private credentials and principals according to the arguments.
        Parameters:
        readOnly - true if this Subject is read-only, thus preventing any modifications to be done.
        subjPrincipals - the set of Principals that are attributed to this Subject.
        pubCredentials - the set of public credentials that distinguish this Subject.
        privCredentials - the set of private credentials that distinguish this Subject.

    • Method Detail

      • doAs

        public static <T> T doAs​(Subject subject,
                         PrivilegedAction<T> action)
        Runs the code defined by action using the permissions granted to the Subject itself and to the code as well.
        Parameters:
        subject - the distinguished Subject.
        action - the code to be run.
        Returns:
        the Object returned when running the action.

      • doAsPrivileged

        public static <T> T doAsPrivileged​(Subject subject,
                                   PrivilegedAction<T> action,
                                   AccessControlContext context)
        Run the code defined by action using the permissions granted to the Subject and to the code itself, additionally providing a more specific context.
        Parameters:
        subject - the distinguished Subject.
        action - the code to be run.
        context - the specific context in which the action is invoked. if null a new AccessControlContext is instantiated.
        Returns:
        the Object returned when running the action.

      • doAs

        public static <T> T doAs​(Subject subject,
                         PrivilegedExceptionAction<T> action)
                  throws PrivilegedActionException
        Runs the code defined by action using the permissions granted to the subject and to the code itself.
        Parameters:
        subject - the distinguished Subject.
        action - the code to be run.
        Returns:
        the Object returned when running the action.
        Throws:
        PrivilegedActionException - if running the action throws an exception.

      • doAsPrivileged

        public static <T> T doAsPrivileged​(Subject subject,
                                   PrivilegedExceptionAction<T> action,
                                   AccessControlContext context)
                            throws PrivilegedActionException
        Runs the code defined by action using the permissions granted to the subject and to the code itself, additionally providing a more specific context.
        Parameters:
        subject - the distinguished Subject.
        action - the code to be run.
        context - the specific context in which the action is invoked. if null a new AccessControlContext is instantiated.
        Returns:
        the Object returned when running the action.
        Throws:
        PrivilegedActionException - if running the action throws an exception.

      • equals

        public boolean equals​(Object obj)
        Checks two Subjects for equality. More specifically if the principals, public and private credentials are equal, equality for two Subjects is implied.
        Overrides:
        equals in class Object
        Parameters:
        obj - the Object checked for equality with this Subject.
        Returns:
        true if the specified Subject is equal to this one.
        See Also:
        Object.hashCode()

      • getPrincipals

        public <T extends PrincipalSet<T> getPrincipals​(Class<T> c)
        Returns this Subject's Principal which is a subclass of the Class provided.
        Parameters:
        c - the Class as a criteria which the Principal returned must satisfy.
        Returns:
        this Subject's Principal. Modifications to the returned set of Principals do not affect this Subject's set.

      • getPrivateCredentials

        public Set<Object> getPrivateCredentials()
        Returns the private credentials associated with this Subject.
        Returns:
        the private credentials associated with this Subject.

      • getPrivateCredentials

        public <T> Set<T> getPrivateCredentials​(Class<T> c)
        Returns this Subject's private credentials which are a subclass of the Class provided.
        Parameters:
        c - the Class as a criteria which the private credentials returned must satisfy.
        Returns:
        this Subject's private credentials. Modifications to the returned set of credentials do not affect this Subject's credentials.

      • getPublicCredentials

        public Set<Object> getPublicCredentials()
        Returns the public credentials associated with this Subject.
        Returns:
        the public credentials associated with this Subject.

      • getPublicCredentials

        public <T> Set<T> getPublicCredentials​(Class<T> c)
        Returns this Subject's public credentials which are a subclass of the Class provided.
        Parameters:
        c - the Class as a criteria which the public credentials returned must satisfy.
        Returns:
        this Subject's public credentials. Modifications to the returned set of credentials do not affect this Subject's credentials.

      • setReadOnly

        public void setReadOnly()
        Prevents from modifications being done to the credentials and Principal sets. After setting it to read-only this Subject can not be made writable again. The destroy method on the credentials still works though.

      • isReadOnly

        public boolean isReadOnly()
        Returns whether this Subject is read-only or not.
        Returns:
        whether this Subject is read-only or not.

      • toString

        public String toString()
        Returns a String representation of this Subject.
        Overrides:
        toString in class Object
        Returns:
        a String representation of this Subject.

      • getSubject

        public static Subject getSubject​(AccessControlContext context)
        Returns the Subject that was last associated with the context provided as argument.
        Parameters:
        context - the context that was associated with the Subject.
        Returns:
        the Subject that was last associated with the context provided as argument.