Java^TM .$BG'>Z!&>5G'%5!<%S%9.(J (JAAS)

.$B%j%U%!%l%s%9%,%$%I.(J

Java^TM 2 SDK, Standard Edition, v 1.4

: .$B$3$N%I%-%e%a%s%H$NBP>]FI
: .$B4XO"%I%-%e%a%s%H.(J

J2SDK, v 1.4 .$B$K$*$1$k.(J JAAS .$B$N?75!G=.(J

.$B%3%"%/%i%9$H%$%s%?%U%'!<%9.(J

.$B6&DL%/%i%9.(J

.$B%5%V%8%'%/%H.(J
.$B%W%j%s%7%Q%k.(J
.$B%/%l%G%s%7%c%k.(J

.$BG'>Z%/%i%9$H%$%s%?%U%'!<%9.(J

LoginContext
.$B%m%0%$%s%b%8%e!<%k.(J
CallbackHandler
Callback

.$B>5G'%/%i%9.(J

Policy
AuthPermission
PrivateCredentialPermission

JAAS .$B%A%e!<%H%j%"%k$H%5%s%W%k%W%m%0%i%`.(J

.$BIUO?.(J A: java.security .$B%;%-%e%j%F%#%W%m%Q%F%#%U%!%$%k$G$N.(J JAAS .$B@_Dj.(J

.$BIUO?.(J B: .$B%5%s%W%k%m%0%$%s9=@..(J

.$B$O$8$a$K.(J

.$BEv=i!".(JJava^TM .$BG'>Z!&>5G'%5!<%S%9.(J (Java^TM Authentication and Authorization Service: JAAS) .$B$O!".(JJava^TM 2 SDK, Standard Edition (J2SDK), v 1.3 .$B$N%*%W%7%g%s%Q%C%1!<%8.(J (.$B3HD%5!G=.(J) .$B$G$7$?!#.(J .$B8=:_!".(JJAAS .$B$O.(J J2SDK, v 1.4 .$B$KE}9g$5$l$F$$$^$9!#.(J
JAAS .$B$O!"
.$B%f!<%6$r!VG'>Z$9$k!W:]!"%3!<%I$,%"%W%j%1!<%7%g%s!"%"%W%l%C%H!".(JBean.$B!"$^$?$O%5!<%V%l%C%H$G$"$k$+$K4X78$J$/!".(JJava .$B%3!<%I$r
.$B%f!<%6$r!V>5G'$9$k!W:]!"F0:n$N
JAAS .$B$O!".(JJava .$B%P!<%8%g%s$NI8=`.(J Pluggable Authentication Module (PAM) .$B%U%l!<%`%o!<%/$r\:Y$K$D$$$F$O!".(J.$B!V.(JMaking Login Services Independent of Authentication Technologies.$B!W.(J.$B$r;2>H$7$F$/$@$5$$!#.(J
.$B$3$l$^$G!".(JJava 2 .$B$O!"%3!<%I%=!<%9%Y!<%9$N%"%/%;%9@)8f.(J (.$B%3!<%I$N=P=j$*$h$S=pL> JAAS .$BG'>Z$O!"!V%W%i%02DG=!WJ}<0$GZ5;=Q$+$iFHN)$7$F5!G=$7$^$9!#.(J .$B%"%W%j%1!<%7%g%sFb$G$O!"?75,$^$?$O99?7$5$l$?G'>Z5;=Q$r%W%i%0%$%s$H$7$F;HMQ$G$-$^$9!#%"%W%j%1!<%7%g%s$rJQ99$9$kI,MW$O$"$j$^$;$s!#.(J .$B%"%W%j%1!<%7%g%s$O!".(JLoginContext .$B%*%V%8%'%/%H$r%$%s%9%?%s%92=$9$k$3$H$K$h$j!"G'>Z%W%m%;%9$rM-8z$K$7$^$9!#0lJ}!".(JLoginContext .$B%*%V%8%'%/%H$O.(J Configuration .$B$r;2>H$7$F!";HMQ$9$kG'>Z5;=Q$^$?$O.(J LoginModule .$B$r7hDj$7$^$9!#.(J .$B0lHLE*$J%m%0%$%s%b%8%e!<%k$O!"%f!<%6L>$*$h$S%Q%9%o!<%I$NF~NO$rB%$7!"F~NO$5$l$?$b$N$r8!>Z$7$^$9!#.(J .$B2;@<$d;XLf$NFI$_Z$, .$B%3!<%I$rZ$5$l$k$H!".(JJAAS .$B>5G'%3%s%]!<%M%s%H$O%3%".(J Java .$B%"%/%;%9@)8f%b%G%k$HO"F0$7$F5!G=$7!"?5=E$JA`:n$NI,MW$J%j%=!<%9$X$N%"%/%;%9$rJ]8n$7$^$9!#.(J .$B%"%/%;%9@)8f$N7hDj$,%3!<%I0LCV$*$h$S%3!<%I=pL>CodeSource) .$B$N$_$K4p$E$/.(J J2SDK, v 1.3 .$B$H$O0[$J$j!".(JJ2SDK, v 1.4 .$B$G$O!"%"%/%;%9@)8f$N7hDj$O!"CodeSource .$B$*$h$S%3!<%I$rZ$K@.8y$7$?>l9g!"%m%0%$%s%b%8%e!<%k$O!"4XO"$9$k.(J Principal .$B$*$h$S%/%l%G%s%7%c%k$r;H$C$F.(J Subject .$B$r99?7$7$^$9!#.(J
.$B$3$N%I%-%e%a%s%H$NBP>]FI

.$B$3$N%I%-%e%a%s%H$O!".(JCodeSource .$B%Y!<%9$*$h$S.(J Subject .$B%Y!<%9$N%;%-%e%j%F%#%b%G%k$N@)Ls$re5i3+H/]$H$7$F$$$^$9!#.(J .$B%m%0%$%s%b%8%e!<%k3+H/Z5;=Q$r.$B!V.(JJAAS .$B%m%0%$%s%b%8%e!<%k3+H/ .$B$NA0$K$3$N%I%-%e%a%s%H$r$*FI$_$/$@$5$$!#.(J
.$B:G=i$K.(J .$B!V.(JJAAS .$BG'>Z!W.(J.$B$H.(J.$B!V.(JJAAS .$B>5G'!W.(J .$B$N.(J 2 .$B$D$N%A%e!<%H%j%"%k$G.(J JAAS .$B$N;HMQJ}K!$N35MW$HM-8z$J%5%s%W%k%3!<%I$r3NG'$7$?>e$G!"$3$N%I%-%e%a%s%H$+$i>\:Y>pJs$rF@$k$3$H$b$G$-$^$9!#.(J

.$B4XO"%I%-%e%a%s%H.(J

.$B$3$N%I%-%e%a%s%H$G$O!"FI
Java 2 .$B%;%-%e%j%F%#%"!<%-%F%/%A%c.(J

JAAS white paper

Java 2 .$B%;%-%e%j%F%#%A%e!<%H%j%"%k.(J
.$B!V.(JJAAS .$B%m%0%$%s%b%8%e!<%k3+H/.$B$O!"G'>Z5;=Q$r LoginModule .$B$r5-=R$9$kI,MW$,$"$k>e5i%W%m%0%i%^8~$1$N%I%-%e%a%s%H$G$"$j!"$3$N%I%-%e%a%s%H$NJdB-$H$7$FLrN)$A$^$9!#.(J
.$BI8=`.(J Pluggable Authentication Module (PAM) .$B%U%l!<%`%o!<%/.(J (JAAS .$B$O.(J Java .$B%P!<%8%g%s$N.(J PAM .$B$r\:Y>pJs$r.$B!V.(JMaking Login Services Independent of Authentication Technologies.$B!W.(J.$B$r;2>H$7$F$/$@$5$$!#.(J
.$B0J2<$N!V%A%e!<%H%j%"%k!W$O!".(JJASS .$BG'>Z$*$h$S>5G'$rMxMQ$9$k$9$Y$F$N%f!<%6$rBP>]$H$7$F$$$^$9!#.(J

.$B!V.(JJAAS .$BG'>Z%A%e!<%H%j%"%k!W.(J
.$B!V.(JJAAS .$B>5G'%A%e!<%H%j%"%k!W.(J

.$B0J2<$N%A%e!<%H%j%"%k$O!".(JJAAS .$BG'>Z$*$h$S>5G'%A%e!<%H%j%"%k$H;w$F$$$^$9$,!".(JKerberos .$B%m%0%$%s%b%8%e!<%k$N;HMQJ}K!$N2r@b$,4^$^$l$k$?$a!";HMQ$9$kA0$K.(J Kerberos .$B$r%$%s%9%H!<%k$9$kI,MW$,$"$j$^$9!#.(J

.$B!V.(JJAAS .$BG'>Z!W.(J
.$B!V.(JJAAS .$B>5G'!W.(J

.$B$3$N.(J 2 .$B$D$N%A%e!<%H%j%"%k$O!"G'>Z$H0BA4$JDL?.$N$?$a$N4pHW5;=Q$H$7$F.(J Kerberos .$B$rMxMQ$9$k.(J Java GSS-API .$B$*$h$S.(J JAAS .$B$N0lO"$N%A%e!<%H%j%"%k.(J.$B$K4^$^$l$F$$$^$9!#.(J

J2SDK, v 1.4 .$B$K$*$1$k.(J JAAS .$B$N?75!G=.(J

.$B0JA0$N%P!<%8%g%s$N.(J JAAS (JAAS 1.0) .$B$H!".(JJ2SDK, v 1.4 .$B$K4^$^$l$k.(J JAAS .$B$H$NAj0cE@$r!"0J2<$K<($7$^$9!#.(J

J2SDK .$B$,.(J JAAS .$B$rE}9g.(J

.$B?7$7$$%/%i%9$H%$%s%?%U%'!<%9.(J

.$BHs?d>)9`L\.(J

J2SDK .$B$,.(J JAAS .$B$rE}9g.(J

Java^TM 2 SDK, Standard Edition (J2SDK), .$B%P!<%8%g%s.(J 1.3.x .$B$G$O!".(JJAAS .$B$O%*%W%7%g%s%Q%C%1!<%8.(J (.$B3HD%5!G=.(J) .$B$G$7$?!#.(JJ2SDK, v 1.4 .$B$K$O!":#2s.(J JAAS .$B$,E}9g$5$l$^$7$?!#.(J JAAS .$B$O!"%f!<%6$NG'>Z$*$h$S%"%/%;%9@)8f$N .$B$3$NE}9g$K$h$j!"%7%9%F%`$N%;%-%e%j%F%#%]%j%7!<4XO"$,1F6A$rjava.security.Policy) .$B$rJ];}$7$F$$$^$7$?!#.(J .$B%*%W%7%g%s%Q%C%1!<%8$N.(J JAAS 1.0 .$B$G$O!".(JPrincipal .$B%Y!<%9$N%;%-%e%j%F%#%]%j%7!<.(J (javax.security.auth.Policy) .$B$,DI2CDs6!$5$l$F$$$^$7$?!#.(J .$B%3%".(J SDK .$B$X$NE}9g$K$h$j.(J SDK .$B%]%j%7!<$,M%@h$5$l$k$?$a!".(JJAAS .$B%]%j%7!<$OHs?d>)$K$J$j$^$7$?!#.(J
SDK Policy API .$B$,99?7$5$l!".(J Principal .$B%Y!<%9$N%/%(%j!<$r;HMQ$G$-$k$h$&$K$J$j$^$7$?!#$5$i$K!".(JPolicy .$B%j%U%!%l%s%9Principal .$B%Y!<%9$N.(J grant .$B%(%s%H%j$r;HMQ$G$-$k$h$&$K$J$j$^$7$?!#$3$l$i$N%(%s%H%j$K$O!".(JPrincipal .$B%U%#!<%k%I$,4^$^$l$F$$$k>l9g$,$"$j$^$9!#.(JPrincipal .$B%U%#!<%k%I$O!";XDj$N%"%/%;%98"$r;}$A!"%f!<%6$^$?$O;XDj$5$l$?.(J Principal .$B$GI=8=$5$l$k$=$NB>$N%(%s%F%#%F%#$r<($7!";XDj$5$l$?%3!<%I$rPolicy Tool .$B$b3HD%$5$l!".(JPrincipal .$B%U%#!<%k%I$rcom.sun.security.auth .$B%Q%C%1!<%8Fb$N.(J JAAS 1.0 Policy .$B%j%U%!%l%s%9)$K$J$j$^$7$?!#.(J
Policy .$B%j%U%!%l%s%9.$B%]%j%7!<.(J.$B$K$D$$$F$N%I%-%e%a%s%H$r;2>H$7$F$/$@$5$$!#.(J

.$B?7$7$$%/%i%9$H%$%s%?%U%'!<%9.(J

.$B
2 .$B$D$N%G%U%)%k%H$N.(J CallbackHandler .$B
com.sun.security.auth.callback.DialogCallbackHandler
com.sun.security.auth.callback.TextCallbackHandler

.$B?7$7$$.(J com.sun.security.auth.module.Krb5LoginModule

.$B?7$7$$.(J com.sun.security.auth.module.KeyStoreLoginModule

.$BHs?d>)9`L\.(J

.$B0J2<$K!"Hs?d>)9`L\$r<($7$^$9!#.(J

.$BHs?d>).(J

com.sun.security.auth.module.SolarisLoginModule
.$B?d>).(J

com.sun.security.auth.module.UnixLoginModule
.$B?75,.(J UnixLoginModule .$B$O!".(JSolaris .$B$H.(J Linux .$B$NN>J}$G;HMQ2DG=$G$9!#.(J

.$BHs?d>).(J

com.sun.security.auth.SolarisPrincipal
.$B?d>).(J

com.sun.security.auth.UnixPrincipal

.$BHs?d>).(J

com.sun.security.auth.SolarisNumericUserPrincipal
.$B?d>).(J

com.sun.security.auth.UnixNumericUserPrincipal

.$BHs?d>).(J

com.sun.security.auth.SolarisNumericGroupPrincipal
.$B?d>).(J

com.sun.security.auth.UnixNumericGroupPrincipal

.$BHs?d>).(J

com.sun.security.auth.X500Principal
.$B?d>).(J

javax.security.auth.x500.X500Principal

javax.security.auth.AuthPermission .$B%?!<%2%C%HL>$NHs?d>).(J

"createLoginContext"
.$B?d>).(J

"createLoginContext.{configuration entry name}"

.$B%3%"%/%i%9$H%$%s%?%U%'!<%9.(J

JAAS .$B4XO"%3%"%/%i%9$*$h$S%$%s%?%U%'!<%9$O!"6&DL%/%i%9!"G'>Z%/%i%9!"$*$h$S>5G'%/%i%9$N.(J 3 .$B$D$N%+%F%4%j$KJ,N`$G$-$^$9!#.(J

.$B6&DL%/%i%9.(J

Subject.$B!".(JPrincipal.$B!".(JCredential (.$BG$0U$N%*%V%8%'%/%H.(J)

.$BG'>Z%/%i%9$H%$%s%?%U%'!<%9.(J

LoginContext.$B!".(JLoginModule.$B!".(JCallbackHandler.$B!".(JCallback

.$B>5G'%/%i%9.(J

Policy.$B!".(JAuthPermission.$B!".(JPrivateCredentialPermission

.$B6&DL%/%i%9.(J

.$B6&DL%/%i%9$O!".(JJAAS .$BG'>Z$*$h$S>5G'%3%s%]!<%M%s%H$NN>J}$K6&DL$G$9!#.(J
.$B=EMW$J.(J JAAS .$B%/%i%9!".(J javax.security.auth.Subject .$B$O!"C10l%(%s%F%#%F%#.(J (.$B?MJ*$J$I.(J) .$B$N4XO">pJs$N%0%k!<%W2=$rI=$7$^$9!#.(J .$B4XO">pJs$K$O!"%(%s%F%#%F%#$N.(J Principal.$B!".(Jpublic .$B%/%l%G%s%7%c%k!"$*$h$S.(J private .$B%/%l%G%s%7%c%k$J$I$,$"$j$^$9!#.(J
.$B%W%j%s%7%Q%k$NI=8=$K$O!".(Jjava.security.Principal .$B%$%s%?%U%'!<%9$,;HMQ$5$l$^$9!#.(J .$B$^$?!".(JJAAS .$B$K$h$jDj5A$5$l$k%/%l%G%s%7%c%k$K$O!"G$0U$N%*%V%8%'%/%H$r;XDj$G$-$^$9!#.(J
.$B%5%V%8%'%/%H.(J

.$B%j%=!<%9$X$N%"%/%;%9$r>5G'$9$k>l9g!":G=i$K!"%"%W%j%1!<%7%g%s$,MW5a85$rG'>Z$9$kI,MW$,$"$j$^$9!#.(J JAAS .$B%U%l!<%`%o!<%/$G$O!"MW5a85$r!V%5%V%8%'%/%H!W$H$$$&8l$GI=$7$^$9!#.(J .$B%5%V%8%'%/%H$O!"%f!<%6$d%5!<%S%9$J$I$NG$0U$N%(%s%F%#%F%#$G$9!#.(J .$B0lEY!"%5%V%8%'%/%H$,G'>Z$5$l$k$H.(J javax.security.auth.Subject .$B$,4XO"$9$k<1JL>pJs!"$^$?$O.(J Principal .$B$G@j$a$i$l$^$9!#.(J .$BC10l$N%5%V%8%'%/%H$,J#?t$N%W%j%s%7%Q%k$r;}$D>l9g$b$"$j$^$9!#$?$H$($P!"$"$k?MJ*$O!"L>A0$N%W%j%s%7%Q%k.(J (.$B!V.(JJohn Doe.$B!W.(J) .$B$*$h$S.(J SSN .$B%W%j%s%7%Q%k.(J (.$B!V.(J123-45-6789.$B!W.(J) .$B$r;}$A$^$9!#$3$l$i$N%W%j%s%7%Q%k$K$h$j!"$3$N?MJ*$OB>$N%5%V%8%'%/%H$H6hJL$5$l$^$9!#.(J
.$B%5%V%8%'%/%H$O!"!V%/%l%G%s%7%c%k!W$H8F$P$l$k%;%-%e%j%F%#4XO"$NB0@-$bJ];}$G$-$^$9!#.(J .$BHs8x3+0E9f2=80$J$I!"FCJL$JJ]8n$,I,MW$J%/%l%G%s%7%c%k$O!"Hs8x3+%/%l%G%s%7%c%k.(J Set .$BFb$K3JG<$5$l$^$9!#.(J .$B8x3+80>ZL@=q$J$I$N6&M-$5$l$k%/%l%G%s%7%c%k$O!"8x3+%/%l%G%s%7%c%k.(J Set .$BFb$K3JG<$5$l$^$9!#.(J .$B%/%l%G%s%7%c%k.(J Set .$B$,0[$J$k$H!"$=$l$K%"%/%;%9$*$h$SJQ99$9$k$?$a$N%"%/%;%98"$b0[$J$j$^$9!#.(J
.$B%5%V%8%'%/%H$O!" public Subject(); public Subject(boolean readOnly, Set principals, Set pubCredentials, Set privCredentials); .$B:G=i$N%3%s%9%H%i%/%?$O!"%W%j%s%7%Q%k$*$h$S%/%l%G%s%7%c%k$N6u.(J (null .$B$G$O$J$$.(J) .$B$N.(J Set .$B$G%5%V%8%'%/%H$r:n@.$7$^$9!#.(J 2 .$BHVL\$N%3%s%9%H%i%/%?$O!";XDj$5$l$?%W%j%s%7%Q%k$*$h$S%/%l%G%s%7%c%k$N.(J Set .$B$G%5%V%8%'%/%H$r:n@.$7$^$9!#.(J .$B%5%V%8%'%/%H$rFI$_Set .$B$OITJQ$G$9!#.(J
.$B%"%W%j%1!<%7%g%s:n@.LoginContext .$B$r%$%s%9%?%s%92=$7!"%5%V%8%'%/%H$r.(J LoginContext .$B%3%s%9%H%i%/%?$KEO$5$J$$>l9g!".(JLoginContext .$B$O?7$7$$6u$N%5%V%8%'%/%H$r%$%s%9%?%s%92=$7$^$9!#.(J LoginContext .$B$N%;%/%7%g%s$r;2>H$7$F$/$@$5$$!#.(J
.$B%5%V%8%'%/%H$,FI$_uBV$G%$%s%9%?%s%92=$5$l$J$+$C$?>l9g!" public void setReadOnly(); .$B%?!<%2%C%HL>!V.(JsetReadOnly.$B!W$r;}$D.(J javax.security.auth.AuthPermission .$B$O!"$3$N%a%=%C%I$N8F$S=P$9$?$a$KMW5a$5$l$^$9!#.(J .$BFI$_IllegalStateException .$B$,%9%m!<$5$l$^$9!#.(J
.$BuBV$r%F%9%H$G$-$^$9!#.(J
public boolean isReadOnly();

.$B%5%V%8%'%/%H$K4XO"$7$?%W%j%s%7%Q%k$rl9g!" public Set getPrincipals(); public Set getPrincipals(Class c);
.$B:G=i$N%a%=%C%I$O!"%5%V%8%'%/%H$K4^$^$l$k$9$Y$F$N%W%j%s%7%Q%k$rJV$7$^$9!#0lJ}!".(J2 .$BHVL\$N%a%=%C%I$O!";XDj$5$l$?%/%i%9.(J c .$B$^$?$O$=$N%5%V%/%i%9$N%$%s%9%?%s%9$K$J$C$F$$$k%W%j%s%7%Q%k$7$+JV$7$^$;$s!#.(J .$B%5%V%8%'%/%H$K4XO"IU$1$i$l$F$$$k%W%j%s%7%Q%k$,$J$$>l9g$O!"6u$N%;%C%H$,JV$5$l$^$9!#.(J
.$B%5%V%8%'%/%H$K4XO"$7$?8x3+%/%l%G%s%7%c%k$rl9g$O!" public Set getPublicCredentials(); public Set getPublicCredentials(Class c);
.$B$3$l$i$N%a%=%C%I$NF0:n$O.(J getPrincipals .$B%a%=%C%I$NF0:n$H;w$F$$$^$9!#$?$@$7!".(JgetPrincipals .$B%a%=%C%I$G$O!"8x3+%/%l%G%s%7%c%k$r.$B%5%V%8%'%/%H.(J.$B$K4XO"$7$?Hs8x3+%/%l%G%s%7%c%k$K%"%/%;%9$9$k>l9g$O!" public Set getPrivateCredentials(); public Set getPrivateCredentials(Class c);
.$B$3$l$i$N%a%=%C%I$NF0:n$O!".(JgetPrincipals .$B%a%=%C%I$d.(J getPublicCredentials .$B%a%=%C%I$H$h$/;w$F$$$^$9!#.(J
.$B%5%V%8%'%/%H$N%W%j%s%7%Q%k.(J Set.$B!"8x3+%/%l%G%s%7%c%k.(J Set.$B!"$^$?$OHs8x3+%/%l%G%s%7%c%k.(J Set .$B$rJQ99$^$?$OA`:n$9$k>l9g!"8F$S=P$7B&$O.(J java.util.Set .$B%/%i%9$GDj5A$5$l$?%a%=%C%I$r;HMQ$7$^$9!#.(J .$B$=$NJ}K!$r<($9%5%s%W%k%3!<%I$r0J2<$K<($7$^$9!#.(J
Subject subject; Principal principal; Object credential; . . . // add a Principal and credential to the Subject subject.getPrincipals().add(principal); subject.getPublicCredentials().add(credential);

.$BCm.(J: .$B!V.(JmodifyPrincipals.$B!W!"!V.(JmodifyPublicCredentials.$B!W!"$^$?$O!V.(JmodifyPrivateCredentials.$B!W$N$$$:$l$+$N%?!<%2%C%HL>$r;}$D.(J AuthPermission .$B$O!"$=$l$>$l$N.(J Set .$B$rJQ99$9$k$?$a$KMW5a$5$l$^$9!#%5%V%8%'%/%H$NFbIt%;%C%H$,JV$9$N$O!"0z?t$J$7$N.(J getPrincipals().$B!".(JgetPublicCredentials().$B!".(JgetPrivateCredentials() .$B%a%=%C%I$+$iJV$5$l$k%;%C%H$@$1$G$9!#.(J .$B$3$N$?$a!"JV$5$l$?%;%C%H$rJQ99$9$k$H!"FbIt%;%C%H$b1F6A$rgetPrincipals(Class c).$B!".(JgetPublicCredentials(Class c).$B!".(JgetPrivateCredentials(Class c) .$B%a%=%C%I$+$iJV$5$l$k%;%C%H$OJV$7$^$;$s!#.(J .$B%a%=%C%I8F$S=P$7$4$H$K!"?75,%;%C%H$,:n@.$5$l!"JV$5$l$^$9!#.(J .$B$3$l$i$N%;%C%H$rJQ99$7$F$b!"%5%V%8%'%/%H$NFbIt%;%C%H$K1F6A$O$"$j$^$;$s!#.(J
.$BHs8x3+%/%l%G%s%7%c%k$N.(J Set .$B$G7+$jJV$7=hM}$rjavax.security.auth.PrivateCredentialPermission .$B$,I,MW$G$9!#.(J .$B>\:Y$K$D$$$F$O!".(J PrivateCredentialPermission API .$B%I%-%e%a%s%H$r;2>H$7$F$/$@$5$$!#.(J
.$B%5%V%8%'%/%H$O.(J AccessControlContext .$B$H4XO"IU$1$i$l$^$9.(J (.$B0J2<$N.(J doAs .$B$*$h$S.(J doAsPrivileged .$B%a%=%C%I$N2r@b$r;2>H.(J).$B!#.(J .$BAccessControlContext .$B$H4XO"$7$?%5%V%8%'%/%H$rJV$7$^$9!#;XDj$5$l$?.(J AccessControlContext .$B$H4XO"IU$1$i$l$?%5%V%8%'%/%H$,B8:_$7$J$$>l9g$K$O!".(Jnull .$B$rJV$7$^$9!#.(J
public static Subject getSubject(final AccessControlContext acc);

.$B%?!<%2%C%HL>!V.(JgetSubject.$B!W$r;}$D.(J AuthPermission .$B$O!".(JSubject.getSubject .$B$r8F$S=P$9$?$a$KMW5a$5$l$^$9!#.(J
Subject .$B%/%i%9$K$O!".(Jjava.lang.Object .$B$+$i7Q>5$7$? public boolean equals(Object o); public String toString(); public int hashCode();
.$BFCDj$N%5%V%8%'%/%H$H$7$F%"%/%7%g%s$r
.$B public static Object doAs(final Subject subject, final java.security.PrivilegedAction action); public static Object doAs(final Subject subject, final java.security.PrivilegedExceptionAction action) throws java.security.PrivilegedActionException;
.$B$I$A$i$N%a%=%C%I$b!";XDj$5$l$?%5%V%8%'%/%H$r8=9T%9%l%C%I$N.(J AccessControlContext .$B$K4XO"IU$1$F$+$i!".(Jaction .$B$raction .$B$ro$Naction .$B0z?t$r;XDj$7$F.(J run .$B%a%=%C%I$rPrivilegedExceptionAction run .$B%a%=%C%I$+$i$N%A%'%C%/$5$l$?Nc30$r%9%m!<$9$k>l9g$,$"$k$3$H$r=|$-!"F0:n$OF1$8$G$9!#.(J .$B%?!<%2%C%HL>.(J "doAs" .$B$r;}$D.(J AuthPermission .$B$O!".(JdoAs .$B%a%=%C%I$r8F$S=P$9$?$a$KMW5a$5$l$^$9!#.(J
Subject.doAs .$B$NNc.(J
.$BdoAs .$B%a%=%C%I$r:G=i$KMxMQ$9$k>l9g$NNc$r<($7$^$9!#.(J .$B%f!<%6.(J "Bob" .$B$,.(J LoginContext .$B$K$h$C$FG'>Z$5$l$?$?$a!".(Jcom.ibm.security.Principal .$B%/%i%9$N%W%j%s%7%Q%k$K%5%V%8%'%/%H$,@8@.$5$l!"%W%j%s%7%Q%k$NL>A0$,.(J "BOB" .$B$K$J$C$?$HA[Dj$7$F$/$@$5$$!#.(J .$B$^$?!".(JSecurityManager .$B$,%$%s%9%H!<%k:Q$_$G!"%"%/%;%9@)8f%]%j%7!\:Y$K$D$$$F$O.(J Policy .$B$r;2>H.(J).$B!#.(J
// grant "BOB" permission to read the file "foo.txt" grant Principal com.ibm.security.Principal "BOB" { permission java.io.FilePermission "foo.txt", "read"; };

.$B0J2<$K!"%5%s%W%k%"%W%j%1!<%7%g%s%3!<%I$r<($7$^$9!#.(J
class ExampleAction implements java.security.PrivilegedAction { public Object run() { java.io.File f = new java.io.File("foo.txt"); // the following call invokes a security check if (f.exists()) { System.out.println("File foo.txt exists"); } return null; } } public class Example1 { public static void main(String[] args) { // Authenticate the subject, "BOB". // This process is desribed in the // LoginContext section. Subject bob; // Set bob to the Subject created during the // authentication process // perform "ExampleAction" as "BOB" Subject.doAs(bob, new ExampleAction()); } }

.$BExampleAction .$B$,.(J f.exists() .$B$r8F$S=P$9$H!"%;%-%e%j%F%#%A%'%C%/$,ExampleAction .$B$,.(J .$B!V.(JBOB.$B!W.(J .$B$H$7$Fe5-.(J) .$B$K$h$jI,MW$J.(J FilePermission .$B$,.(J .$B!V.(JBOB.$B!W.(J .$B$KIUM?$5$l$F$$$k$?$a!".(JExampleAction .$B$O%;%-%e%j%F%#%A%'%C%/$rDL2a$7$^$9!#.(J .$B%]%j%7!grant .$BJ8$rJQ99$9$k.(J (.$B$?$H$($P!"IT@5$J.(J CodeBase .$B$rDI2C$9$k$+%W%j%s%7%Q%k$r.(J "MOE" .$B$KJQ99$9$k.(J) .$B$H!".(JSecurityException .$B$,%9%m!<$5$l$^$9!#.(J

doAsPrivileged .$B%a%=%C%I.(J

.$B public static Object doAsPrivileged( final Subject subject, final java.security.PrivilegedAction action, final java.security.AccessControlContext acc); public static Object doAsPrivileged( final Subject subject, final java.security.PrivilegedExceptionAction action, final java.security.AccessControlContext acc) throws java.security.PrivilegedActionException;
.$B%?!<%2%C%HL>!V.(JdoAsPrivileged.$B!W$r;}$D.(J AuthPermission .$B$O!".(JdoAsPrivileged .$B%a%=%C%I$r8F$S=P$9$?$a$KMW5a$5$l$^$9!#.(J

doAs .$B$H.(J doAsPrivileged

doAsPrivileged .$B%a%=%C%I$NF0:n$O!".(JdoAs .$B$H$^$C$?$/F1$8$G$9!#$?$@$7!";XDj$5$l$?%5%V%8%'%/%H$r8=9T$N%9%l%C%I$N.(J AccessControlContext .$B$K4XO"IU$1$kBe$o$j$K!";XDj$5$l$?.(J AccessControlContext .$B$r;HMQ$7$^$9!#.(J .$B$3$N$h$&$K!"8=9T$N$b$N$H$O0[$J$C$?.(J AccessControlContext .$B$K$h$C$F%"%/%7%g%s$,@)8B$5$l$k$3$H$,$"$j$^$9!#.(J
AccessControlContext .$B$K$O!".(JAccessControlContext .$B$N%$%s%9%?%s%92=0J9_$KpJs.(J (.$B%3!<%I0LCV$d!"%]%j%7!<$K$h$C$F%3!<%I$KIUM?$5$l$?%"%/%;%98"$J$I.(J) .$B$,4^$^$l$^$9!#.(J .$B%"%/%;%9@)8f%A%'%C%/$r@.8y$5$;$k$?$a!"%]%j%7!<$O!".(JAccessControlContext .$B$K$h$C$F;2>H$5$l$k3F%3!<%I9`L\$K!"I,MW$J%"%/%;%98"$rIUM?$9$kI,MW$,$"$j$^$9!#.(J
doAsPrivileged .$B$KDs6!$5$l$?.(J AccessControlContext .$B$,.(J null .$B$G$"$k>l9g!"%"%/%7%g%s$,JL$N.(J AccessControlContext .$B$K$h$C$F@)8B$5$l$k$3$H$O$"$j$^$;$s!#.(J .$B$3$N$3$H$O!"%5!<%P4D6-$GLrN)$D>l9g$,$"$j$^$9!#.(J .$B%5!<%P$O!"J#?t$NCe?.MW5a$rG'>Z$7!"3FMW5a$KBP$7$FJL!9$N.(J doAs .$B$rdoAs .$B%"%/%7%g%s$r?7$?$K3+;O$7!"8=9T$N%5!<%P$N@)8B.(J AccessControlContext .$B$r$J$/$9$?$a!"%5!<%P$O.(J doAsPrivileged .$B$r8F$S=P$7!".(Jnull AccessControlContext .$B$rDs6!$9$k$3$H$,$G$-$^$9!#.(J

Principals

.$B0JA0$K@bL@$7$?$h$&$K!"G'>Z$K@.8y$7$?>l9g!"%W%j%s%7%Q%k$r%5%V%8%'%/%H$K4XO"IU$1$k$3$H$,$G$-$^$9!#.(J .$B%W%j%s%7%Q%k$O!"%5%V%8%'%/%H$N<1JL>pJs$rI=$7$^$9!#$^$?!".(Jjava.security.Principal .$B$*$h$S.(J java.io.Serializable .$B%$%s%?%U%'!<%9$r.$B%5%V%8%'%/%H.(J.$B$r;2>H$7$F$/$@$5$$!#.(J

Credentials

.$B8x3+$*$h$SHs8x3+%/%l%G%s%7%c%k%/%i%9$O!"%3%".(J JAAS .$B%/%i%9%i%$%V%i%j$N0lIt$G$O$"$j$^$;$s!#.(J .$B$"$i$f$k%/%i%9$,%/%l%G%s%7%c%k$K$J$j$^$9!#.(J .$B$?$@$7!"3+H/Refreshable .$B$*$h$S.(J Destroyable .$B$rRefreshable

.$B$3$N.(J javax.security.auth.Refreshable .$B%$%s%?%U%'!<%9.(J.$B$O!"%/%l%G%s%7%c%k$N<+F099?75!G=$rDs6!$7$^$9!#.(J .$B$?$H$($P!"M-8z4|4V$N@)8B$5$l$?%/%l%G%s%7%c%k$,$3$N%$%s%?%U%'!<%9$r boolean isCurrent(); .$B$3$N%a%=%C%I$O!"%/%l%G%s%7%c%k$,8=:_M-8z$+$I$&$+$rH=Dj$7$^$9!#.(J
void refresh() throws RefreshFailedException;
.$B$3$N%a%=%C%I$O!"%/%l%G%s%7%c%k$NM-8z4|4V$r99?7$^$?$O3HD%$7$^$9!#.(J .$B$3$N%a%=%C%IAuthPermission("refreshCredential") .$B%;%-%e%j%F%#%A%'%C%/$r
Destroyable

.$B$3$N.(J javax.security.auth.Destroyable .$B%$%s%?%U%'!<%9.(J.$B$O!"%/%l%G%s%7%c%k$N%3%s%F%s%D$rGK4~$9$k5!G=$rDs6!$7$^$9!#.(J .$B$3$N%$%s%?%U%'!<%9$K$O!" boolean isDestroyed(); .$B$3$N%a%=%C%I$O!"%/%l%G%s%7%c%k$,GK4~$5$l$?$+$I$&$+$rH=JL$7$^$9!#.(J
void destroy() throws DestroyFailedException;
.$B$3$N%a%=%C%I$O!"$3$N%/%l%G%s%7%c%k$K4XO"$7$?>pJs$rGK4~$*$h$S>C5n$7$^$9!#.(J .$B0J9_!"$3$N%/%l%G%s%7%c%k$NFCDj%a%=%C%I$r8F$S=P$9$H!".(JIllegalStateException .$B$,%9%m!<$5$l$^$9!#.(J .$B$3$N%a%=%C%IAuthPermission("destroyCredential") .$B%;%-%e%j%F%#%A%'%C%/$r

.$BG'>Z%/%i%9$H%$%s%?%U%'!<%9.(J

.$B%5%V%8%'%/%H.(J (.$B%f!<%6$^$?$O%5!<%S%9.(J) .$B$NG'>Z$G$O!"
.$B%"%W%j%1!<%7%g%s$,.(J LoginContext .$B$r%$%s%9%?%s%92=$7$^$9!#.(J

LoginContext .$B$,!".(J Configuration .$B$+$i%"%W%j%1!<%7%g%sMQ$K9=@.$5$l$?$9$Y$F$N%m%0%$%s%b%8%e!<%k$r%m!<%I$7$^$9!#.(J

.$B%"%W%j%1!<%7%g%s$,!".(JLoginContext .$B$N.(J login .$B%a%=%C%I$r8F$S=P$7$^$9!#.(J

login .$B%a%=%C%I$,%m!<%I$5$l$?$9$Y$F$N%m%0%$%s%b%8%e!<%k$r8F$S=P$7$^$9!#3F%m%0%$%s%b%8%e!<%k$O%5%V%8%'%/%H$rG'>Z$7$h$&$H$7$^$9!#.(J .$B@.8y$7$?>l9g!"G'>Z$5$l$F$$$k%5%V%8%'%/%H$rI=$9.(J Subject .$B%*%V%8%'%/%H$K!"E,@Z$J%W%j%s%7%Q%k$H%/%l%G%s%7%c%k$r4XO"IU$1$^$9!#.(J

LoginContext .$B$,!"G'>Z>uBV$r%"%W%j%1!<%7%g%s$KJV$7$^$9!#.(J

.$BG'>Z$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$O.(J Subject .$B$r.(J LoginContext .$B$+$i
.$B0J2<$G$O!"G'>Z%/%i%9$K$D$$$F@bL@$7$^$9!#.(J
LoginContext

javax.security.auth.login.LoginContext .$B%/%i%9$O!"%5%V%8%'%/%H$NG'>Z$K;HMQ$5$l$k4pK\E*$J%a%=%C%I$rDs6!$7$^$9!#$3$N%/%i%9$r;HMQ$9$k$H!"4pHW$H$J$kG'>Z5;=Q$K0MB8$7$J$$%"%W%j%1!<%7%g%s$r3+H/$G$-$^$9!#.(J LoginContext .$B$O!".(J Configuration .$B$X$NLd$$9g$o$;$rZ%5!<%S%9$^$?$O.(J LoginModule .$B$r3NG'$7$^$9!#.(J .$B$3$N$?$a!"%"%W%j%1!<%7%g%s<+BN$rJQ99$;$:$K!"J#?t$N0[$J$k%m%0%$%s%b%8%e!<%k$r%W%i%0%$%s$H$7$F%"%W%j%1!<%7%g%s$G;HMQ$G$-$^$9!#.(J
LoginContext .$B$O!"A*Br2DG=$J.(J 4 .$B$D$N%3%s%9%H%i%/%?$rDs6!$7$^$9!#.(J
public LoginContext(String name) throws LoginException; public LoginContext(String name, Subject subject) throws LoginException; public LoginContext(String name, CallbackHandler callbackHandler) throws LoginException public LoginContext(String name, Subject subject, CallbackHandler callbackHandler} throws LoginException
.$B$9$Y$F$N%3%s%9%H%i%/%?$O!"6&DL$N%Q%i%a!<%?.(J name .$B$r6&M-$7$^$9!#.(J LoginContext .$B$O!"$3$N0z?t$r%m%0%$%s9=@.$N%$%s%G%C%/%9$H$7$F;HMQ$7!".(JLoginContext .$B$N%$%s%9%?%s%92=$r9T$&%"%W%j%1!<%7%g%sMQ$H$7$F9=@.$5$l$k%m%0%$%s%b%8%e!<%k$rFCDj$7$^$9!#.(J .$B%5%V%8%'%/%H$rF~NO%Q%i%a!<%?$H$7$F!V.(JcreateLoginContext.<name>.$B!W$r;}$D.(J AuthPermission .$B$KBP$7$F!".(JLoginContext .$B$N%$%s%9%?%s%92=$rMW5a$7$^$9!#.(J .$B$3$3$G!".(J<name> .$B$O!"%"%W%j%1!<%7%g%s$,.(J LoginContext .$B$N%$%s%9%?%s%92=$N:]$K.(J name .$B%Q%i%a!<%?$G;2>H$9$k%m%0%$%s9=@.%(%s%H%j$NL>A0$G$9!#.(J
CallbackHandler .$B$H$3$l$,I,MW$J>u67$K$D$$$F$O!".(JCallbackHandler .$B$N%;%/%7%g%s$r;2>H$7$F$/$@$5$$!#.(J
.$BZ$O!" public void login() throws LoginException;
login .$B$r8F$S=P$9$H!"$9$Y$F$N9=@.:Q$_%m%0%$%s%b%8%e!<%k$,8F$S=P$5$l!"G'>Z$rZ$K@.8y$7$?>l9g$O!"Z$5$l$?%5%V%8%'%/%H.(J (.$B%W%j%s%7%Q%k!"8x3+%/%l%G%s%7%c%k!"$*$h$SHs8x3+%/%l%G%s%7%c%k.(J) .$B$r public Subject getSubject();
.$B%5%V%8%'%/%H$r%m%0%"%&%H$7$F!"G'>Z:Q$_$N%W%j%s%7%Q%k$*$h$S%/%l%G%s%7%c%k$r:o=|$9$k$K$O!" public void logout() throws LoginException;
.$BZ$*$h$S%m%0%"%&%H$KI,MW$J8F$S=P$7$r<($7$^$9!#.(J
// let the LoginContext instantiate a new Subject LoginContext lc = new LoginContext("entryFoo"); try { // authenticate the Subject lc.login(); System.out.println("authentication successful"); // get the authenticated Subject Subject subject = lc.getSubject(); ... // all finished -- logout lc.logout(); } catch (LoginException le) { System.err.println("authentication unsuccessful: " + le.getMessage()); }

LoginModule

LoginModule .$B%$%s%?%U%'!<%9.(J.$B$r;HMQ$9$k$H!"0[$J$kZ5;=Q$r.(J/.$B%Q%9%o!<%I%Y!<%9$NG'>Z$r.$BCm.(J: .$B%"%W%j%1!<%7%g%s:n@.pJs.(J (.$B%m%0%$%s9=@.%U%!%$%k$NFbMF$J$I.(J) .$B$N;XDj$K=8Cf$7!"%"%W%j%1!<%7%g%s$,9=@.$K$h$C$F;XDj$5$l$?%m%0%$%s%b%8%e!<%kMxMQ$7$F%f!<%6$rG'>Z$G$-$k$h$&$K$7$F$/$@$5$$!#.(J
.$BG'>Z5;=Q$r.$B!V.(JJAAS .$B%m%0%$%s%b%8%e!<%k3+H/ .$B$G6qBNE*$J
CallbackHandler

.$B%m%0%$%s%b%8%e!<%k$,%f!<%6$H$NDL?.$r2p$7$FG'>Z>pJs$rl9g$,$"$j$^$9!#.(J .$B%m%0%$%s%b%8%e!<%k$O!".(J javax.security.auth.callback.CallbackHandler .$B$r;HMQ$7$F$3$l$rCallbackHandler .$B%$%s%?%U%'!<%9.(J.$B$rLoginContext .$B$KEO$7$^$9!#.(JLoginContext .$B$O$3$l$r4pHW$H$J$k%m%0%$%s%b%8%e!<%k$KD>@\E>Aw$7$^$9!#%m%0%$%s%b%8%e!<%k$O.(J CallbackHandler .$B$r;H$C$F!"%f!<%6$+$i$NF~NO.(J (.$B%Q%9%o!<%I!"%9%^!<%H%+!<%I$J$I$N0E>ZHV9f$J$I.(J) .$B$r<}=8$7$?$j!"%f!<%6$K>pJs.(J (.$B>uBV>pJs$J$I.(J) .$B$rDs6!$7$?$j$7$^$9!#.(J .$B%"%W%j%1!<%7%g%s$K.(J CallbackHandler .$B$N;XDj$r5v2D$9$k$3$H$K$h$j!"4pHW$H$J$k%m%0%$%s%b%8%e!<%k$O!"%"%W%j%1!<%7%g%s$H%f!<%64V$NDL?.J}K!$K0MB8$;$:$KF0:n$9$k$h$&$K$J$j$^$9!#.(J .$B$?$H$($P!".(JGUI .$B%"%W%j%1!<%7%g%sMQ$N.(J CallbackHandler .$BCallbackHandler .$B$O!"%3%^%s%I9T$+$iD>@\F~NO$9$k$h$&%f!<%6$K5a$a$^$9!#.(J
CallbackHandler .$B$O!".(J1 .$B$D$N%a%=%C%I$r;}$C$? void handle(Callback[] callbacks) throws java.io.IOException, UnsupportedCallbackException;
.$B%m%0%$%s%b%8%e!<%k$O.(J CallbackHandler handle .$B%a%=%C%I$KE,@Z$J.(J Callback .$B$+$i$J$kG[Ns.(J (.$B$?$H$($P%f!<%6L>$N>l9g.(J NameCallback.$B!"%Q%9%o!<%I$N>l9g.(J PasswordCallback) .$B$rEO$7!"MW5a$K=>$C$F%f!<%6$HDL?.$7!".(JCallback .$BFb$KE,@Z$JCM$r@_Dj$7$^$9!#$?$H$($P!".(JNameCallback .$B$r=hM}$9$k>l9g!".(JCallbackHandler .$B$O%f!<%6$+$iL>A0$rNameCallback .$B$N.(J setName .$B%a%=%C%I$r8F$S=P$7$F$=$NL>A0$r3JG<$7$^$9!#.(J
.$B!V.(JCallbackHandler.$B!W.(J.$B$N%I%-%e%a%s%H$K$O!"$3$N%I%-%e%a%s%H$K$O5-:\$5$l$F$$$J$$BgNL$N%5%s%W%k$,5-:\$5$l$F$$$^$9!#.(J

Callback

javax.security.auth.callback .$B%Q%C%1!<%8$K$O!".(JCallback .$B%$%s%?%U%'!<%9$*$h$S$$$/$D$+$NCallback .$B$NG[Ns$r!".(JCallbackHandler .$B$N.(J handle .$B%a%=%C%I$KD>@\EO$9$3$H$,$G$-$^$9!#.(J
.$B;HMQJ}K!$N>\:Y$K$D$$$F$O!"3FCallback API .$B$r;2>H$7$F$/$@$5$$!#.(J

.$B>5G'%/%i%9.(J

JAAS .$B>5G'$r9T$&$K$O!"
LoginContext .$B$N%;%/%7%g%s$N@bL@$K=>$C$F%f!<%6$rG'>Z$9$k.(J

.$BG'>Z$N7k2L@8@.$5$l$k%5%V%8%'%/%H$r.(J.$B%5%V%8%'%/%H.(J.$B$N@bL@$K=>$C$F%"%/%;%9@)8f%3%s%F%-%9%H$K4XO"IU$1$k.(J

.$B0J2<$N@bL@$K=>$C$F%;%-%e%j%F%#%]%j%7!
.$B0J2<$G$O!".(JPolicy .$BCj>]%/%i%9$H>5G'8GM-$N%/%i%9.(J AuthPermission .$B$*$h$S.(J PrivateCredentialPermission .$B$K$D$$$F@bL@$7$^$9!#.(J
Policy

java.security.Policy .$B%/%i%9$O!"%7%9%F%`A4BN$N%"%/%;%9@)8f%]%j%7!<$rI=$9.(J.$BCj>].(J.$B%/%i%9$G$9!#.(J Policy API .$B$O.(J J2SDK, v1.4 .$B$G%"%C%W%0%l!<%I$5$l!".(J Principal .$B%Y!<%9$N%/%(%j!<$r%5%]!<%H$9$k$h$&$K$J$C$F$$$^$9!#.(J
J2SDK .$B$O!"%G%U%)%k%H$G!"%U%!%$%k%Y!<%9$N%5%V%/%i%9Principal .$B%Y!<%9$N.(J grant .$B%(%s%H%j$r;HMQ$G$-$k$h$&$K$J$C$F$$$^$9!#.(J
.$B%]%j%7!<%U%!%$%k$*$h$S$=$NFbIt$N%(%s%H%j9=B$$N>\:Y$O!".(J .$B!V%G%U%)%k%H$N.(J Policy .$B$N.$B$r;2>H$7$F$/$@$5$$!#.(J

AuthPermission

javax.security.auth.AuthPermission .$B%/%i%9$O!".(JJAAS .$B$KI,?\$N4pK\E*$J%"%/%;%98"$r%+%W%;%k2=$7$^$9!#.(J AuthPermission .$B$K$OL>A0.(J (.$B%?!<%2%C%HL>$H$b8F$P$l$k.(J) .$B$O4^$^$l$^$9$,!"%"%/%7%g%s%j%9%H$O4^$^$l$^$;$s!#$7$?$,$C$F!"L>A0IU$-%"%/%;%98"$rF@$k$+!"%"%/%;%98"$rF@$J$$$+$N$I$A$i$+$K$J$j$^$9!#.(J
AuthPermission .$B$O!".(J java.security.Permission .$B$+$i7Q>5$5$l$?%a%=%C%I$N$[$+$K.(J 2 .$B$D$N.(J public .$B%3%s%9%H%i%/%?$r;}$C$F$$$^$9!#.(J
public AuthPermission(String name); public AuthPermission(String name, String actions);
.$B:G=i$N%3%s%9%H%i%/%?$O!";XDj$5$l$?.(J name .$B$G?75,.(J AuthPermission .$B$r:n@.$7$^$9!#.(J 2 .$BHVL\$N%3%s%9%H%i%/%?$b!";XDj$5$l$?.(J name .$B$G.(J AuthPermission .$B%*%V%8%'%/%H$r:n@.$7$^$9$,!".(Jactions .$B0z?t$,DI2C;XDj$5$l$F$$$^$9!#$3$N0z?t$O8=:_$N$H$3$mL$;HMQ$G$"$k$?$a!".(Jnull .$B$K$7$^$9!#.(J .$B$3$N%3%s%9%H%i%/%?$O!".(JPolicy .$B%*%V%8%'%/%H$G?75,.(J Permission .$B%*%V%8%'%/%H$r%$%s%9%?%s%92=$9$k$?$a$@$1$KB8:_$7$^$9!#.(J .$B$=$NB>$NBgH>$N%3!<%I$G$O!":G=i$N%3%s%9%H%i%/%?$N;HMQ$,E,$7$F$$$^$9!#.(J
.$B8=:_$N$H$3$m!".(JAuthPermission .$B%*%V%8%'%/%H$O!".(JPolicy.$B!".(JSubject.$B!".(JLoginContext.$B!"$*$h$S.(J Configuration .$B%*%V%8%'%/%H$X$N%"%/%;%9$NJ]8n$K;HMQ$5$l$^$9!#.(J .$B%5%]!<%H$5$l$kM-8z$JL>A0$N%j%9%H$K$D$$$F$O!".(J AuthPermission .$B$N.(J javadoc .$B%I%-%e%a%s%H$r;2>H$7$F$/$@$5$$!#.(J

PrivateCredentialPermission

javax.security.auth.PrivateCredentialPermission .$B%/%i%9$O!".(J.$B%5%V%8%'%/%H.(J.$B$NHs8x3+%/%l%G%s%7%c%k$X$N%"%/%;%9$rJ]8n$7!".(J1 .$B$D$N.(J public .$B%3%s%9%H%i%/%?$rDs6!$7$^$9!#.(J
public PrivateCredentialPermission(String name, String actions);
.$B$3$N%/%i%9$N>\:Y$O!".(JPrivateCredentialPermission javadoc .$B$N%I%-%e%a%s%H$r;2>H$7$F$/$@$5$$!#.(J

JAAS .$B%A%e!<%H%j%"%k$H%5%s%W%k%W%m%0%i%`.(J

.$B!V.(JJAAS .$BG'>Z!W.(J .$B$*$h$S.(J .$B!V.(JJAAS .$B>5G'!W.(J .$B$N3F%A%e!<%H%j%"%k$K$O!"
SampleAcn.java.$B!#.(JJAAS .$BG'>Z$r@bL@$9$k%5%s%W%k%"%W%j%1!<%7%g%s.(J

SampleAzn.java.$B!#>5G'%A%e!<%H%j%"%k$G;HMQ$5$l$k%5%s%W%k%"%W%j%1!<%7%g%s!#.(J .$BG'>Z$H>5G'$NN>J}$r@bL@$9$k.(J

sample_jaas.config.$B!#N>J}$N%A%e!<%H%j%"%k$G;HMQ$5$l$k%5%s%W%k%m%0%$%s9=@.%U%!%$%k.(J

sampleacn.policy.$B!#G'>Z%A%e!<%H%j%"%k$N%3!<%I$KI,MW$J%"%/%;%98"$rIUM?$9$k%5%s%W%k%]%j%7!<%U%!%$%k.(J

sampleazn.policy.$B!#>5G'%A%e!<%H%j%"%k$N%3!<%I$KI,MW$J%"%/%;%98"$rIUM?$9$k%5%s%W%k%]%j%7!<%U%!%$%k.(J

SampleLoginModule.java.$B!#%A%e!<%H%j%"%k$N%m%0%$%s9=@.%U%!%$%k.(J (sample_jaas.config) .$B$K$h$C$F!"4pHW$H$J$kE,@Z$JG'>Z$rZ$O!"%f!<%6$K$h$C$F;XDj$5$l$?L>A0$H%Q%9%o!<%I$,FCDj$NCM$r;}$C$F$$$k$3$H$r8!>Z$9$k=hM}$G$"$k.(J

SamplePrincipal.java.$B!#.(J Principal .$B%$%s%?%U%'!<%9$r
.$B%"%W%j%1!<%7%g%s!"%]%j%7!<%U%!%$%k!"$*$h$S%m%0%$%s9=@.%U%!%$%k$N>\:Y$K$D$$$F$O!"%A%e!<%H%j%"%k$r;2>H$7$F$/$@$5$$!#.(J
.$B%A%e!<%H%j%"%k$K@bL@$5$l$F$$$k$H$*$j!"%"%W%j%1!<%7%g%s:n@..$B!V.(JJAAS .$B%m%0%$%s%b%8%e!<%k3+H/.$B$G$=$NJ}K!$r3NG'$G$-$^$9!#.(J

.$BIUO?.(J A: java.security .$B%;%-%e%j%F%#%W%m%Q%F%#%U%!%$%k$G$N.(J JAAS .$B@_Dj.(J

java.security .$B%^%9%?!<%;%-%e%j%F%#%W%m%Q%F%#%U%!%$%kFb$GB??t$N.(J JAAS .$B@_Dj$r9T$&$3$H$,$G$-$^$9!#$3$N%U%!%$%k$O!".(JJava 2 Runtime .$B$N.(J lib/security .$B%G%#%l%/%H%jFb$K$"$j$^$9!#.(J
JAAS .$B$O!".(Jjava.security .$B$K
login.configuration.provider
login.config.url.n
.$B
policy.provider
policy.url.n
.$B%m%0%$%s9=@.%W%m%P%$%@.(J

Sun Microsystems .$B$,Ds6!$9$k%G%U%)%k%H$N.(J JAAS .$B%m%0%$%s9=@.pJs$r%U%!%$%k$+$ipJs$O!"%A%e!<%H%j%"%k$K5-:\$5$l$F$$$kFC.$BBeBX%W%m%P%$%@%/%i%9login.configuration.provider .$B%W%m%Q%F%#Fb$K;XDj$9$k$3$H$G!"%G%U%)%k%H$N.(J JAAS .$B%m%0%$%s9=@. .$BNc$r<($7$^$9!#.(J
login.configuration.provider=com.foo.Config
.$B%;%-%e%j%F%#%W%m%Q%F%#.(J login.configuration.provider .$B$,8+$D$+$i$J$$!"$^$?$O;XDj$5$l$F$$$J$$>l9g!"%G%U%)%k%HCM$,@_Dj$5$l$^$9!#.(J
login.configuration.provider=com.sun.security.auth.login.ConfigFile

.$B%m%0%$%s9=@.%W%m%P%$%@$r!"%3%^%s%I9T$+$iF0E*$K@_Dj$9$k$3$H$O$G$-$^$;$s!#.(J

.$B%m%0%$%s9=@..(J URL

Sun Microsystems .$B$,Ds6!$9$k%G%U%)%k%HpJs$,;XDj$5$l$F$$$k$3$H$rMW5a$9$k%m%0%$%s9=@.l9g$O!".(Jlogin.config.url.n .$B%W%m%Q%F%#$K8D!9$N.(J URL .$B$r;XDj$9$k$3$H$K$h$j!"%m%0%$%s9=@.%U%!%$%k$N0LCV$r@EE*$K@_Dj$G$-$^$9!#!V.(Jn.$B!W$O!".(J1 .$B$+$i;O$^$kO"B3$7$?HV9f$G$9!#!V.(Jn >= 2.$B!W$N$h$&$KJ#?t$N9=@.%U%!%$%k$,;XDj$5$l$k>l9g!"$=$l$i$OFI$_9~$^$l!"7k9g$5$l$FC10l$N9=@.$K$J$j$^$9!#.(J
.$BNc$r<($7$^$9!#.(J
login.config.url.1=file:C:/config/.java.login.config login.config.url.2=file:C:/users/foo/.foo.login.config

.$B9=@.%U%!%$%k$N0LCV$,.(J java.security .$B%W%m%Q%F%#%U%!%$%k$K;XDj$5$l$F$*$i$:!"%3%^%s%I9T$+$i.(J -Djava.security.auth.login.config .$B%*%W%7%g%s$r;H$C$FF0E*$K;XDj$5$l$F$b$$$J$$>l9g!".(JJAAS .$B$O0J2<$+$i%G%U%)%k%H9=@.$N%m!<%I$r;n$_$^$9!#.(J

file:${user.home}/.java.login.config

.$B%]%j%7!<%W%m%P%$%@.(J

.$BBeBX%W%m%P%$%@%/%i%9policy.provider .$B%W%m%Q%F%#Fb$K;XDj$9$k$3$H$G!"%G%U%)%k%H$N.(J JAAS .$B%"%/%;%9@)8f%]%j%7!< .$BNc$r<($7$^$9!#.(J
policy.provider=com.foo.Policy
.$B%;%-%e%j%F%#%W%m%Q%F%#.(J policy.provider .$B$,8+$D$+$i$J$$!"$^$?$O;XDj$5$l$F$$$J$$>l9g!".(JPolicy .$B$O%G%U%)%k%HCM$K@_Dj$5$l$^$9!#.(J
policy.provider=sun.security.provider.PolicyFile

.$B%]%j%7!<%W%m%P%$%@$r!"%3%^%s%I9T$+$iF0E*$K@_Dj$9$k$3$H$O$G$-$^$;$s!#.(J

.$B%]%j%7!<%U%!%$%k.(J URL

.$B%"%/%;%9@)8f%]%j%7!<%U%!%$%k$N0LCV$O!".(Jauth.policy.url.n .$B%W%m%Q%F%#$K$=$l$>$l$N.(J URL .$B$r;XDj$9$k$3$H$K$h$j!"@EE*$K@_Dj$G$-$^$9!#!V.(Jn.$B!W$O!".(J1 .$B$+$i;O$^$kO"B3$7$?HV9f$G$9!#!V.(Jn >= 2.$B!W$N$h$&$KJ#?t$N%]%j%7!<$,;XDj$5$l$k>l9g!"$=$l$i$OFI$_9~$^$l!"7k9g$5$l$FC10l$N%]%j%7!<$K$J$j$^$9!#.(J
.$BNc$r<($7$^$9!#.(J
policy.url.1=file:C:/policy/.java.policy policy.url.2=file:C:/users/foo/.foo.policy

java.security .$B%W%m%Q%F%#%U%!%$%k$K%]%j%7!<%U%!%$%k$N0LCV$,;XDj$5$l$F$*$i$:!".(J-Djava.security.policy .$B%*%W%7%g%s$K$h$C$F%3%^%s%I9T$+$iF0E*$K;XDj$5$l$k$3$H$b$J$$>l9g!"%"%/%;%9@)8f%]%j%7!<$O!".(JJ2SDK .$B$HF1;~$K%$%s%9%H!<%k$5$l$?%7%9%F%`%]%j%7!<%U%!%$%k$HF1$8$K$J$j$^$9!#.(J .$B$3$N%]%j%7!<%U%!%$%k$NFCD'$O
.$BI8=`$N3HD%5!G=$K$9$Y$F$N%"%/%;%98"$rIUM?.(J

.$BG$0U$N%f!<%6$,HsFC8"%]!<%H$GBT5!$9$k$3$H$r5v2D.(J

.$BG$0U$N%3!<%I$,%;%-%e%j%F%#>e$=$l$[$I=EMW$G$J$$FCDj$N!VI8=`!W%W%m%Q%F%#.(J ("os.name".$B!".(J"file.separator" .$B$J$I.(J) .$B$rFI$_

.$B%5%s%W%k%^%9%?!<%;%-%e%j%F%#%W%m%Q%F%#%U%!%$%k.(J

.$B0J2<$K!".(JJava 2 Runtime v1.4 .$B$GDs6!$5$l$k.(J java.security .$B$r<($7$^$9!#.(J JAAS .$B4XO"%W%m%Q%F%#$N%5%s%W%k@_Dj$OB@;z$G<($7$^$9!#.(J .$B$3$NNc$G$O!".(Jpolicy.provider.$B!".(Jpolicy.url.n.$B!"$*$h$S.(Jlogin.configuration.provider .$B%W%m%Q%F%#$N%G%U%)%k%H$N.(J java.security .$B%U%!%$%kFb$NCM$O$=$N$^$^;HMQ$7$^$9!#.(J .$B%G%U%)%k%H$N.(J java.security .$B%U%!%$%kFb$N.(J login.config.url.n .$B$NCM$O%3%a%s%H2=$5$l$F$$$^$9!#.(J .$B0J2<$NNc$G$O%3%a%s%H2=$5$l$F$$$^$;$s!#.(J
# # This is the "master security properties file". # # In this file, various security properties are set for use by # java.security classes. This is where users can statically register # Cryptography Package Providers ("providers" for short). The term # "provider" refers to a package or set of packages that supply a # concrete implementation of a subset of the cryptography aspects of # the Java Security API. A provider may, for example, implement one or # more digital signature algorithms or message digest algorithms. # # Each provider must implement a subclass of the Provider class. # To register a provider in this master security properties file, # specify the Provider subclass name and priority in the format # # security.provider.<n>=<className> # # This declares a provider, and specifies its preference # order <n>. The preference order is the order in which providers are # searched for requested algorithms (when no specific provider is # requested). The order is 1-based; 1 is the most preferred, followed # by 2, and so on. # # <className> must specify the subclass of the Provider class whose # constructor sets the values of various properties that are required # for the Java Security API to look up the algorithms or other # facilities implemented by the provider. # # There must be at least one provider specification in java.security. # There is a default provider that comes standard with the JDK. It # is called the "SUN" provider, and its Provider subclass # named Sun appears in the sun.security.provider package. Thus, the # "SUN" provider is registered via the following: # # security.provider.1=sun.security.provider.Sun # # (The number 1 is used for the default provider.) # # Note: Statically registered Provider subclasses are instantiated # when the system is initialized. Providers can be dynamically # registered instead by calls to either the addProvider or # insertProviderAt method in the Security class. # # List of providers and their preference orders (see above): # security.provider.1=sun.security.provider.Sun security.provider.2=com.sun.net.ssl.internal.ssl.Provider security.provider.3=com.sun.rsajca.Provider security.provider.4=com.sun.crypto.provider.SunJCE security.provider.5=sun.security.jgss.SunProvider # # Select the source of seed data for SecureRandom. By default it uses # a system/thread activity algorithm. Optionally, if the platform supports # it an entropy gathering device can be selected. # #securerandom.source=file:/dev/random # # The entropy gathering device is described as a URL and can # also be specified with the property "java.security.egd". For example, # -Djava.security.egd=file:/dev/urandom # Specifying this property will override the securerandom.source setting. # # Class to instantiate as the javax.security.auth.login.Configuration # provider. # login.configuration.provider=com.sun.security.auth.login.ConfigFile # # Default login configuration file # login.config.url.1=file:${user.home}/.java.login.config # # Class to instantiate as the system Policy. This is the name of the class # that will be used as the Policy object. # policy.provider=sun.security.provider.PolicyFile # The default is to have a single system-wide policy file, # and a policy file in the user's home directory. policy.url.1=file:${java.home}/lib/security/java.policy policy.url.2=file:${user.home}/.java.policy # whether or not we expand properties in the policy file # if this is set to false, properties (${...}) will not be expanded in policy # files. policy.expandProperties=true # whether or not we allow an extra policy to be passed on the command line # with -Djava.security.policy=somefile. Comment out this line to disable # this feature. policy.allowSystemProperty=true # whether or not we look into the IdentityScope for trusted Identities # when encountering a 1.1 signed JAR file. If the identity is found # and is trusted, we grant it AllPermission. policy.ignoreIdentityScope=false # # Default keystore type. # keystore.type=jks # # Class to instantiate as the system scope: # system.scope=sun.security.provider.IdentityDatabase # # List of comma-separated packages that start with or equal this string # will cause a security exception to be thrown when # passed to checkPackageAccess unless the # corresponding RuntimePermission ("accessClassInPackage."+package) has # been granted. package.access=sun. # # List of comma-separated packages that start with or equal this string # will cause a security exception to be thrown when # passed to checkPackageDefinition unless the # corresponding RuntimePermission ("defineClassInPackage."+package) has # been granted. # # by default, no packages are restricted for definition, and none of # the class loaders supplied with the JDK call checkPackageDefinition. # #package.definition= # # Determines whether this properties file can be appended to # or overridden on the command line via -Djava.security.properties # security.overridePropertiesFile=true # # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. # ssl.KeyManagerFactory.algorithm=SunX509 ssl.TrustManagerFactory.algorithm=SunX509 # # Determines the default SSLSocketFactory and SSLServerSocketFactory # provider implementations for the javax.net.ssl package. If, due to # export and/or import regulations, the providers are not allowed to be # replaced, changing these values will produce non-functional # SocketFactory or ServerSocketFactory implementations. # #ssl.SocketFactory.provider= #ssl.ServerSocketFactory.provider=

.$BIUO?.(J B: .$B%5%s%W%k%m%0%$%s9=@..(J

.$B%m%0%$%s9=@.$O!".(Jjava.security .$B%U%!%$%kFb$N.(J login.config.url.n .$B%;%-%e%j%F%#%W%m%Q%F%#$r;HMQ$7$FG[CV$5$l$^$9!#.(J .$B$3$N%W%m%Q%F%#$N>\:Y$*$h$S.(J java.security .$B%U%!%$%k$N0LCV$K$D$$$F$O!".(J.$B!VIUO?.(J A.$B!W.(J.$B$r;2>H$7$F$/$@$5$$!#.(J
.$B%G%U%)%k%H$N.(J Configuration .$BConfigFile .$B$O!"$=$N9=@.>pJs$r%m%0%$%s9=@.%U%!%$%k$+$i\:Y$K$D$$$F$O!".(J com.sun.security.auth.login.ConfigFile .$B%/%i%9$N.(J javadoc .$B$r;2>H$7$F$/$@$5$$!#.(J
.$B0J2<$O%5%s%W%k$N%m%0%$%s9=@.%U%!%$%k$G$9!#.(J
Login1 { sample.SampleLoginModule required debug=true; }; Login2 { sample.SampleLoginModule required; com.sun.security.auth.module.NTLoginModule sufficient; com.foo.SmartCard requisite debug=true; com.foo.Kerberos optional debug=true; };

.$B%"%W%j%1!<%7%g%s.(J Login1 .$B$O!"9=@.:Q$_$N%m%0%$%s%b%8%e!<%k$N.(J SampleLoginModule .$B$N$_$rJ];}$7$^$9!#.(J .$B$3$N$?$a!".(JLogin1 .$B$,%5%V%8%'%/%H.(J (.$B%f!<%6$^$?$O%5!<%S%9.(J) .$B$rG'>Z$7$h$&$H$9$k;n$_$O!".(JSampleLoginModule .$B$,@.8y$7$?>l9g$K$N$_@.8y$7$^$9!#.(J
.$B%"%W%j%1!<%7%g%s.(J Login2 .$B$NG'>Z%m%8%C%/$O!"0J2<$NI=$G4JC1$K@bL@$G$-$^$9!#.(J .$BCm.(J: required.$B!".(Jsufficient.$B!".(Jrequisite.$B!"$*$h$S.(Joptional .$B$N3F%U%i%0$K$D$$$F$O!".(JConfiguration .$B$N.(J javadoc .$B%I%-%e%a%s%H$r;2>H$7$F$/$@$5$$!#.(J

Login2 .$B$NG'>Z>uBV.(J

SampleLoginModule required .$B@.8y.(J .$B@.8y.(J .$B@.8y.(J .$B@.8y.(J .$B<:GT.(J .$B<:GT.(J .$B<:GT.(J .$B<:GT.(J

NTLoginModule sufficient .$B@.8y.(J .$B<:GT.(J .$B<:GT.(J .$B<:GT.(J .$B@.8y.(J .$B<:GT.(J .$B<:GT.(J .$B<:GT.(J

SmartCard requisite * .$B@.8y.(J .$B@.8y.(J .$B<:GT.(J * .$B@.8y.(J .$B@.8y.(J .$B<:GT.(J

Kerberos optional * .$B@.8y.(J .$B<:GT.(J * * .$B@.8y.(J .$B<:GT.(J *

.$BA4BN$NG'>Z.(J .$B@.8y.(J .$B@.8y.(J .$B@.8y.(J .$B<:GT.(J .$B<:GT.(J .$B<:GT.(J .$B<:GT.(J .$B<:GT.(J

* = .$BA0$N.(J requisite .$B%b%8%e!<%k$,<:GT$9$k$+!"$^$?$OA0$N.(J sufficient .$B%b%8%e!<%k$,@.8y$7$?$?$a!"%"%W%j%1!<%7%g%s$K@)8f$,JV$5$l$k$N$G!"$3$NCM$OHyL/$KJQ2=$7$^$9!#.(J

.$B:G=*99?7F|.(J: 2001 .$BG/.(J 8 .$B7n.(J 8 .$BF|.(J

Login2 .$B$NG'>Z>uBV.(J
SampleLoginModule	required	.$B@.8y.(J	.$B@.8y.(J	.$B@.8y.(J	.$B@.8y.(J	.$B<:GT.(J	.$B<:GT.(J	.$B<:GT.(J	.$B<:GT.(J
NTLoginModule	sufficient	.$B@.8y.(J	.$B<:GT.(J	.$B<:GT.(J	.$B<:GT.(J	.$B@.8y.(J	.$B<:GT.(J	.$B<:GT.(J	.$B<:GT.(J
SmartCard	requisite	*	.$B@.8y.(J	.$B@.8y.(J	.$B<:GT.(J	*	.$B@.8y.(J	.$B@.8y.(J	.$B<:GT.(J
Kerberos	optional	*	.$B@.8y.(J	.$B<:GT.(J	*	*	.$B@.8y.(J	.$B<:GT.(J	*
.$BA4BN$NG'>Z.(J		.$B@.8y.(J	.$B@.8y.(J	.$B@.8y.(J	.$B<:GT.(J	.$B<:GT.(J	.$B<:GT.(J	.$B<:GT.(J	.$B<:GT.(J

JavaTM .$BG'>Z!&>5G'%5!<%S%9.(J (JAAS)

.$B%j%U%!%l%s%9%,%$%I.(J

JavaTM 2 SDK, Standard Edition, v 1.4

doAsPrivileged .$B%a%=%C%I.(J

doAs .$B$H.(J doAsPrivileged

Destroyable

.$B%m%0%$%s9=@.%W%m%P%$%@.(J

.$B%m%0%$%s9=@..(J URL

.$B%]%j%7!<%W%m%P%$%@.(J

.$B%]%j%7!<%U%!%$%k.(J URL

.$B%5%s%W%k%^%9%?!<%;%-%e%j%F%#%W%m%Q%F%#%U%!%$%k.(J

Java^TM .$BG'>Z!&>5G'%5!<%S%9.(J (JAAS)

Java^TM 2 SDK, Standard Edition, v 1.4