javax.security.auth
Class Subject

java.lang.Object
  extended by javax.security.auth.Subject
All Implemented Interfaces:
Serializable

public final class Subject
extends Object
implements Serializable

See Also:
Serialized Form

Constructor Summary
Subject()
           
Subject(boolean readOnly, Set<? extends Principal> principals, Set<?> pubCred, Set<?> privCred)
           
 
Method Summary
static Object doAs(Subject subject, PrivilegedAction action)
          Run a method as another subject.
static Object doAs(Subject subject, PrivilegedExceptionAction action)
          Run a method as another subject.
static Object doAsPrivileged(Subject subject, PrivilegedAction action, AccessControlContext acc)
          Run a method as another subject.
static Object doAsPrivileged(Subject subject, PrivilegedExceptionAction action, AccessControlContext acc)
          Run a method as another subject.
 boolean equals(Object o)
          Determine whether this Object is semantically equal to another Object.
 Set<Principal> getPrincipals()
           
<T extends Principal>
Set<T>
getPrincipals(Class<T> clazz)
           
 Set<Object> getPrivateCredentials()
           
<T> Set<T>
getPrivateCredentials(Class<T> clazz)
           
 Set<Object> getPublicCredentials()
           
<T> Set<T>
getPublicCredentials(Class<T> clazz)
           
static Subject getSubject(AccessControlContext context)
          Returns the subject associated with the given AccessControlContext.
 int hashCode()
          Get a value that represents this Object, as uniquely as possible within the confines of an int.
 boolean isReadOnly()
          Returns whether or not this subject is read-only.
 void setReadOnly()
          Marks this subject as read-only.
 String toString()
          Convert this Object to a human-readable String.
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Constructor Detail

Subject

public Subject()

Subject

public Subject(boolean readOnly,
               Set<? extends Principal> principals,
               Set<?> pubCred,
               Set<?> privCred)
Method Detail

getSubject

public static Subject getSubject(AccessControlContext context)

Returns the subject associated with the given AccessControlContext.

All this method does is retrieve the Subject object from the supplied context's DomainCombiner, if any, and if it is an instance of a SubjectDomainCombiner.

Parameters:
context - The context to retrieve the subject from.
Returns:
The subject assoctiated with the context, or null if there is none.
Throws:
NullPointerException - If subject is null.
SecurityException - If the caller does not have permission to get the subject ("getSubject" target of AuthPermission.

doAs

public static Object doAs(Subject subject,
                          PrivilegedAction action)

Run a method as another subject. This method will obtain the current AccessControlContext for this thread, then creates another with a SubjectDomainCombiner with the given subject. The supplied action will then be run with the modified context.

Parameters:
subject - The subject to run as.
action - The action to run.
Returns:
The value returned by the privileged action.
Throws:
SecurityException - If the caller is not allowed to run under a different identity ("doAs" target of AuthPermission.

doAs

public static Object doAs(Subject subject,
                          PrivilegedExceptionAction action)
                   throws PrivilegedActionException

Run a method as another subject. This method will obtain the current AccessControlContext for this thread, then creates another with a SubjectDomainCombiner with the given subject. The supplied action will then be run with the modified context.

Parameters:
subject - The subject to run as.
action - The action to run.
Returns:
The value returned by the privileged action.
Throws:
SecurityException - If the caller is not allowed to run under a different identity ("doAs" target of AuthPermission.
PrivilegedActionException - If the action throws an exception.

doAsPrivileged

public static Object doAsPrivileged(Subject subject,
                                    PrivilegedAction action,
                                    AccessControlContext acc)

Run a method as another subject. This method will create a new AccessControlContext derived from the given one, with a SubjectDomainCombiner with the given subject. The supplied action will then be run with the modified context.

Parameters:
subject - The subject to run as.
action - The action to run.
acc - The context to use.
Returns:
The value returned by the privileged action.
Throws:
SecurityException - If the caller is not allowed to run under a different identity ("doAsPrivileged" target of AuthPermission.

doAsPrivileged

public static Object doAsPrivileged(Subject subject,
                                    PrivilegedExceptionAction action,
                                    AccessControlContext acc)
                             throws PrivilegedActionException

Run a method as another subject. This method will create a new AccessControlContext derived from the given one, with a SubjectDomainCombiner with the given subject. The supplied action will then be run with the modified context.

Parameters:
subject - The subject to run as.
action - The action to run.
acc - The context to use.
Returns:
The value returned by the privileged action.
Throws:
SecurityException - If the caller is not allowed to run under a different identity ("doAsPrivileged" target of AuthPermission.
PrivilegedActionException - If the action throws an exception.

equals

public boolean equals(Object o)
Description copied from class: Object
Determine whether this Object is semantically equal to another Object.

There are some fairly strict requirements on this method which subclasses must follow:

This is typically overridden to throw a ClassCastException if the argument is not comparable to the class performing the comparison, but that is not a requirement. It is legal for a.equals(b) to be true even though a.getClass() != b.getClass(). Also, it is typical to never cause a NullPointerException.

In general, the Collections API (java.util) use the equals method rather than the == operator to compare objects. However, IdentityHashMap is an exception to this rule, for its own good reasons.

The default implementation returns this == o.

Overrides:
equals in class Object
Parameters:
o - the Object to compare to
Returns:
whether this Object is semantically equal to another
See Also:
Object.hashCode()

getPrincipals

public Set<Principal> getPrincipals()

getPrincipals

public <T extends Principal> Set<T> getPrincipals(Class<T> clazz)

getPrivateCredentials

public Set<Object> getPrivateCredentials()

getPrivateCredentials

public <T> Set<T> getPrivateCredentials(Class<T> clazz)

getPublicCredentials

public Set<Object> getPublicCredentials()

getPublicCredentials

public <T> Set<T> getPublicCredentials(Class<T> clazz)

hashCode

public int hashCode()
Description copied from class: Object
Get a value that represents this Object, as uniquely as possible within the confines of an int.

There are some requirements on this method which subclasses must follow:

Notice that since hashCode is used in Hashtable and other hashing classes, a poor implementation will degrade the performance of hashing (so don't blindly implement it as returning a constant!). Also, if calculating the hash is time-consuming, a class may consider caching the results.

The default implementation returns System.identityHashCode(this)

Overrides:
hashCode in class Object
Returns:
the hash code for this Object
See Also:
Object.equals(Object), System.identityHashCode(Object)

isReadOnly

public boolean isReadOnly()

Returns whether or not this subject is read-only.

Returns:
True is this subject is read-only.

setReadOnly

public void setReadOnly()

Marks this subject as read-only.

Throws:
SecurityException - If the caller does not have permission to set this subject as read-only ("setReadOnly" target of AuthPermission.

toString

public String toString()
Description copied from class: Object
Convert this Object to a human-readable String. There are no limits placed on how long this String should be or what it should contain. We suggest you make it as intuitive as possible to be able to place it into System.out.println() and such.

It is typical, but not required, to ensure that this method never completes abruptly with a RuntimeException.

This method will be called when performing string concatenation with this object. If the result is null, string concatenation will instead use "null".

The default implementation returns getClass().getName() + "@" + Integer.toHexString(hashCode()).

Overrides:
toString in class Object
Returns:
the String representing this Object, which may be null
See Also:
Object.getClass(), Object.hashCode(), Class.getName(), Integer.toHexString(int)