Module java.base
Package javax.security.auth

Class Subject

java.lang.Object
javax.security.auth.Subject
All Implemented Interfaces:
Serializable
public final class Subject extends Object implements Serializable

A Subject represents a grouping of related information for a single entity, such as a person. Such information includes the Subject's identities as well as its security-related attributes (passwords and cryptographic keys, for example).

Subjects may potentially have multiple identities. Each identity is represented as a Principal within the Subject. Principals simply bind names to a Subject. For example, a Subject that happens to be a person, Alice, might have two Principals: one which binds "Alice Bar", the name on her driver license, to the Subject, and another which binds, "999-99-9999", the number on her student identification card, to the Subject. Both Principals refer to the same Subject even though each has a different name.

A Subject may also own security-related attributes, which are referred to as credentials. Sensitive credentials that require special protection, such as private cryptographic keys, are stored within a private credential Set. Credentials intended to be shared, such as public key certificates or Kerberos server tickets are stored within a public credential Set. Different permissions are required to access and modify the different credential Sets.

To retrieve all the Principals associated with a Subject, invoke the getPrincipals method. To retrieve all the public or private credentials belonging to a Subject, invoke the getPublicCredentials method or getPrivateCredentials method, respectively. To modify the returned Set of Principals and credentials, use the methods defined in the Set class. For example: 

      Subject subject;
      Principal principal;
      Object credential;

      // add a Principal and credential to the Subject
      subject.getPrincipals().add(principal);
      subject.getPublicCredentials().add(credential);

This Subject class implements Serializable. While the Principals associated with the Subject are serialized, the credentials associated with the Subject are not. Note that the java.security.Principal class does not implement Serializable. Therefore, all concrete Principal implementations associated with Subjects must implement Serializable.

Since:
1.4
See Also:

  • Constructor Details

    • Subject

      public Subject()
      Create an instance of a Subject with an empty Set of Principals and empty Sets of public and private credentials.

      The newly constructed Sets check whether this Subject has been set read-only before permitting subsequent modifications. The newly created Sets also prevent illegal modifications by ensuring that callers have sufficient permissions. These Sets also prohibit null elements, and attempts to add, query, or remove a null element will result in a NullPointerException.

      To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals"). To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials"). To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials").

    • Subject

      public Subject(boolean readOnly, Set<? extends Principal> principals, Set<?> pubCredentials, Set<?> privCredentials)
      Create an instance of a Subject with Principals and credentials.

      The Principals and credentials from the specified Sets are copied into newly constructed Sets. These newly created Sets check whether this Subject has been set read-only before permitting subsequent modifications. The newly created Sets also prevent illegal modifications by ensuring that callers have sufficient permissions. These Sets also prohibit null elements, and attempts to add, query, or remove a null element will result in a NullPointerException.

      To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals"). To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials"). To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials").

      Parameters:
      readOnly - true if the Subject is to be read-only, and false otherwise.
      principals - the Set of Principals to be associated with this Subject.
      pubCredentials - the Set of public credentials to be associated with this Subject.
      privCredentials - the Set of private credentials to be associated with this Subject.
      Throws:
      NullPointerException - if the specified principals, pubCredentials, or privCredentials are null, or a null value exists within any of these three Sets.

  • Method Details

    • setReadOnly

      public void setReadOnly()
      Set this Subject to be read-only.

      Modifications (additions and removals) to this Subject's Principal Set and credential Sets will be disallowed. The destroy operation on this Subject's credentials will still be permitted.

      Subsequent attempts to modify the Subject's Principal and credential Sets will result in an IllegalStateException being thrown. Also, once a Subject is read-only, it can not be reset to being writable again.

      Throws:
      SecurityException - if a security manager is installed and the caller does not have an AuthPermission("setReadOnly") permission to set this Subject to be read-only.

    • isReadOnly

      public boolean isReadOnly()
      Query whether this Subject is read-only.
      Returns:
      true if this Subject is read-only, false otherwise.

    • getSubject

      @Deprecated(since="17", forRemoval=true) public static Subject getSubject(AccessControlContext acc)
      Deprecated, for removal: This API element is subject to removal in a future version.
      This method depends on AccessControlContext which, in conjunction with the Security Manager, is deprecated and subject to removal in a future release. However, obtaining a Subject is useful independent of the Security Manager. Thus, a replacement API named current() has been added which can be used to obtain the current subject.
      Get the Subject associated with the provided AccessControlContext.

      The AccessControlContext may contain many Subjects (from nested doAs calls). In this situation, the most recent Subject associated with the AccessControlContext is returned.

      Parameters:
      acc - the AccessControlContext from which to retrieve the Subject.
      Returns:
      the Subject associated with the provided AccessControlContext, or null if no Subject is associated with the provided AccessControlContext.
      Throws:
      SecurityException - if a security manager is installed and the caller does not have an AuthPermission("getSubject") permission to get the Subject.
      NullPointerException - if the provided AccessControlContext is null.

    • current

      public static Subject current()
      Returns the current subject.

      The current subject is installed by the callAs(javax.security.auth.Subject, java.util.concurrent.Callable<T>) method. When callAs(subject, action) is called, action is executed with subject as its current subject which can be retrieved by this method. After action is finished, the current subject is reset to its previous value. The current subject is null before the first call of callAs().

      Implementation Note:
      This method returns the same value as Subject.getSubject(AccessController.getContext()). This preserves compatibility with code that may still be calling doAs which installs the subject in an AccessControlContext. This behavior is subject to change in a future version.
      Returns:
      the current subject, or null if a current subject is not installed or the current subject is set to null.
      Since:
      18
      See Also:

    • callAs

      public static <T> T callAs(Subject subject, Callable<T> action) throws CompletionException
      Executes a Callable with subject as the current subject.
      Implementation Note:
      This method calls Subject.doAs(subject, altAction) which stores the subject in a new AccessControlContext, where altAction.run() is equivalent to action.call() and the exception thrown is modified to match the specification of this method. This preserves compatibility with code that may still be calling getSubject(AccessControlContext) which retrieves the subject from an AccessControlContext. This behavior is subject to change in a future version.
      Type Parameters:
      T - the type of value returned by the call method of action
      Parameters:
      subject - the Subject that the specified action will run as. This parameter may be null.
      action - the code to be run with subject as its current subject. Must not be null.
      Returns:
      the value returned by the call method of action
      Throws:
      NullPointerException - if action is null
      CompletionException - if action.call() throws an exception. The cause of the CompletionException is set to the exception thrown by action.call().
      Since:
      18
      See Also:

    • doAs

      @Deprecated(since="18", forRemoval=true) public static <T> T doAs(Subject subject, PrivilegedAction<T> action)
      Deprecated, for removal: This API element is subject to removal in a future version.
      This method depends on AccessControlContext which, in conjunction with the Security Manager, is deprecated and subject to removal in a future release. However, performing work as a Subject is useful independent of the Security Manager. Thus, a replacement API named callAs(javax.security.auth.Subject, java.util.concurrent.Callable<T>) has been added which can be used to perform the same work.
      Perform work as a particular Subject.

      This method first retrieves the current Thread's AccessControlContext via AccessController.getContext, and then instantiates a new AccessControlContext using the retrieved context along with a new SubjectDomainCombiner (constructed using the provided Subject). Finally, this method invokes AccessController.doPrivileged, passing it the provided PrivilegedAction, as well as the newly constructed AccessControlContext.

      Type Parameters:
      T - the type of the value returned by the PrivilegedAction's run method.
      Parameters:
      subject - the Subject that the specified action will run as. This parameter may be null.
      action - the code to be run as the specified Subject.
      Returns:
      the value returned by the PrivilegedAction's run method.
      Throws:
      NullPointerException - if the PrivilegedAction is null.
      SecurityException - if a security manager is installed and the caller does not have an AuthPermission("doAs") permission to invoke this method.

    • doAs

      @Deprecated(since="18", forRemoval=true) public static <T> T doAs(Subject subject, PrivilegedExceptionAction<T> action) throws PrivilegedActionException
      Deprecated, for removal: This API element is subject to removal in a future version.
      This method depends on AccessControlContext which, in conjunction with the Security Manager, is deprecated and subject to removal in a future release. However, performing work as a Subject is useful independent of the Security Manager. Thus, a replacement API named callAs(javax.security.auth.Subject, java.util.concurrent.Callable<T>) has been added which can be used to perform the same work.
      Perform work as a particular Subject.

      This method first retrieves the current Thread's AccessControlContext via AccessController.getContext, and then instantiates a new AccessControlContext using the retrieved context along with a new SubjectDomainCombiner (constructed using the provided Subject). Finally, this method invokes AccessController.doPrivileged, passing it the provided PrivilegedExceptionAction, as well as the newly constructed AccessControlContext.

      Type Parameters:
      T - the type of the value returned by the PrivilegedExceptionAction's run method.
      Parameters:
      subject - the Subject that the specified action will run as. This parameter may be null.
      action - the code to be run as the specified Subject.
      Returns:
      the value returned by the PrivilegedExceptionAction's run method.
      Throws:
      PrivilegedActionException - if the PrivilegedExceptionAction.run method throws a checked exception.
      NullPointerException - if the specified PrivilegedExceptionAction is null.
      SecurityException - if a security manager is installed and the caller does not have an AuthPermission("doAs") permission to invoke this method.

    • doAsPrivileged

      @Deprecated(since="17", forRemoval=true) public static <T> T doAsPrivileged(Subject subject, PrivilegedAction<T> action, AccessControlContext acc)
      Deprecated, for removal: This API element is subject to removal in a future version.
      This method is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release. Consequently, this method is also deprecated and subject to removal. There is no replacement for the Security Manager or this method.
      Perform privileged work as a particular Subject.

      This method behaves exactly as Subject.doAs, except that instead of retrieving the current Thread's AccessControlContext, it uses the provided AccessControlContext. If the provided AccessControlContext is null, this method instantiates a new AccessControlContext with an empty collection of ProtectionDomains.

      Type Parameters:
      T - the type of the value returned by the PrivilegedAction's run method.
      Parameters:
      subject - the Subject that the specified action will run as. This parameter may be null.
      action - the code to be run as the specified Subject.
      acc - the AccessControlContext to be tied to the specified subject and action.
      Returns:
      the value returned by the PrivilegedAction's run method.
      Throws:
      NullPointerException - if the PrivilegedAction is null.
      SecurityException - if a security manager is installed and the caller does not have a AuthPermission("doAsPrivileged") permission to invoke this method.

    • doAsPrivileged

      @Deprecated(since="17", forRemoval=true) public static <T> T doAsPrivileged(Subject subject, PrivilegedExceptionAction<T> action,