Examples of javax.security.auth.AuthPermission

• javax.security.auth.AuthPermission
  This class is for authentication permissions. An AuthPermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.

  The target name is the name of a security configuration parameter (see below). Currently the AuthPermission object is used to guard access to the Policy, Subject, LoginContext, and Configuration objects.

  The possible target names for an Authentication Permission are:

   doAs -                  allow the caller to invoke the {@code Subject.doAs} methods.doAsPrivileged -        allow the caller to invoke the {@code Subject.doAsPrivileged} methods.getSubject -            allow for the retrieval of the Subject(s) associated with the current Thread. getSubjectFromDomainCombiner -  allow for the retrieval of the Subject associated with the a  {@code SubjectDomainCombiner}. setReadOnly -           allow the caller to set a Subject to be read-only. modifyPrincipals -      allow the caller to modify the  {@code Set}of Principals associated with a {@code Subject}modifyPublicCredentials - allow the caller to modify the {@code Set} of public credentialsassociated with a  {@code Subject}modifyPrivateCredentials - allow the caller to modify the {@code Set} of private credentialsassociated with a  {@code Subject}refreshCredential -     allow code to invoke the  {@code refresh}method on a credential which implements the  {@code Refreshable} interface.destroyCredential -     allow code to invoke the  {@code destroy}method on a credential  {@code object}which implements the  {@code Destroyable}interface. createLoginContext.{name} -  allow code to instantiate a {@code LoginContext} with thespecified name.  name is used as the index into the installed login {@code Configuration}(that returned by {@code Configuration.getConfiguration()}). name can be wildcarded (set to '*') to allow for any name. getLoginConfiguration - allow for the retrieval of the system-wide login Configuration. createLoginConfiguration.{type} - allow code to obtain a Configuration object via {@code Configuration.getInstance}. setLoginConfiguration - allow for the setting of the system-wide login Configuration. refreshLoginConfiguration - allow for the refreshing of the system-wide login Configuration. 

  The following target name has been deprecated in favor of {@code} createLoginContext.name}}.

   createLoginContext -    allow code to instantiate a {@code LoginContext}. 

  {@code javax.security.auth.Policy} has beendeprecated in favor of {@code java.security.Policy}. Therefore, the following target names have also been deprecated:

   getPolicy -             allow the caller to retrieve the system-wide Subject-based access control policy. setPolicy -             allow the caller to set the system-wide Subject-based access control policy. refreshPolicy -         allow the caller to refresh the system-wide Subject-based access control policy. 

     */
    public synchronized void refresh() {

  java.lang.SecurityManager sm = System.getSecurityManager();
  if (sm != null)
      sm.checkPermission(new AuthPermission("refreshLoginConfiguration"));

  java.security.AccessController.doPrivileged
      (new java.security.PrivilegedAction() {
      public Object run() {
    try {

    };

    private static void checkPermission(String type) {
  SecurityManager sm = System.getSecurityManager();
  if (sm != null) {
      sm.checkPermission(new AuthPermission
        ("createLoginConfiguration." + type));
  }
    }

     */
    public static synchronized Configuration getConfiguration() {

  SecurityManager sm = System.getSecurityManager();
  if (sm != null)
      sm.checkPermission(new AuthPermission("getLoginConfiguration"));

  if (configuration == null) {
      String config_class = null;
      config_class = (String)AccessController.doPrivileged
    (new PrivilegedAction() {

     * @see #getConfiguration
     */
    public static void setConfiguration(Configuration configuration) {
  SecurityManager sm = System.getSecurityManager();
  if (sm != null)
      sm.checkPermission(new AuthPermission("setLoginConfiguration"));
  Configuration.configuration = configuration;
    }

    private void init(String name) throws LoginException {

  SecurityManager sm = System.getSecurityManager();
  if (sm != null && !configProvided) {
      sm.checkPermission(new AuthPermission
        ("createLoginContext." + name));
  }

  if (name == null)
      throw new LoginException
    (ResourcesMgr.getString("Invalid null input: name"));

  // get the Configuration
  if (config == null) {
      config = (Configuration)java.security.AccessController.doPrivileged
    (new java.security.PrivilegedAction() {
    public Object run() {
        return Configuration.getConfiguration();
    }
      });
  }

  // get the LoginModules configured for this application
  AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name);
  if (entries == null) {

      if (sm != null && !configProvided) {
    sm.checkPermission(new AuthPermission
        ("createLoginContext." + OTHER));
      }

      entries = config.getAppConfigurationEntry(OTHER);
      if (entries == null) {

         policy.setSeparateClientServerPermissions(true);

         Map clientEnv = createClientEnvironment();
         clientEnv.put(JMXConnector.CREDENTIALS, new String[]{"test", "test"});
         policy.addClientPermission(new SocketPermission("localhost:" + url.getPort(), "connect"));
         policy.addServerPermission(new JMXPrincipal("test"), new AuthPermission("doAsPrivileged"));
         policy.addServerPermission(new JMXPrincipal("test"), new SocketPermission("localhost:" + url.getPort(), "listen"));
         policy.addServerPermission(new JMXPrincipal("test"), new SocketPermission("*:1024-" + url.getPort(), "accept"));
         cntor = JMXConnectorFactory.connect(cntorServer.getAddress(), clientEnv);

         addPermission(new MBeanTrustPermission("*"));
         policy.addServerPermission(new JMXPrincipal("delegate"), new MBeanPermission("*", "instantiate, registerMBean, getAttribute"));
         policy.addServerPermission(new JMXPrincipal("test"), new SubjectDelegationPermission(JMXPrincipal.class.getName() + ".delegate"));

         Set delegates = new HashSet();
         delegates.add(new JMXPrincipal("delegate"));
         Subject delegate = new Subject(true, delegates, Collections.EMPTY_SET, Collections.EMPTY_SET);
         MBeanServerConnection cntion = cntor.getMBeanServerConnection(delegate);
         ObjectName name = ObjectName.getInstance(":name=subject");
         cntion.createMBean(SubjectCheck.class.getName(), name, null);
         policy.addServerPermission(new JMXPrincipal("delegate"), new AuthPermission("getSubject"));
         Subject subject = (Subject)cntion.getAttribute(name, "Subject");

         Set principals = subject.getPrincipals();
         assertNotNull(principals);
         assertEquals(principals.size(), 1);

    };

    private static void checkPermission(String type) {
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(new AuthPermission
                                ("createLoginConfiguration." + type));
        }
    }

     */
    public static Configuration getConfiguration() {

        SecurityManager sm = System.getSecurityManager();
        if (sm != null)
            sm.checkPermission(new AuthPermission("getLoginConfiguration"));

        synchronized (Configuration.class) {
            if (configuration == null) {
                String config_class = null;
                config_class = AccessController.doPrivileged

     * @see #getConfiguration
     */
    public static void setConfiguration(Configuration configuration) {
        SecurityManager sm = System.getSecurityManager();
        if (sm != null)
            sm.checkPermission(new AuthPermission("setLoginConfiguration"));
        Configuration.configuration = configuration;
    }

    private void init(String name) throws LoginException {

        SecurityManager sm = System.getSecurityManager();
        if (sm != null && !configProvided) {
            sm.checkPermission(new AuthPermission
                                ("createLoginContext." + name));
        }

        if (name == null)
            throw new LoginException
                (ResourcesMgr.getString("Invalid.null.input.name"));

        // get the Configuration
        if (config == null) {
            config = java.security.AccessController.doPrivileged
                (new java.security.PrivilegedAction<Configuration>() {
                public Configuration run() {
                    return Configuration.getConfiguration();
                }
            });
        }

        // get the LoginModules configured for this application
        AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name);
        if (entries == null) {

            if (sm != null && !configProvided) {
                sm.checkPermission(new AuthPermission
                                ("createLoginContext." + OTHER));
            }

            entries = config.getAppConfigurationEntry(OTHER);
            if (entries == null) {