|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectjava.security.Permission
java.security.BasicPermission
javax.security.auth.kerberos.DelegationPermission
public final class DelegationPermission
This class is used to restrict the usage of the Kerberos delegation model, ie: forwardable and proxiable tickets.
The target name of this Permission
specifies a pair of
kerberos service principals. The first is the subordinate service principal
being entrusted to use the TGT. The second service principal designates
the target service the subordinate service principal is to interact with on
behalf of the initiating KerberosPrincipal. This latter service principal
is specified to restrict the use of a proxiable ticket.
For example, to specify the "host" service use of a forwardable TGT the target permission is specified as follows:
DelegationPermission("\"host/foo.example.com@EXAMPLE.COM\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"");
To give the "backup" service a proxiable nfs service ticket the target permission might be specified:
DelegationPermission("\"backup/bar.example.com@EXAMPLE.COM\" \"nfs/home.EXAMPLE.COM@EXAMPLE.COM\"");
Constructor Summary | |
---|---|
DelegationPermission(java.lang.String principals)
Create a new DelegationPermission with the specified
subordinate and target principals. |
|
DelegationPermission(java.lang.String principals,
java.lang.String actions)
Create a new DelegationPermission with the specified
subordinate and target principals. |
Method Summary | |
---|---|
boolean |
equals(java.lang.Object obj)
Checks two DelegationPermission objects for equality. |
int |
hashCode()
Returns the hash code value for this object. |
boolean |
implies(java.security.Permission p)
Checks if this Kerberos delegation permission object "implies" the specified permission. |
java.security.PermissionCollection |
newPermissionCollection()
Returns a PermissionCollection object for storing DelegationPermission objects. |
Methods inherited from class java.security.BasicPermission |
---|
getActions |
Methods inherited from class java.security.Permission |
---|
checkGuard, getName, toString |
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
public DelegationPermission(java.lang.String principals)
DelegationPermission
with the specified
subordinate and target principals.
principals
- the name of the subordinate and target principalspublic DelegationPermission(java.lang.String principals, java.lang.String actions)
DelegationPermission
with the specified
subordinate and target principals.
principals
- the name of the subordinate and target principals actions
- should be null.Method Detail |
---|
public boolean implies(java.security.Permission p)
If none of the above are true, implies
returns false.
implies
in class java.security.BasicPermission
p
- the permission to check against.
public boolean equals(java.lang.Object obj)
equals
in class java.security.BasicPermission
obj
- the object to test for equality with this object.
public int hashCode()
hashCode
in class java.security.BasicPermission
public java.security.PermissionCollection newPermissionCollection()
newPermissionCollection
in class java.security.BasicPermission
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |