Package javax.security.auth

Class Subject

java.lang.Object
javax.security.auth.Subject
All Implemented Interfaces:
Serializable
public final class Subject
extends Object
implements Serializable
The central class of the javax.security.auth package representing an authenticated user or entity (both referred to as "subject"). IT defines also the static methods that allow code to be run, and do modifications according to the subject's permissions.

A subject has the following features:

  • A set of Principal objects specifying the identities bound to a Subject that distinguish it.
  • Credentials (public and private) such as certificates, keys, or authentication proofs such as tickets
See Also:
Serialized Form

  • Constructor Details

    • Subject

      public Subject()
      The default constructor initializing the sets of public and private credentials and principals with the empty set.

    • Subject

      public Subject​(boolean readOnly, Set<? extends Principal> subjPrincipals, Set<?> pubCredentials, Set<?> privCredentials)
      The constructor for the subject, setting its public and private credentials and principals according to the arguments.
      Parameters:
      readOnly - true if this Subject is read-only, thus preventing any modifications to be done.
      subjPrincipals - the set of Principals that are attributed to this Subject.
      pubCredentials - the set of public credentials that distinguish this Subject.
      privCredentials - the set of private credentials that distinguish this Subject.

  • Method Details

    • doAs

      public static <T> T doAs​(Subject subject, PrivilegedAction<T> action)
      Runs the code defined by action using the permissions granted to the Subject itself and to the code as well.
      Parameters:
      subject - the distinguished Subject.
      action - the code to be run.
      Returns:
      the Object returned when running the action.

    • doAsPrivileged

      public static <T> T doAsPrivileged​(Subject subject, PrivilegedAction<T> action, AccessControlContext context)
      Run the code defined by action using the permissions granted to the Subject and to the code itself, additionally providing a more specific context.
      Parameters:
      subject - the distinguished Subject.
      action - the code to be run.
      context - the specific context in which the action is invoked. if null a new AccessControlContext is instantiated.
      Returns:
      the Object returned when running the action.

    • doAs

      public static <T> T doAs​(Subject subject, PrivilegedExceptionAction<T> action) throws PrivilegedActionException
      Runs the code defined by action using the permissions granted to the subject and to the code itself.
      Parameters:
      subject - the distinguished Subject.
      action - the code to be run.
      Returns:
      the Object returned when running the action.
      Throws:
      PrivilegedActionException - if running the action throws an exception.

    • doAsPrivileged

      public static <T> T doAsPrivileged​(Subject subject, PrivilegedExceptionAction<T> action, AccessControlContext context) throws PrivilegedActionException
      Runs the code defined by action using the permissions granted to the subject and to the code itself, additionally providing a more specific context.
      Parameters:
      subject - the distinguished Subject.
      action - the code to be run.
      context - the specific context in which the action is invoked. if null a new AccessControlContext is instantiated.
      Returns:
      the Object returned when running the action.
      Throws:
      PrivilegedActionException - if running the action throws an exception.

    • equals

      public boolean equals​(Object obj)
      Checks two Subjects for equality. More specifically if the principals, public and private credentials are equal, equality for two Subjects is implied.
      Overrides:
      equals in class Object
      Parameters:
      obj - the Object checked for equality with this Subject.
      Returns:
      true if the specified Subject is equal to this one.
      See Also:
      Object.hashCode()

    • getPrincipals

      public Set<Principal> getPrincipals()
      Returns this Subject's Principal.
      Returns:
      this Subject's Principal.

    • getPrincipals

      public <T extends Principal> Set<T> getPrincipals​(Class<T> c)
      Returns this Subject's Principal which is a subclass of the Class provided.
      Parameters:
      c - the Class as a criteria which the Principal returned must satisfy.
      Returns:
      this Subject's Principal. Modifications to the returned set of Principals do not affect this Subject's set.

    • getPrivateCredentials

      public Set<Object> getPrivateCredentials()
      Returns the private credentials associated with this Subject.
      Returns:
      the private credentials associated with this Subject.

    • getPrivateCredentials

      public <T> Set<T> getPrivateCredentials​(Class<T> c)
      Returns this Subject's private credentials which are a subclass of the Class provided.
      Parameters:
      c - the Class as a criteria which the private credentials returned must satisfy.
      Returns:
      this Subject's private credentials. Modifications to the returned set of credentials do not affect this Subject's credentials.

    • getPublicCredentials

      public Set<Object> getPublicCredentials()
      Returns the public credentials associated with this Subject.
      Returns:
      the public credentials associated with this Subject.

    • getPublicCredentials

      public <T> Set<T> getPublicCredentials​(Class<T> c)
      Returns this Subject's public credentials which are a subclass of the Class provided.
      Parameters:
      c - the Class as a criteria which the public credentials returned must satisfy.
      Returns:
      this Subject's public credentials. Modifications to the returned set of credentials do not affect this Subject's credentials.

    • hashCode

      public int hashCode()
      Returns a hash code of this Subject.
      Overrides:
      hashCode in class Object
      Returns:
      a hash code of this Subject.
      See Also:
      Object.equals(java.lang.Object)

    • setReadOnly

      public void setReadOnly()
      Prevents from modifications being done to the credentials and Principal sets. After setting it to read-only this Subject can not be made writable again. The destroy method on the credentials still works though.

    • isReadOnly

      public boolean isReadOnly()
      Returns whether this Subject is read-only or not.
      Returns:
      whether this Subject is read-only or not.

    • toString

      public String toString()
      Returns a String representation of this Subject.
      Overrides:
      toString in class Object
      Returns:
      a String representation of this Subject.

    • getSubject

      public static Subject getSubject​(AccessControlContext context)
      Returns the Subject that was last associated with the context provided as argument.
      Parameters:
      context - the context that was associated with the Subject.
      Returns:
      the Subject that was last associated with the context provided as argument.