- java.lang.Object
-
- javax.security.auth.Subject
-
- All Implemented Interfaces:
Serializable
public final class Subject extends Object implements Serializable
A
Subject
represents a grouping of related information for a single entity, such as a person. Such information includes the Subject's identities as well as its security-related attributes (passwords and cryptographic keys, for example).Subjects may potentially have multiple identities. Each identity is represented as a
Principal
within theSubject
. Principals simply bind names to aSubject
. For example, aSubject
that happens to be a person, Alice, might have two Principals: one which binds "Alice Bar", the name on her driver license, to theSubject
, and another which binds, "999-99-9999", the number on her student identification card, to theSubject
. Both Principals refer to the sameSubject
even though each has a different name.A
Subject
may also own security-related attributes, which are referred to as credentials. Sensitive credentials that require special protection, such as private cryptographic keys, are stored within a private credentialSet
. Credentials intended to be shared, such as public key certificates or Kerberos server tickets are stored within a public credentialSet
. Different permissions are required to access and modify the different credential Sets.To retrieve all the Principals associated with a
Subject
, invoke thegetPrincipals
method. To retrieve all the public or private credentials belonging to aSubject
, invoke thegetPublicCredentials
method orgetPrivateCredentials
method, respectively. To modify the returnedSet
of Principals and credentials, use the methods defined in theSet
class. For example:Subject subject; Principal principal; Object credential; // add a Principal and credential to the Subject subject.getPrincipals().add(principal); subject.getPublicCredentials().add(credential);
This
Subject
class implementsSerializable
. While the Principals associated with theSubject
are serialized, the credentials associated with theSubject
are not. Note that thejava.security.Principal
class does not implementSerializable
. Therefore all concretePrincipal
implementations associated with Subjects must implementSerializable
.- Since:
- 1.4
- See Also:
Principal
,DomainCombiner
, Serialized Form
-
-
Constructor Summary
Constructors Constructor Description Subject()
Create an instance of aSubject
with an emptySet
of Principals and empty Sets of public and private credentials.Subject(boolean readOnly, Set<? extends Principal> principals, Set<?> pubCredentials, Set<?> privCredentials)
Create an instance of aSubject
with Principals and credentials.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static <T> T
doAs(Subject subject, PrivilegedAction<T> action)
Perform work as a particularSubject
.static <T> T
doAs(Subject subject, PrivilegedExceptionAction<T> action)
Perform work as a particularSubject
.static <T> T
doAsPrivileged(Subject subject, PrivilegedAction<T> action, AccessControlContext acc)
Perform privileged work as a particularSubject
.static <T> T
doAsPrivileged(Subject subject, PrivilegedExceptionAction<T> action, AccessControlContext acc)
Perform privileged work as a particularSubject
.boolean
equals(Object o)
Compares the specified Object with thisSubject
for equality.Set<Principal>
getPrincipals()
Return theSet
of Principals associated with thisSubject
.<T extends Principal>
Set<T>getPrincipals(Class<T> c)
Return aSet
of Principals associated with thisSubject
that are instances or subclasses of the specifiedClass
.Set<Object>
getPrivateCredentials()
Return theSet
of private credentials held by thisSubject
.<T> Set<T>
-