Examples of javax.security.auth.AuthPermission

• javax.security.auth.AuthPermission
  This class is for authentication permissions. An AuthPermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.

  The target name is the name of a security configuration parameter (see below). Currently the AuthPermission object is used to guard access to the Policy, Subject, LoginContext, and Configuration objects.

  The possible target names for an Authentication Permission are:

   doAs -                  allow the caller to invoke the {@code Subject.doAs} methods.doAsPrivileged -        allow the caller to invoke the {@code Subject.doAsPrivileged} methods.getSubject -            allow for the retrieval of the Subject(s) associated with the current Thread. getSubjectFromDomainCombiner -  allow for the retrieval of the Subject associated with the a  {@code SubjectDomainCombiner}. setReadOnly -           allow the caller to set a Subject to be read-only. modifyPrincipals -      allow the caller to modify the  {@code Set}of Principals associated with a {@code Subject}modifyPublicCredentials - allow the caller to modify the {@code Set} of public credentialsassociated with a  {@code Subject}modifyPrivateCredentials - allow the caller to modify the {@code Set} of private credentialsassociated with a  {@code Subject}refreshCredential -     allow code to invoke the  {@code refresh}method on a credential which implements the  {@code Refreshable} interface.destroyCredential -     allow code to invoke the  {@code destroy}method on a credential  {@code object}which implements the  {@code Destroyable}interface. createLoginContext.{name} -  allow code to instantiate a {@code LoginContext} with thespecified name.  name is used as the index into the installed login {@code Configuration}(that returned by {@code Configuration.getConfiguration()}). name can be wildcarded (set to '*') to allow for any name. getLoginConfiguration - allow for the retrieval of the system-wide login Configuration. createLoginConfiguration.{type} - allow code to obtain a Configuration object via {@code Configuration.getInstance}. setLoginConfiguration - allow for the setting of the system-wide login Configuration. refreshLoginConfiguration - allow for the refreshing of the system-wide login Configuration. 

  The following target name has been deprecated in favor of {@code} createLoginContext.name}}.

   createLoginContext -    allow code to instantiate a {@code LoginContext}. 

  {@code javax.security.auth.Policy} has beendeprecated in favor of {@code java.security.Policy}. Therefore, the following target names have also been deprecated:

   getPolicy -             allow the caller to retrieve the system-wide Subject-based access control policy. setPolicy -             allow the caller to set the system-wide Subject-based access control policy. refreshPolicy -         allow the caller to refresh the system-wide Subject-based access control policy. 

               AccessController.doPrivileged(new PrivilegedAction()
               {
                  public Object run()
                  {
                     // Check this permission, that is required anyway, to combine the domains
                     sm.checkPermission(new AuthPermission("doAsPrivileged"));
                     return null;
                  }
               }, acc);
               ProtectionDomain[] combined = combiner.getCombinedDomains();
               return new AccessControlContext(combined);

     */
    static boolean canGetSubject() {
  try {
      SecurityManager sm = System.getSecurityManager();
      if (sm != null)
    sm.checkPermission(new AuthPermission("getSubject"));
      return true;
  } catch (SecurityException e) {
      return false;
  }
    }

            public Object run()
            {
               try
               {
                  // Check this permission, that is required anyway, to combine the domains
                  AccessController.checkPermission(new AuthPermission("doAsPrivileged"));
               }
               catch (AccessControlException ignored)
               {
               }
               return null;

        }

        SecurityManager sm = System.getSecurityManager();

        if (sm != null && !userProvidedConfig) {
            sm.checkPermission(new AuthPermission("createLoginContext." + name));//$NON-NLS-1$
        }

        AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name);
        if (entries == null) {
            if (sm != null && !userProvidedConfig) {
                sm.checkPermission(new AuthPermission("createLoginContext.other")); //$NON-NLS-1$
            }
            entries = config.getAppConfigurationEntry("other"); //$NON-NLS-1$
            if (entries == null) {
                throw new LoginException(Messages.getString("auth.35", name)); //$NON-NLS-1$
            }

            } else {
                // use the default JAAS login configuration (file-based)
                SecurityManager sm = System.getSecurityManager();
                if (sm != null) {
                    sm.checkPermission(
                            new AuthPermission("createLoginContext." +
                                               LOGIN_CONFIG_NAME));
                }

                final String pf = passwordFile;
                try {

    private void init(String name) throws LoginException {

        SecurityManager sm = System.getSecurityManager();
        if (sm != null && creatorAcc == null) {
            sm.checkPermission(new AuthPermission
                                ("createLoginContext." + name));
        }

        if (name == null)
            throw new LoginException
                (ResourcesMgr.getString("Invalid.null.input.name"));

        // get the Configuration
        if (config == null) {
            config = java.security.AccessController.doPrivileged
                (new java.security.PrivilegedAction<Configuration>() {
                public Configuration run() {
                    return Configuration.getConfiguration();
                }
            });
        }

        // get the LoginModules configured for this application
        AppConfigurationEntry[] entries = config.getAppConfigurationEntry(name);
        if (entries == null) {

            if (sm != null && creatorAcc == null) {
                sm.checkPermission(new AuthPermission
                                ("createLoginContext." + OTHER));
            }

            entries = config.getAppConfigurationEntry(OTHER);
            if (entries == null) {

            java.security.AccessController.getContext();

    private static void checkPermission(String type) {
        SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            sm.checkPermission(new AuthPermission
                                ("createLoginConfiguration." + type));
        }
    }

     */
    public static Configuration getConfiguration() {

        SecurityManager sm = System.getSecurityManager();
        if (sm != null)
            sm.checkPermission(new AuthPermission("getLoginConfiguration"));

        synchronized (Configuration.class) {
            if (configuration == null) {
                String config_class = null;
                config_class = AccessController.doPrivileged

     * @see #getConfiguration
     */
    public static void setConfiguration(Configuration configuration) {
        SecurityManager sm = System.getSecurityManager();
        if (sm != null)
            sm.checkPermission(new AuthPermission("setLoginConfiguration"));
        Configuration.configuration = configuration;
    }

      } else {
          // use the default JAAS login configuration (file-based)
                SecurityManager sm = System.getSecurityManager();
                if (sm != null) {
                    sm.checkPermission(
                            new AuthPermission("createLoginContext." +
                                               LOGIN_CONFIG_NAME));
                }

                final String pf = passwordFile;
                try {