java.lang.Objectjava.security.Permission
java.security.BasicPermission
javax.security.auth.kerberos.DelegationPermission
public final class DelegationPermission
This class is used to restrict the usage of the Kerberos delegation model, ie: forwardable and proxiable tickets.
The target name of this Permission specifies a pair of kerberos service principals. The first is the subordinate service principal being entrusted to use the TGT. The second service principal designates the target service the subordinate service principal is to interact with on behalf of the initiating KerberosPrincipal. This latter service principal is specified to restrict the use of a proxiable ticket.
For example, to specify the "host" service use of a forwardable TGT the target permission is specified as follows:
DelegationPermission("\"host/foo.example.com@EXAMPLE.COM\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"");
To give the "backup" service a proxiable nfs service ticket the target permission might be specified:
DelegationPermission("\"backup/bar.example.com@EXAMPLE.COM\" \"nfs/home.EXAMPLE.COM@EXAMPLE.COM\"");
Constructor Summary | |
---|---|
DelegationPermission
(
String
principals) Create a new DelegationPermission with the specified subordinate and target principals. |
|
DelegationPermission
(
String
principals,
String
actions) Create a new DelegationPermission with the specified subordinate and target principals. |
Method Summary | |
---|---|
boolean |
equals
(
Object
obj) Checks two DelegationPermission objects for equality. |
int |
hashCode
() Returns the hash code value for this object. |
boolean |
implies
(
Permission
p) Checks if this Kerberos delegation permission object "implies" the specified permission. |
PermissionCollection |
newPermissionCollection
() Returns a PermissionCollection object for storing DelegationPermission objects. |
Methods inherited from class java.security. BasicPermission |
---|
getActions |
Methods inherited from class java.security. Permission |
---|
checkGuard , getName , toString |
Methods inherited from class java.lang. Object |
---|
clone , finalize , getClass , notify , notifyAll , wait , wait , wait |
Constructor Detail |
---|
public DelegationPermission(String principals)
public DelegationPermission(String principals, String actions)
Method Detail |
---|
public boolean implies(Permission p)
If none of the above are true, implies returns false.
public boolean equals(Object obj)
public int hashCode()
public PermissionCollection newPermissionCollection()