javax.security.auth: public final class: Subject

javax.security.auth
public final class: Subject [javadoc | source]

java.lang.Object
   javax.security.auth.Subject

All Implemented Interfaces:
java$io$Serializable

A Subject represents a grouping of related information for a single entity, such as a person. Such information includes the Subject's identities as well as its security-related attributes (passwords and cryptographic keys, for example).

Subjects may potentially have multiple identities. Each identity is represented as a Principal within the Subject. Principals simply bind names to a Subject. For example, a Subject that happens to be a person, Alice, might have two Principals: one which binds "Alice Bar", the name on her driver license, to the Subject, and another which binds, "999-99-9999", the number on her student identification card, to the Subject. Both Principals refer to the same Subject even though each has a different name.

A Subject may also own security-related attributes, which are referred to as credentials. Sensitive credentials that require special protection, such as private cryptographic keys, are stored within a private credential Set. Credentials intended to be shared, such as public key certificates or Kerberos server tickets are stored within a public credential Set. Different permissions are required to access and modify the different credential Sets.

To retrieve all the Principals associated with a Subject, invoke the getPrincipals method. To retrieve all the public or private credentials belonging to a Subject, invoke the getPublicCredentials method or getPrivateCredentials method, respectively. To modify the returned Set of Principals and credentials, use the methods defined in the Set class. For example:

     Subject subject;
     Principal principal;
     Object credential;

     // add a Principal and credential to the Subject
     subject.getPrincipals().add(principal);
     subject.getPublicCredentials().add(credential);

This Subject class implements Serializable. While the Principals associated with the Subject are serialized, the credentials associated with the Subject are not. Note that the java.security.Principal class does not implement Serializable. Therefore all concrete Principal implementations associated with Subjects must implement Serializable.

Also see:

java.security.Principal

java.security.DomainCombiner

Nested Class Summary:
static class	Subject.AuthPermissionHolder

Field Summary

Field Summary
Set<Principal>	principals	A `Set` that provides a view of all of this Subject's Principals serial: `Each` - element in this set is a `java.security.Principal`. The set is a `Subject.SecureSet`.
transient Set<Object>	pubCredentials	Sets that provide a view of all of this Subject's Credentials
transient Set<Object>	privCredentials

Set<Principal>

principals

A Set that provides a view of all of this Subject's Principals

serial: Each - element in this set is a java.security.Principal. The set is a Subject.SecureSet.

transient Set<Object> pubCredentials Sets that provide a view of all of this Subject's Credentials

transient Set<Object> privCredentials

Constructor:

Constructor:
public Subject() { this.principals = Collections.synchronizedSet (new SecureSet< Principal >(this, PRINCIPAL_SET)); this.pubCredentials = Collections.synchronizedSet (new SecureSet< Object >(this, PUB_CREDENTIAL_SET)); this.privCredentials = Collections.synchronizedSet (new SecureSet< Object >(this, PRIV_CREDENTIAL_SET)); } Create an instance of a `Subject` with an empty `Set` of Principals and empty Sets of public and private credentials. The newly constructed Sets check whether this `Subject` has been set read-only before permitting subsequent modifications. The newly created Sets also prevent illegal modifications by ensuring that callers have sufficient permissions. To modify the Principals Set, the caller must have `AuthPermission("modifyPrincipals")`. To modify the public credential Set, the caller must have `AuthPermission("modifyPublicCredentials")`. To modify the private credential Set, the caller must have `AuthPermission("modifyPrivateCredentials")`.
public Subject(boolean readOnly, Set<Principal> principals, Set<?> pubCredentials, Set<?> privCredentials) { if (principals == null \|\| pubCredentials == null \|\| privCredentials == null) throw new NullPointerException (ResourcesMgr.getString("invalid.null.input.s.")); this.principals = Collections.synchronizedSet(new SecureSet< Principal > (this, PRINCIPAL_SET, principals)); this.pubCredentials = Collections.synchronizedSet(new SecureSet< Object > (this, PUB_CREDENTIAL_SET, pubCredentials)); this.privCredentials = Collections.synchronizedSet(new SecureSet< Object > (this, PRIV_CREDENTIAL_SET, privCredentials)); this.readOnly = readOnly; } Create an instance of a `Subject` with Principals and credentials. The Principals and credentials from the specified Sets are copied into newly constructed Sets. These newly created Sets check whether this `Subject` has been set read-only before permitting subsequent modifications. The newly created Sets also prevent illegal modifications by ensuring that callers have sufficient permissions. To modify the Principals Set, the caller must have `AuthPermission("modifyPrincipals")`. To modify the public credential Set, the caller must have `AuthPermission("modifyPublicCredentials")`. To modify the private credential Set, the caller must have `AuthPermission("modifyPrivateCredentials")`. Parameters: `readOnly` - true if the `Subject` is to be read-only, and false otherwise. `principals` - the `Set` of Principals to be associated with this `Subject`. `pubCredentials` - the `Set` of public credentials to be associated with this `Subject`. `privCredentials` - the `Set` of private credentials to be associated with this `Subject`. Throws: `NullPointerException` - if the specified `principals`, `pubCredentials`, or `privCredentials` are `null`. exception: `NullPointerException` - if the specified `principals`, `pubCredentials`, or `privCredentials` are `null`.

 public Subject() {
        this.principals = Collections.synchronizedSet
                        (new SecureSet< Principal >(this, PRINCIPAL_SET));
        this.pubCredentials = Collections.synchronizedSet
                        (new SecureSet< Object >(this, PUB_CREDENTIAL_SET));
        this.privCredentials = Collections.synchronizedSet
                        (new SecureSet< Object >(this, PRIV_CREDENTIAL_SET));
}

Create an instance of a Subject with an empty Set of Principals and empty Sets of public and private credentials.

The newly constructed Sets check whether this Subject has been set read-only before permitting subsequent modifications. The newly created Sets also prevent illegal modifications by ensuring that callers have sufficient permissions.

To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals"). To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials"). To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials").

 public Subject(boolean readOnly,
    Set<Principal> principals,
    Set<?> pubCredentials,
    Set<?> privCredentials) {
        if (principals == null ||
            pubCredentials == null ||
            privCredentials == null)
            throw new NullPointerException
                (ResourcesMgr.getString("invalid.null.input.s."));
        this.principals = Collections.synchronizedSet(new SecureSet< Principal >
                                (this, PRINCIPAL_SET, principals));
        this.pubCredentials = Collections.synchronizedSet(new SecureSet< Object >
                                (this, PUB_CREDENTIAL_SET, pubCredentials));
        this.privCredentials = Collections.synchronizedSet(new SecureSet< Object >
                                (this, PRIV_CREDENTIAL_SET, privCredentials));
        this.readOnly = readOnly;
}

Subject

The Principals and credentials from the specified Sets are copied into newly constructed Sets. These newly created Sets check whether this Subject has been set read-only before permitting subsequent modifications. The newly created Sets also prevent illegal modifications by ensuring that callers have sufficient permissions.

Parameters:

readOnly - true if the Subject is to be read-only, and false otherwise.

principals - the Set of Principals to be associated with this Subject.

pubCredentials - the Set of public credentials to be associated with this Subject.

privCredentials - the Set of private credentials to be associated with this Subject.

Throws:

NullPointerException - if the specified principals, pubCredentials, or privCredentials are null.

exception: NullPointerException - if the specified principals, pubCredentials, or privCredentials are null.

Method from javax.security.auth.Subject Summary:
doAs, doAs, doAsPrivileged, doAsPrivileged, equals, getPrincipals, getPrincipals, getPrivateCredentials, getPrivateCredentials, getPublicCredentials, getPublicCredentials, getSubject, hashCode, isReadOnly, setReadOnly, toString, toString

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from javax.security.auth.Subject Detail:
public static T doAs(Subject subject, PrivilegedAction<T> action) { java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION); } if (action == null) throw new NullPointerException (ResourcesMgr.getString("invalid.null.action.provided")); // set up the new Subject-based AccessControlContext // for doPrivileged final AccessControlContext currentAcc = AccessController.getContext(); // call doPrivileged and push this new context on the stack return java.security.AccessController.doPrivileged (action, createContext(subject, currentAcc)); } Perform work as a particular `Subject`. This method first retrieves the current Thread's `AccessControlContext` via `AccessController.getContext`, and then instantiates a new `AccessControlContext` using the retrieved context along with a new `SubjectDomainCombiner` (constructed using the provided `Subject`). Finally, this method invokes `AccessController.doPrivileged`, passing it the provided `PrivilegedAction`, as well as the newly constructed `AccessControlContext`.
public static T doAs(Subject subject, PrivilegedExceptionAction<T> action) throws PrivilegedActionException { java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION); } if (action == null) throw new NullPointerException (ResourcesMgr.getString("invalid.null.action.provided")); // set up the new Subject-based AccessControlContext for doPrivileged final AccessControlContext currentAcc = AccessController.getContext(); // call doPrivileged and push this new context on the stack return java.security.AccessController.doPrivileged (action, createContext(subject, currentAcc)); } Perform work as a particular `Subject`. This method first retrieves the current Thread's `AccessControlContext` via `AccessController.getContext`, and then instantiates a new `AccessControlContext` using the retrieved context along with a new `SubjectDomainCombiner` (constructed using the provided `Subject`). Finally, this method invokes `AccessController.doPrivileged`, passing it the provided `PrivilegedExceptionAction`, as well as the newly constructed `AccessControlContext`.
public static T doAsPrivileged(Subject subject, PrivilegedAction<T> action, AccessControlContext acc) { java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION); } if (action == null) throw new NullPointerException (ResourcesMgr.getString("invalid.null.action.provided")); // set up the new Subject-based AccessControlContext // for doPrivileged final AccessControlContext callerAcc = (acc == null ? new AccessControlContext(NULL_PD_ARRAY) : acc); // call doPrivileged and push this new context on the stack return java.security.AccessController.doPrivileged (action, createContext(subject, callerAcc)); } Perform privileged work as a particular `Subject`. This method behaves exactly as `Subject.doAs`, except that instead of retrieving the current Thread's `AccessControlContext`, it uses the provided `AccessControlContext`. If the provided `AccessControlContext` is `null`, this method instantiates a new `AccessControlContext` with an empty collection of ProtectionDomains.
public static T doAsPrivileged(Subject subject, PrivilegedExceptionAction<T> action, AccessControlContext acc) throws PrivilegedActionException { java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION); } if (action == null) throw new NullPointerException (ResourcesMgr.getString("invalid.null.action.provided")); // set up the new Subject-based AccessControlContext for doPrivileged final AccessControlContext callerAcc = (acc == null ? new AccessControlContext(NULL_PD_ARRAY) : acc); // call doPrivileged and push this new context on the stack return java.security.AccessController.doPrivileged (action, createContext(subject, callerAcc)); } Perform privileged work as a particular `Subject`. This method behaves exactly as `Subject.doAs`, except that instead of retrieving the current Thread's `AccessControlContext`, it uses the provided `AccessControlContext`. If the provided `AccessControlContext` is `null`, this method instantiates a new `AccessControlContext` with an empty collection of ProtectionDomains.
public boolean equals(Object o) { if (o == null) return false; if (this == o) return true; if (o instanceof Subject) { final Subject that = (Subject)o; // check the principal and credential sets Set< Principal > thatPrincipals; synchronized(that.principals) { // avoid deadlock from dual locks thatPrincipals = new HashSet< Principal >(that.principals); } if (!principals.equals(thatPrincipals)) { return false; } Set< Object > thatPubCredentials; synchronized(that.pubCredentials) { // avoid deadlock from dual locks thatPubCredentials = new HashSet< Object >(that.pubCredentials); } if (!pubCredentials.equals(thatPubCredentials)) { return false; } Set< Object > thatPrivCredentials; synchronized(that.privCredentials) { // avoid deadlock from dual locks thatPrivCredentials = new HashSet< Object >(that.privCredentials); } if (!privCredentials.equals(thatPrivCredentials)) { return false; } return true; } return false; } Compares the specified Object with this `Subject` for equality. Returns true if the given object is also a Subject and the two `Subject` instances are equivalent. More formally, two `Subject` instances are equal if their `Principal` and `Credential` Sets are equal.
public Set<Principal> getPrincipals() { // always return an empty Set instead of null // so LoginModules can add to the Set if necessary return principals; } Return the `Set` of Principals associated with this `Subject`. Each `Principal` represents an identity for this `Subject`. The returned `Set` is backed by this Subject's internal `Principal` `Set`. Any modification to the returned `Set` affects the internal `Principal` `Set` as well.
public Set<T> getPrincipals(Class<T> c) { if (c == null) throw new NullPointerException (ResourcesMgr.getString("invalid.null.Class.provided")); // always return an empty Set instead of null // so LoginModules can add to the Set if necessary return new ClassSet< T >(PRINCIPAL_SET, c); } Return a `Set` of Principals associated with this `Subject` that are instances or subclasses of the specified `Class`. The returned `Set` is not backed by this Subject's internal `Principal` `Set`. A new `Set` is created and returned for each method invocation. Modifications to the returned `Set` will not affect the internal `Principal` `Set`.
public Set<Object> getPrivateCredentials() { // XXX // we do not need a security check for // AuthPermission(getPrivateCredentials) // because we already restrict access to private credentials // via the PrivateCredentialPermission. all the extra AuthPermission // would do is protect the set operations themselves // (like size()), which don't seem security-sensitive. // always return an empty Set instead of null // so LoginModules can add to the Set if necessary return privCredentials; } Return the `Set` of private credentials held by this `Subject`. The returned `Set` is backed by this Subject's internal private Credential `Set`. Any modification to the returned `Set` affects the internal private Credential `Set` as well. A caller requires permissions to access the Credentials in the returned `Set`, or to modify the `Set` itself. A `SecurityException` is thrown if the caller does not have the proper permissions. While iterating through the `Set`, a `SecurityException` is thrown if the caller does not have permission to access a particular Credential. The `Iterator` is nevertheless advanced to next element in the `Set`.
public Set<T> getPrivateCredentials(Class<T> c) { // XXX // we do not need a security check for // AuthPermission(getPrivateCredentials) // because we already restrict access to private credentials // via the PrivateCredentialPermission. all the extra AuthPermission // would do is protect the set operations themselves // (like size()), which don't seem security-sensitive. if (c == null) throw new NullPointerException (ResourcesMgr.getString("invalid.null.Class.provided")); // always return an empty Set instead of null // so LoginModules can add to the Set if necessary return new ClassSet< T >(PRIV_CREDENTIAL_SET, c); } Return a `Set` of private credentials associated with this `Subject` that are instances or subclasses of the specified `Class`. The caller must have permission to access all of the requested Credentials, or a `SecurityException` will be thrown. The returned `Set` is not backed by this Subject's internal private Credential `Set`. A new `Set` is created and returned for each method invocation. Modifications to the returned `Set` will not affect the internal private Credential `Set`.
public Set<Object> getPublicCredentials() { // always return an empty Set instead of null // so LoginModules can add to the Set if necessary return pubCredentials; } Return the `Set` of public credentials held by this `Subject`. The returned `Set` is backed by this Subject's internal public Credential `Set`. Any modification to the returned `Set` affects the internal public Credential `Set` as well.
public Set<T> getPublicCredentials(Class<T> c) { if (c == null) throw new NullPointerException (ResourcesMgr.getString("invalid.null.Class.provided")); // always return an empty Set instead of null // so LoginModules can add to the Set if necessary return new ClassSet< T >(PUB_CREDENTIAL_SET, c); } Return a `Set` of public credentials associated with this `Subject` that are instances or subclasses of the specified `Class`. The returned `Set` is not backed by this Subject's internal public Credential `Set`. A new `Set` is created and returned for each method invocation. Modifications to the returned `Set` will not affect the internal public Credential `Set`.
public static Subject getSubject(AccessControlContext acc) { java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(AuthPermissionHolder.GET_SUBJECT_PERMISSION); } if (acc == null) { throw new NullPointerException(ResourcesMgr.getString ("invalid.null.AccessControlContext.provided")); } // return the Subject from the DomainCombiner of the provided context return AccessController.doPrivileged (new java.security.PrivilegedAction< Subject >() { public Subject run() { DomainCombiner dc = acc.getDomainCombiner(); if (!(dc instanceof SubjectDomainCombiner)) return null; SubjectDomainCombiner sdc = (SubjectDomainCombiner)dc; return sdc.getSubject(); } }); } Get the `Subject` associated with the provided `AccessControlContext`. The `AccessControlContext` may contain many Subjects (from nested `doAs` calls). In this situation, the most recent `Subject` associated with the `AccessControlContext` is returned.
public int hashCode() { /** * The hashcode is derived exclusive or-ing the * hashcodes of this Subject's Principals and credentials. * * If a particular credential was destroyed * (< code >credential.hashCode()< /code > throws an * < code >IllegalStateException< /code >), * the hashcode for that credential is derived via: * < code >credential.getClass().toString().hashCode()< /code >. */ int hashCode = 0; synchronized(principals) { Iterator< Principal > pIterator = principals.iterator(); while (pIterator.hasNext()) { Principal p = pIterator.next(); hashCode ^= p.hashCode(); } } synchronized(pubCredentials) { Iterator< Object > pubCIterator = pubCredentials.iterator(); while (pubCIterator.hasNext()) { hashCode ^= getCredHashCode(pubCIterator.next()); } } return hashCode; } Returns a hashcode for this `Subject`.
public boolean isReadOnly() { return this.readOnly; } Query whether this `Subject` is read-only.
public void setReadOnly() { java.lang.SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(AuthPermissionHolder.SET_READ_ONLY_PERMISSION); } this.readOnly = true; } Set this `Subject` to be read-only. Modifications (additions and removals) to this Subject's `Principal` `Set` and credential Sets will be disallowed. The `destroy` operation on this Subject's credentials will still be permitted. Subsequent attempts to modify the Subject's `Principal` and credential Sets will result in an `IllegalStateException` being thrown. Also, once a `Subject` is read-only, it can not be reset to being writable again.
public String toString() { return toString(true); } Return the String representation of this `Subject`.
String toString(boolean includePrivateCredentials) { String s = ResourcesMgr.getString("Subject."); String suffix = ""; synchronized(principals) { Iterator< Principal > pI = principals.iterator(); while (pI.hasNext()) { Principal p = pI.next(); suffix = suffix + ResourcesMgr.getString(".Principal.") + p.toString() + ResourcesMgr.getString("NEWLINE"); } } synchronized(pubCredentials) { Iterator< Object > pI = pubCredentials.iterator(); while (pI.hasNext()) { Object o = pI.next(); suffix = suffix + ResourcesMgr.getString(".Public.Credential.") + o.toString() + ResourcesMgr.getString("NEWLINE"); } } if (includePrivateCredentials) { synchronized(privCredentials) { Iterator< Object > pI = privCredentials.iterator(); while (pI.hasNext()) { try { Object o = pI.next(); suffix += ResourcesMgr.getString (".Private.Credential.") + o.toString() + ResourcesMgr.getString("NEWLINE"); } catch (SecurityException se) { suffix += ResourcesMgr.getString (".Private.Credential.inaccessible."); break; } } } } return s + suffix; } package private convenience method to print out the Subject without firing off a security check when trying to access the Private Credentials

Method from javax.security.auth.Subject Detail:

 public static T doAs(Subject subject,
    PrivilegedAction<T> action) {
        java.lang.SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION);
        }
        if (action == null)
            throw new NullPointerException
                (ResourcesMgr.getString("invalid.null.action.provided"));
        // set up the new Subject-based AccessControlContext
        // for doPrivileged
        final AccessControlContext currentAcc = AccessController.getContext();
        // call doPrivileged and push this new context on the stack
        return java.security.AccessController.doPrivileged
                                        (action,
                                        createContext(subject, currentAcc));
}

Subject

This method first retrieves the current Thread's AccessControlContext via AccessController.getContext, and then instantiates a new AccessControlContext using the retrieved context along with a new SubjectDomainCombiner (constructed using the provided Subject). Finally, this method invokes AccessController.doPrivileged, passing it the provided PrivilegedAction, as well as the newly constructed AccessControlContext.

 public static T doAs(Subject subject,
    PrivilegedExceptionAction<T> action) throws PrivilegedActionException {
        java.lang.SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(AuthPermissionHolder.DO_AS_PERMISSION);
        }
        if (action == null)
            throw new NullPointerException
                (ResourcesMgr.getString("invalid.null.action.provided"));
        // set up the new Subject-based AccessControlContext for doPrivileged
        final AccessControlContext currentAcc = AccessController.getContext();
        // call doPrivileged and push this new context on the stack
        return java.security.AccessController.doPrivileged
                                        (action,
                                        createContext(subject, currentAcc));
}

Subject

This method first retrieves the current Thread's AccessControlContext via AccessController.getContext, and then instantiates a new AccessControlContext using the retrieved context along with a new SubjectDomainCombiner (constructed using the provided Subject). Finally, this method invokes AccessController.doPrivileged, passing it the provided PrivilegedExceptionAction, as well as the newly constructed AccessControlContext.

 public static T doAsPrivileged(Subject subject,
    PrivilegedAction<T> action,
    AccessControlContext acc) {
        java.lang.SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION);
        }
        if (action == null)
            throw new NullPointerException
                (ResourcesMgr.getString("invalid.null.action.provided"));
        // set up the new Subject-based AccessControlContext
        // for doPrivileged
        final AccessControlContext callerAcc =
                (acc == null ?
                new AccessControlContext(NULL_PD_ARRAY) :
                acc);
        // call doPrivileged and push this new context on the stack
        return java.security.AccessController.doPrivileged
                                        (action,
                                        createContext(subject, callerAcc));
}

Subject

This method behaves exactly as Subject.doAs, except that instead of retrieving the current Thread's AccessControlContext, it uses the provided AccessControlContext. If the provided AccessControlContext is null, this method instantiates a new AccessControlContext with an empty collection of ProtectionDomains.

 public static T doAsPrivileged(Subject subject,
    PrivilegedExceptionAction<T> action,
    AccessControlContext acc) throws PrivilegedActionException {
        java.lang.SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(AuthPermissionHolder.DO_AS_PRIVILEGED_PERMISSION);
        }
        if (action == null)
            throw new NullPointerException
                (ResourcesMgr.getString("invalid.null.action.provided"));
        // set up the new Subject-based AccessControlContext for doPrivileged
        final AccessControlContext callerAcc =
                (acc == null ?
                new AccessControlContext(NULL_PD_ARRAY) :
                acc);
        // call doPrivileged and push this new context on the stack
        return java.security.AccessController.doPrivileged
                                        (action,
                                        createContext(subject, callerAcc));
}

Subject

 public boolean equals(Object o) {
        if (o == null)
            return false;
        if (this == o)
            return true;
        if (o instanceof Subject) {
            final Subject that = (Subject)o;
            // check the principal and credential sets
            Set< Principal > thatPrincipals;
            synchronized(that.principals) {
                // avoid deadlock from dual locks
                thatPrincipals = new HashSet< Principal >(that.principals);
            }
            if (!principals.equals(thatPrincipals)) {
                return false;
            }
            Set< Object > thatPubCredentials;
            synchronized(that.pubCredentials) {
                // avoid deadlock from dual locks
                thatPubCredentials = new HashSet< Object >(that.pubCredentials);
            }
            if (!pubCredentials.equals(thatPubCredentials)) {
                return false;
            }
            Set< Object > thatPrivCredentials;
            synchronized(that.privCredentials) {
                // avoid deadlock from dual locks
                thatPrivCredentials = new HashSet< Object >(that.privCredentials);
            }
            if (!privCredentials.equals(thatPrivCredentials)) {
                return false;
            }
            return true;
        }
        return false;
}

Subject

Principal

Credential

 public Set<Principal> getPrincipals() {
        // always return an empty Set instead of null
        // so LoginModules can add to the Set if necessary
        return principals;
}

Set

Subject

Principal

Subject

The returned Set is backed by this Subject's internal Principal Set. Any modification to the returned Set affects the internal Principal Set as well.

 public Set<T> getPrincipals(Class<T> c) {
        if (c == null)
            throw new NullPointerException
                (ResourcesMgr.getString("invalid.null.Class.provided"));
        // always return an empty Set instead of null
        // so LoginModules can add to the Set if necessary
        return new ClassSet< T >(PRINCIPAL_SET, c);
}

Set

Subject

Class

The returned Set is not backed by this Subject's internal Principal Set. A new Set is created and returned for each method invocation. Modifications to the returned Set will not affect the internal Principal Set.

 public Set<Object> getPrivateCredentials() {
        // XXX
        // we do not need a security check for
        // AuthPermission(getPrivateCredentials)
        // because we already restrict access to private credentials
        // via the PrivateCredentialPermission.  all the extra AuthPermission
        // would do is protect the set operations themselves
        // (like size()), which don't seem security-sensitive.
        // always return an empty Set instead of null
        // so LoginModules can add to the Set if necessary
        return privCredentials;
}

Set

Subject

The returned Set is backed by this Subject's internal private Credential Set. Any modification to the returned Set affects the internal private Credential Set as well.

A caller requires permissions to access the Credentials in the returned Set, or to modify the Set itself. A SecurityException is thrown if the caller does not have the proper permissions.

While iterating through the Set, a SecurityException is thrown if the caller does not have permission to access a particular Credential. The Iterator is nevertheless advanced to next element in the Set.

 public Set<T> getPrivateCredentials(Class<T> c) {
        // XXX
        // we do not need a security check for
        // AuthPermission(getPrivateCredentials)
        // because we already restrict access to private credentials
        // via the PrivateCredentialPermission.  all the extra AuthPermission
        // would do is protect the set operations themselves
        // (like size()), which don't seem security-sensitive.
        if (c == null)
            throw new NullPointerException
                (ResourcesMgr.getString("invalid.null.Class.provided"));
        // always return an empty Set instead of null
        // so LoginModules can add to the Set if necessary
        return new ClassSet< T >(PRIV_CREDENTIAL_SET, c);
}

Set

Subject

Class

The caller must have permission to access all of the requested Credentials, or a SecurityException will be thrown.

The returned Set is not backed by this Subject's internal private Credential Set. A new Set is created and returned for each method invocation. Modifications to the returned Set will not affect the internal private Credential Set.

 public Set<Object> getPublicCredentials() {
        // always return an empty Set instead of null
        // so LoginModules can add to the Set if necessary
        return pubCredentials;
}

Set

Subject

The returned Set is backed by this Subject's internal public Credential Set. Any modification to the returned Set affects the internal public Credential Set as well.

 public Set<T> getPublicCredentials(Class<T> c) {
        if (c == null)
            throw new NullPointerException
                (ResourcesMgr.getString("invalid.null.Class.provided"));
        // always return an empty Set instead of null
        // so LoginModules can add to the Set if necessary
        return new ClassSet< T >(PUB_CREDENTIAL_SET, c);
}

Set

Subject

Class

The returned Set is not backed by this Subject's internal public Credential Set. A new Set is created and returned for each method invocation. Modifications to the returned Set will not affect the internal public Credential Set.

 public static Subject getSubject(AccessControlContext acc) {
        java.lang.SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(AuthPermissionHolder.GET_SUBJECT_PERMISSION);
        }
        if (acc == null) {
            throw new NullPointerException(ResourcesMgr.getString
                ("invalid.null.AccessControlContext.provided"));
        }
        // return the Subject from the DomainCombiner of the provided context
        return AccessController.doPrivileged
            (new java.security.PrivilegedAction< Subject >() {
            public Subject run() {
                DomainCombiner dc = acc.getDomainCombiner();
                if (!(dc instanceof SubjectDomainCombiner))
                    return null;
                SubjectDomainCombiner sdc = (SubjectDomainCombiner)dc;
                return sdc.getSubject();
            }
        });
}

Subject

AccessControlContext

The AccessControlContext may contain many Subjects (from nested doAs calls). In this situation, the most recent Subject associated with the AccessControlContext is returned.

 public int hashCode() {
        /**
         * The hashcode is derived exclusive or-ing the
         * hashcodes of this Subject's Principals and credentials.
         *
         * If a particular credential was destroyed
         * (< code >credential.hashCode()< /code > throws an
         * < code >IllegalStateException< /code >),
         * the hashcode for that credential is derived via:
         * < code >credential.getClass().toString().hashCode()< /code >.
         */
        int hashCode = 0;
        synchronized(principals) {
            Iterator< Principal > pIterator = principals.iterator();
            while (pIterator.hasNext()) {
                Principal p = pIterator.next();
                hashCode ^= p.hashCode();
            }
        }
        synchronized(pubCredentials) {
            Iterator< Object > pubCIterator = pubCredentials.iterator();
            while (pubCIterator.hasNext()) {
                hashCode ^= getCredHashCode(pubCIterator.next());
            }
        }
        return hashCode;
}

Subject

 public boolean isReadOnly() {
        return this.readOnly;
}

Subject

 public  void setReadOnly() {
        java.lang.SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(AuthPermissionHolder.SET_READ_ONLY_PERMISSION);
        }
        this.readOnly = true;
}

Subject

Modifications (additions and removals) to this Subject's Principal Set and credential Sets will be disallowed. The destroy operation on this Subject's credentials will still be permitted.

Subsequent attempts to modify the Subject's Principal and credential Sets will result in an IllegalStateException being thrown. Also, once a Subject is read-only, it can not be reset to being writable again.

 public String toString() {
        return toString(true);
}

Subject

 String toString(boolean includePrivateCredentials) {
        String s = ResourcesMgr.getString("Subject.");
        String suffix = "";
        synchronized(principals) {
            Iterator< Principal > pI = principals.iterator();
            while (pI.hasNext()) {
                Principal p = pI.next();
                suffix = suffix + ResourcesMgr.getString(".Principal.") +
                        p.toString() + ResourcesMgr.getString("NEWLINE");
            }
        }
        synchronized(pubCredentials) {
            Iterator< Object > pI = pubCredentials.iterator();
            while (pI.hasNext()) {
                Object o = pI.next();
                suffix = suffix +
                        ResourcesMgr.getString(".Public.Credential.") +
                        o.toString() + ResourcesMgr.getString("NEWLINE");
            }
        }
        if (includePrivateCredentials) {
            synchronized(privCredentials) {
                Iterator< Object > pI = privCredentials.iterator();
                while (pI.hasNext()) {
                    try {
                        Object o = pI.next();
                        suffix += ResourcesMgr.getString
                                        (".Private.Credential.") +
                                        o.toString() +
                                        ResourcesMgr.getString("NEWLINE");
                    } catch (SecurityException se) {
                        suffix += ResourcesMgr.getString
                                (".Private.Credential.inaccessible.");
                        break;
                    }
                }
            }
        }
        return s + suffix;
}

package private convenience method to print out the Subject without firing off a security check when trying to access the Private Credentials