javax.security.auth.kerberos: public final class: DelegationPermission

javax.security.auth.kerberos
public final class: DelegationPermission [javadoc | source]

java.lang.Object
   java.security.Permission
      java.security.BasicPermission
         javax.security.auth.kerberos.DelegationPermission

All Implemented Interfaces:
Serializable, Guard

This class is used to restrict the usage of the Kerberos delegation model, ie: forwardable and proxiable tickets.

The target name of this Permission specifies a pair of kerberos service principals. The first is the subordinate service principal being entrusted to use the TGT. The second service principal designates the target service the subordinate service principal is to interact with on behalf of the initiating KerberosPrincipal. This latter service principal is specified to restrict the use of a proxiable ticket.

For example, to specify the "host" service use of a forwardable TGT the target permission is specified as follows:

DelegationPermission("\"host/foo.example.com@EXAMPLE.COM\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"");

To give the "backup" service a proxiable nfs service ticket the target permission might be specified:

DelegationPermission("\"backup/bar.example.com@EXAMPLE.COM\" \"nfs/home.EXAMPLE.COM@EXAMPLE.COM\"");

since: 1.4 -

Constructor:

Constructor:
public DelegationPermission(String principals) { super(principals); init(principals); } Create a new `DelegationPermission` with the specified subordinate and target principals. Parameters: `principals` - the name of the subordinate and target principals Throws: `NullPointerException` - if `principals` is `null`. `IllegalArgumentException` - if `principals` is empty.
public DelegationPermission(String principals, String actions) { super(principals, actions); init(principals); } Create a new `DelegationPermission` with the specified subordinate and target principals. Parameters: `principals` - the name of the subordinate and target principals `actions` - should be null. Throws: `NullPointerException` - if `principals` is `null`. `IllegalArgumentException` - if `principals` is empty.

 public DelegationPermission(String principals) {
                                           
        super(principals);
        init(principals);
}

DelegationPermission

Parameters:

principals - the name of the subordinate and target principals

Throws:

NullPointerException - if principals is null.

IllegalArgumentException - if principals is empty.

 public DelegationPermission(String principals,
    String actions) {
        super(principals, actions);
        init(principals);
}

DelegationPermission

Parameters:

principals - the name of the subordinate and target principals

actions - should be null.

Throws:

NullPointerException - if principals is null.

IllegalArgumentException - if principals is empty.

Method from javax.security.auth.kerberos.DelegationPermission Summary:
equals, hashCode, implies, newPermissionCollection

Methods from java.security.BasicPermission:
equals, getActions, getCanonicalName, hashCode, implies, newPermissionCollection

Methods from java.security.Permission:
checkGuard, equals, getActions, getName, hashCode, implies, newPermissionCollection, toString

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from javax.security.auth.kerberos.DelegationPermission Detail:
public boolean equals(Object obj) { if (obj == this) return true; if (! (obj instanceof DelegationPermission)) return false; DelegationPermission that = (DelegationPermission) obj; return implies(that); } Checks two DelegationPermission objects for equality.
public int hashCode() { return getName().hashCode(); } Returns the hash code value for this object.
public boolean implies(Permission p) { if (!(p instanceof DelegationPermission)) return false; DelegationPermission that = (DelegationPermission) p; if (this.subordinate.equals(that.subordinate) && this.service.equals(that.service)) return true; return false; } Checks if this Kerberos delegation permission object "implies" the specified permission. If none of the above are true, `implies` returns false.
public PermissionCollection newPermissionCollection() { return new KrbDelegationPermissionCollection(); } Returns a PermissionCollection object for storing DelegationPermission objects. DelegationPermission objects must be stored in a manner that allows them to be inserted into the collection in any order, but that also enables the PermissionCollection implies method to be implemented in an efficient (and consistent) manner.

Method from javax.security.auth.kerberos.DelegationPermission Detail:

 public boolean equals(Object obj) {
        if (obj == this)
            return true;
        if (! (obj instanceof DelegationPermission))
            return false;
        DelegationPermission that = (DelegationPermission) obj;
        return implies(that);
}

 public int hashCode() {
        return getName().hashCode();
}

Returns the hash code value for this object.

 public boolean implies(Permission p) {
        if (!(p instanceof DelegationPermission))
            return false;
        DelegationPermission that = (DelegationPermission) p;
        if (this.subordinate.equals(that.subordinate) &&
            this.service.equals(that.service))
            return true;
        return false;
}

If none of the above are true, implies returns false.

 public PermissionCollection newPermissionCollection() {
        return new KrbDelegationPermissionCollection();
}