Examples of javax.security.auth.AuthPermission

• javax.security.auth.AuthPermission
  This class is for authentication permissions. An AuthPermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.

  The target name is the name of a security configuration parameter (see below). Currently the AuthPermission object is used to guard access to the Policy, Subject, LoginContext, and Configuration objects.

  The possible target names for an Authentication Permission are:

   doAs -                  allow the caller to invoke the {@code Subject.doAs} methods.doAsPrivileged -        allow the caller to invoke the {@code Subject.doAsPrivileged} methods.getSubject -            allow for the retrieval of the Subject(s) associated with the current Thread. getSubjectFromDomainCombiner -  allow for the retrieval of the Subject associated with the a  {@code SubjectDomainCombiner}. setReadOnly -           allow the caller to set a Subject to be read-only. modifyPrincipals -      allow the caller to modify the  {@code Set}of Principals associated with a {@code Subject}modifyPublicCredentials - allow the caller to modify the {@code Set} of public credentialsassociated with a  {@code Subject}modifyPrivateCredentials - allow the caller to modify the {@code Set} of private credentialsassociated with a  {@code Subject}refreshCredential -     allow code to invoke the  {@code refresh}method on a credential which implements the  {@code Refreshable} interface.destroyCredential -     allow code to invoke the  {@code destroy}method on a credential  {@code object}which implements the  {@code Destroyable}interface. createLoginContext.{name} -  allow code to instantiate a {@code LoginContext} with thespecified name.  name is used as the index into the installed login {@code Configuration}(that returned by {@code Configuration.getConfiguration()}). name can be wildcarded (set to '*') to allow for any name. getLoginConfiguration - allow for the retrieval of the system-wide login Configuration. createLoginConfiguration.{type} - allow code to obtain a Configuration object via {@code Configuration.getInstance}. setLoginConfiguration - allow for the setting of the system-wide login Configuration. refreshLoginConfiguration - allow for the refreshing of the system-wide login Configuration. 

  The following target name has been deprecated in favor of {@code} createLoginContext.name}}.

   createLoginContext -    allow code to instantiate a {@code LoginContext}. 

  {@code javax.security.auth.Policy} has beendeprecated in favor of {@code java.security.Policy}. Therefore, the following target names have also been deprecated:

   getPolicy -             allow the caller to retrieve the system-wide Subject-based access control policy. setPolicy -             allow the caller to set the system-wide Subject-based access control policy. refreshPolicy -         allow the caller to refresh the system-wide Subject-based access control policy. 

    };

    private static void checkPermission(String type) {
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(new AuthPermission
                                ("createLoginConfiguration." + type));
        }
    }

     */
    public static Configuration getConfiguration() {

        SecurityManager sm = System.getSecurityManager();
        if (sm != null)
            sm.checkPermission(new AuthPermission("getLoginConfiguration"));

        synchronized (Configuration.class) {
            if (configuration == null) {
                String config_class = null;
                config_class = AccessController.doPrivileged

     * @see #getConfiguration
     */
    public static void setConfiguration(Configuration configuration) {
        SecurityManager sm = System.getSecurityManager();
        if (sm != null)
            sm.checkPermission(new AuthPermission("setLoginConfiguration"));
        Configuration.configuration = configuration;
    }

    private void init(String name) throws LoginException {

        SecurityManager sm = System.getSecurityManager();
        if (sm != null && !configProvided) {
            sm.checkPermission(new AuthPermission
                                ("createLoginContext." + name));
        }

        if (name == null)
            throw new LoginException
                (ResourcesMgr.getString("Invalid null input: name"));

        // get the Configuration
        if (config == null) {
            config = java.security.AccessController.doPrivileged
                (new java.security.PrivilegedAction<Configuration>() {
                public Configuration run() {
                    return Configuration.getConfiguration();
                }
            });
        }

        // get the LoginModules configured for this application
        AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name);
        if (entries == null) {

            if (sm != null && !configProvided) {
                sm.checkPermission(new AuthPermission
                                ("createLoginContext." + OTHER));
            }

            entries = config.getAppConfigurationEntry(OTHER);
            if (entries == null) {

        try {
            System.setProperty(LOGIN_CONFIG,
                    new File(otherConfFile).getCanonicalPath());

        DefaultConfiguration dc = new DefaultConfiguration();
        MySecurityManager checker = new MySecurityManager(new AuthPermission(
                "refreshLoginConfiguration"), true);
        System.setSecurityManager(checker);
        dc.refresh();
        assertTrue(checker.checkAsserted);
        checker.reset();

        assertSame("Inherited domain", domain, pd[0]);
    }

    public final void testSecurityException() {

        denyPermission(new AuthPermission("getSubjectFromDomainCombiner"));

        try {
            new SubjectDomainCombiner(new Subject()).getSubject();
        } catch (AccessControlException e) {
            assertEquals(e, AuthPermission.class);

public class AuthPermissionTest extends SerializationTest {

    @Override
    protected Object[] getData() {
        return new Object[] {new AuthPermission("name", "read")};
    }

        }

        SecurityManager sm = System.getSecurityManager();

        if (sm != null && !userProvidedConfig) {
            sm.checkPermission(new AuthPermission("createLoginContext." + name));//$NON-NLS-1$
        }

        AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name);
        if (entries == null) {
            if (sm != null && !userProvidedConfig) {
                sm.checkPermission(new AuthPermission("createLoginContext.other")); //$NON-NLS-1$
            }
            entries = config.getAppConfigurationEntry("other"); //$NON-NLS-1$
            if (entries == null) {
                throw new LoginException(Messages.getString("auth.35", name)); //$NON-NLS-1$
            }

  /**
   * Tests that setConfiguration() is properly secured via SecurityManager.
   */
  public void testSetConfiguration() {
        SecurityChecker checker = new SecurityChecker(new AuthPermission(
        "setLoginConfiguration"), true);
    System.setSecurityManager(checker);
    Configuration custom = new ConfTestProvider();
    Configuration.setConfiguration(custom);
    assertTrue(checker.checkAsserted);

  /**
   * Tests that getConfiguration() is properly secured via SecurityManager.
   */
  public void testGetConfiguration() {
    Configuration.setConfiguration(new ConfTestProvider());
        SecurityChecker checker = new SecurityChecker(new AuthPermission(
        "getLoginConfiguration"), true);
    System.setSecurityManager(checker);
    Configuration.getConfiguration();
    assertTrue(checker.checkAsserted);
    checker.reset();