java.lang.Object
java.security.Permission
java.security.BasicPermission
javax.security.auth.kerberos.DelegationPermission
- All Implemented Interfaces:
Serializable,Guard
This class is used to restrict the usage of the Kerberos
delegation model, ie: forwardable and proxiable tickets.
The target name of this Permission specifies a pair of
kerberos service principals. The first is the subordinate service principal
being entrusted to use the TGT. The second service principal designates
the target service the subordinate service principal is to
interact with on behalf of the initiating KerberosPrincipal. This
latter service principal is specified to restrict the use of a
proxiable ticket.
For example, to specify the "host" service use of a forwardable TGT the target permission is specified as follows:
DelegationPermission("\"host/foo.example.com@EXAMPLE.COM\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"");
To give the "backup" service a proxiable nfs service ticket the target permission might be specified:
DelegationPermission("\"backup/bar.example.com@EXAMPLE.COM\" \"nfs/home.EXAMPLE.COM@EXAMPLE.COM\"");
- Since:
- 1.4
- See Also:
-
Constructor Summary
ConstructorsConstructorDescriptionDelegationPermission(String principals) Create a newDelegationPermissionwith the specified subordinate and target principals.DelegationPermission(String principals, String actions) Create a newDelegationPermissionwith the specified subordinate and target principals. -
Method Summary
Modifier and TypeMethodDescriptionbooleanChecks two DelegationPermission objects for equality.inthashCode()Returns the hash code value for this object.booleanChecks if this Kerberos delegation permission object "implies" the specified permission.Returns a PermissionCollection object for storing DelegationPermission objects.Methods declared in class java.security.BasicPermission
getActionsMethods declared in class java.security.Permission
checkGuard, getName, toString
-
Constructor Details
-
DelegationPermission
Create a newDelegationPermissionwith the specified subordinate and target principals.- Parameters:
principals- the name of the subordinate and target principals- Throws:
NullPointerException- ifprincipalsisnull.IllegalArgumentException- ifprincipalsis empty, or does not contain a pair of principals, or is improperly quoted
-
DelegationPermission
Create a newDelegationPermissionwith the specified subordinate and target principals.- Parameters:
principals- the name of the subordinate and target principalsactions- should be null.- Throws:
NullPointerException- ifprincipalsisnull.IllegalArgumentException- ifprincipalsis empty, or does not contain a pair of principals, or is improperly quoted
-
-
Method Details
-
implies
Checks if this Kerberos delegation permission object "implies" the specified permission.This method returns true if this
DelegationPermissionis equal top, and returns false otherwise.- Overrides:
impliesin classBasicPermission- Parameters:
p- the permission to check against.- Returns:
- true if the specified permission is implied by this object, false if not.
-
equals
Checks two DelegationPermission objects for equality.- Overrides:
equalsin classBasicPermission- Parameters:
obj- the object to test for equality with this object.- Returns:
- true if
objis a DelegationPermission, and has the same subordinate and service principal as this DelegationPermission object. - See Also:
-
hashCode
public int hashCode()Returns the hash code value for this object.- Overrides:
hashCodein classBasicPermission- Returns:
- the hash code value for this object
- See Also:
-
newPermissionCollection
Returns a PermissionCollection object for storing DelegationPermission objects.
DelegationPermission objects must be stored in a manner that allows them to be inserted into the collection in any order, but that also enables the PermissionCollection implies method to be implemented in an efficient (and consistent) manner.- Overrides:
newPermissionCollectionin classBasicPermission- Returns:
- a new PermissionCollection object suitable for storing DelegationPermissions.
-