javax.security.auth
public final class Subject extends Object implements Serializable
Constructor and Description |
---|
Subject() |
Subject(boolean readOnly,
Set<? extends Principal> principals,
Set<?> pubCred,
Set<?> privCred) |
Modifier and Type | Method and Description |
---|---|
static Object |
doAs(Subject subject,
PrivilegedAction action)
Run a method as another subject.
|
static Object |
doAs(Subject subject,
PrivilegedExceptionAction action)
Run a method as another subject.
|
static Object |
doAsPrivileged(Subject subject,
PrivilegedAction action,
AccessControlContext acc)
Run a method as another subject.
|
static Object |
doAsPrivileged(Subject subject,
PrivilegedExceptionAction action,
AccessControlContext acc)
Run a method as another subject.
|
boolean |
equals(Object o)
Determine whether this Object is semantically equal
to another Object.
|
Set<Principal> |
getPrincipals() |
<T extends Principal> |
getPrincipals(Class<T> clazz) |
Set<Object> |
getPrivateCredentials() |
<T> Set<T> |
getPrivateCredentials(Class<T> clazz) |
Set<Object> |
getPublicCredentials() |
<T> Set<T> |
getPublicCredentials(Class<T> clazz) |
static Subject |
getSubject(AccessControlContext context)
Returns the subject associated with the given
AccessControlContext . |
int |
hashCode()
Get a value that represents this Object, as uniquely as
possible within the confines of an int.
|
boolean |
isReadOnly()
Returns whether or not this subject is read-only.
|
void |
setReadOnly()
Marks this subject as read-only.
|
String |
toString()
Convert this Object to a human-readable String.
|
public Subject()
public static Subject getSubject(AccessControlContext context)
Returns the subject associated with the given AccessControlContext
.
All this method does is retrieve the Subject object from the supplied
context's DomainCombiner
, if any, and if it is an instance of
a SubjectDomainCombiner
.
context
- The context to retrieve the subject from.null
if there is none.NullPointerException
- If subject is null.SecurityException
- If the caller does not have permission to get
the subject ("getSubject"
target of AuthPermission
.public static Object doAs(Subject subject, PrivilegedAction action)
Run a method as another subject. This method will obtain the current
AccessControlContext
for this thread, then creates another with
a SubjectDomainCombiner
with the given subject. The supplied
action will then be run with the modified context.
subject
- The subject to run as.action
- The action to run.SecurityException
- If the caller is not allowed to run under a
different identity ("doAs"
target of AuthPermission
.public static Object doAs(Subject subject, PrivilegedExceptionAction action) throws PrivilegedActionException
Run a method as another subject. This method will obtain the current
AccessControlContext
for this thread, then creates another with
a SubjectDomainCombiner
with the given subject. The supplied
action will then be run with the modified context.
subject
- The subject to run as.action
- The action to run.SecurityException
- If the caller is not allowed to run under a
different identity ("doAs"
target of AuthPermission
.PrivilegedActionException
- If the action throws an exception.public static Object doAsPrivileged(Subject subject, PrivilegedAction action, AccessControlContext acc)
Run a method as another subject. This method will create a new
AccessControlContext
derived from the given one, with a
SubjectDomainCombiner
with the given subject. The supplied
action will then be run with the modified context.
subject
- The subject to run as.action
- The action to run.acc
- The context to use.SecurityException
- If the caller is not allowed to run under a
different identity ("doAsPrivileged"
target of AuthPermission
.public static Object doAsPrivileged(Subject subject, PrivilegedExceptionAction action, AccessControlContext acc) throws PrivilegedActionException
Run a method as another subject. This method will create a new
AccessControlContext
derived from the given one, with a
SubjectDomainCombiner
with the given subject. The supplied
action will then be run with the modified context.
subject
- The subject to run as.action
- The action to run.acc
- The context to use.SecurityException
- If the caller is not allowed to run under a
different identity ("doAsPrivileged"
target of
AuthPermission
.PrivilegedActionException
- If the action throws an exception.public boolean equals(Object o)
Object
There are some fairly strict requirements on this
method which subclasses must follow:
a.equals(b)
and
b.equals(c)
, then a.equals(c)
must be true as well.a.equals(b)
and
b.equals(a)
must have the same value.a.equals(a)
must
always be true.a.equals(null)
must be false.a.equals(b)
must imply
a.hashCode() == b.hashCode()
.
The reverse is not true; two objects that are not
equal may have the same hashcode, but that has
the potential to harm hashing performance.This is typically overridden to throw a ClassCastException
if the argument is not comparable to the class performing
the comparison, but that is not a requirement. It is legal
for a.equals(b)
to be true even though
a.getClass() != b.getClass()
. Also, it
is typical to never cause a NullPointerException
.
In general, the Collections API (java.util
) use the
equals
method rather than the ==
operator to compare objects. However, IdentityHashMap
is an exception to this rule, for its own good reasons.
The default implementation returns this == o
.
equals
in class Object
o
- the Object to compare toObject.hashCode()
public Set<Principal> getPrincipals()
public <T extends Principal> Set<T> getPrincipals(Class<T> clazz)
public Set<Object> getPrivateCredentials()
public <T> Set<T> getPrivateCredentials(Class<T> clazz)
public Set<Object> getPublicCredentials()
public <T> Set<T> getPublicCredentials(Class<T> clazz)
public int hashCode()
Object
There are some requirements on this method which
subclasses must follow:
a.equals(b)
is true, then
a.hashCode() == b.hashCode()
must be as well.
However, the reverse is not necessarily true, and two
objects may have the same hashcode without being equal.Notice that since hashCode
is used in
Hashtable
and other hashing classes,
a poor implementation will degrade the performance of hashing
(so don't blindly implement it as returning a constant!). Also,
if calculating the hash is time-consuming, a class may consider
caching the results.
The default implementation returns
System.identityHashCode(this)
hashCode
in class Object
Object.equals(Object)
,
System.identityHashCode(Object)
public boolean isReadOnly()
Returns whether or not this subject is read-only.
public void setReadOnly()
Marks this subject as read-only.
SecurityException
- If the caller does not have permission to
set this subject as read-only ("setReadOnly"
target of
AuthPermission
.public String toString()
Object
System.out.println()
and such.
It is typical, but not required, to ensure that this method
never completes abruptly with a RuntimeException
.
This method will be called when performing string
concatenation with this object. If the result is
null
, string concatenation will instead
use "null"
.
The default implementation returns
getClass().getName() + "@" +
Integer.toHexString(hashCode())
.
toString
in class Object
Object.getClass()
,
Object.hashCode()
,
Class.getName()
,
Integer.toHexString(int)