Serializable
public final class Subject extends Object implements Serializable
A Subject
represents a grouping of related information for a single entity, such as a person. Such information includes the Subject's identities as well as its security-related attributes (passwords and cryptographic keys, for example).
Subjects may potentially have multiple identities. Each identity is represented as a Principal
within the Subject
. Principals simply bind names to a Subject
. For example, a Subject
that happens to be a person, Alice, might have two Principals: one which binds "Alice Bar", the name on her driver license, to the Subject
, and another which binds, "999-99-9999", the number on her student identification card, to the Subject
. Both Principals refer to the same Subject
even though each has a different name.
A Subject
may also own security-related attributes, which are referred to as credentials. Sensitive credentials that require special protection, such as private cryptographic keys, are stored within a private credential Set
. Credentials intended to be shared, such as public key certificates or Kerberos server tickets are stored within a public credential Set
. Different permissions are required to access and modify the different credential Sets.
To retrieve all the Principals associated with a Subject
, invoke the getPrincipals
method. To retrieve all the public or private credentials belonging to a Subject
, invoke the getPublicCredentials
method or getPrivateCredentials
method, respectively. To modify the returned Set
of Principals and credentials, use the methods defined in the Set
class. For example:
Subject subject; Principal principal; Object credential; // add a Principal and credential to the Subject subject.getPrincipals().add(principal); subject.getPublicCredentials().add(credential);
This Subject
class implements Serializable
. While the Principals associated with the Subject
are serialized, the credentials associated with the Subject
are not. Note that the java.security.Principal
class does not implement Serializable
. Therefore, all concrete Principal
implementations associated with Subjects must implement Serializable
.
Constructor | Description |
---|---|
Subject() |
Create an instance of a Subject with an empty Set of Principals and empty Sets of public and private credentials. |
Subject |
Create an instance of a Subject with Principals and credentials. |
Modifier and Type | Method | Description |
---|---|---|
static <T> T |
callAs |
Executes a Callable with subject as the current subject. |
static Subject |
current() |
Returns the current subject. |
static <T> T |
doAs |
Deprecated, for removal: This API element is subject to removal in a future version. |
static <T> T |
doAs |
Deprecated, for removal: This API element is subject to removal in a future version. This method depends on AccessControlContext which, in conjunction with the Security Manager, is deprecated and subject to removal in a future release. |
static <T> T |
doAsPrivileged |
Deprecated, for removal: This API element is subject to removal in a future version. This method is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release. |
static <T> T |
doAsPrivileged |
Deprecated, for removal: This API element is subject to removal in a future version. This method is only useful in conjunction with the Security Manager, which is deprecated and subject to removal in a future release. |
boolean |
equals |
Compares the specified Object with this Subject for equality. |
Set |
getPrincipals() |
Return the Set of Principals associated with this Subject . |
<T extends Principal> |
getPrincipals |
Return a Set of Principals associated with this Subject that are instances or subclasses of the specified Class . |
Set |
getPrivateCredentials() |
Return the Set of private credentials held by this Subject . |
<T> Set |
getPrivateCredentials |
Return a Set of private credentials associated with this Subject that are instances or subclasses of the specified Class . |
Set |
getPublicCredentials() |
Return the Set of public credentials held by this Subject . |
<T> Set |
getPublicCredentials |
Return a Set of public credentials associated with this Subject that are instances or subclasses of the specified Class . |
static Subject |
getSubject |
Deprecated, for removal: This API element is subject to removal in a future version. This method depends on AccessControlContext which, in conjunction with the Security Manager, is deprecated and subject to removal in a future release. |
int |
hashCode() |
Returns a hashcode for this Subject . |
boolean |
isReadOnly() |
Query whether this Subject is read-only. |
void |
setReadOnly() |
Set this Subject to be read-only. |
String |
toString() |
Return the String representation of this Subject . |
public Subject()
Subject
with an empty Set
of Principals and empty Sets of public and private credentials. The newly constructed Sets check whether this Subject
has been set read-only before permitting subsequent modifications. The newly created Sets also prevent illegal modifications by ensuring that callers have sufficient permissions. These Sets also prohibit null elements, and attempts to add, query, or remove a null element will result in a NullPointerException
.
To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals")
. To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials")
. To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials")
.
public Subject(boolean readOnly, Set<? extends Principal> principals, Set<?> pubCredentials, Set<?> privCredentials)
Subject
with Principals and credentials. The Principals and credentials from the specified Sets are copied into newly constructed Sets. These newly created Sets check whether this Subject
has been set read-only before permitting subsequent modifications. The newly created Sets also prevent illegal modifications by ensuring that callers have sufficient permissions. These Sets also prohibit null elements, and attempts to add, query, or remove a null element will result in a NullPointerException
.
To modify the Principals Set, the caller must have AuthPermission("modifyPrincipals")
. To modify the public credential Set, the caller must have AuthPermission("modifyPublicCredentials")
. To modify the private credential Set, the caller must have AuthPermission("modifyPrivateCredentials")
.
readOnly
- true if the Subject
is to be read-only, and false otherwise.principals
- the Set
of Principals to be associated with this Subject
.pubCredentials
- the Set
of public credentials to be associated with this Subject
.privCredentials
- the Set
of private credentials to be associated with this Subject
.NullPointerException
- if the specified principals
, pubCredentials
, or privCredentials
are null
, or a null value exists within any of these three Sets.public void setReadOnly()
Subject
to be read-only. Modifications (additions and removals) to this Subject's Principal
Set
and credential Sets will be disallowed. The destroy
operation on this Subject's credentials will still be permitted.
Subsequent attempts to modify the Subject's Principal
and credential Sets will result in an IllegalStateException
being thrown. Also, once a Subject
is read-only, it can not be reset to being writable again.
SecurityException
- if a security manager is installed and the caller does not have an AuthPermission("setReadOnly")
permission to set this Subject
to be read-only.public boolean isReadOnly()
Subject
is read-only.Subject
is read-only, false otherwise.@Deprecated(since="17", forRemoval=true) public static Subject getSubject(AccessControlContext acc)
AccessControlContext
which, in conjunction with the Security Manager, is deprecated and subject to removal in a future release. However, obtaining a Subject is useful independent of the Security Manager. Thus, a replacement API named current()
has been added which can be used to obtain the current subject.Subject
associated with the provided AccessControlContext
. The AccessControlContext
may contain many Subjects (from nested doAs
calls). In this situation, the most recent Subject
associated with the AccessControlContext
is returned.
acc
- the AccessControlContext
from which to retrieve the Subject
.Subject
associated with the provided AccessControlContext
, or null
if no Subject
is associated with the provided AccessControlContext
.SecurityException
- if a security manager is installed and the caller does not have an AuthPermission("getSubject")
permission to get the Subject
.NullPointerException
- if the provided AccessControlContext
is null
.public static Subject current()
The current subject is installed by the callAs(javax.security.auth.Subject, java.util.concurrent.Callable<T>)
method. When callAs(subject, action)
is called, action
is executed with subject
as its current subject which can be retrieved by this method. After action
is finished, the current subject is reset to its previous value. The current subject is null
before the first call of callAs()
.
Subject.getSubject(AccessController.getContext())
. This preserves compatibility with code that may still be calling doAs
which installs the subject in an AccessControlContext
. This behavior is subject to change in a future version.null
if a current subject is not installed or the current subject is set to null
.public static <T> T callAs(Subject subject, Callable<T> action) throws CompletionException
Callable
with subject
as the current subject.Subject.doAs(subject, altAction)
which stores the subject in a new AccessControlContext
, where altAction.run()
is equivalent to action.call()
and the exception thrown is modified to match the specification of this method. This preserves compatibility with code that may still be calling getSubject(AccessControlContext)
which retrieves the subject from an AccessControlContext
. This behavior is subject to change in a future version.T
- the type of value returned by the call
method of action
subject
- the Subject
that the specified action
will run as. This parameter may be null
.action
- the code to be run with subject
as its current subject. Must not be null
.call
method of action
NullPointerException
- if action
is null
CompletionException
- if action.call()
throws an exception. The cause of the CompletionException
is set to the exception thrown by action.call()
.@Deprecated(since="18", forRemoval=true) public static <T> T doAs(Subject subject, PrivilegedAction<T> action)
AccessControlContext
which, in conjunction with the Security Manager, is deprecated and subject to removal in a future release. However, performing work as a Subject is useful independent of the Security Manager. Thus, a replacement API named callAs(javax.security.auth.Subject, java.util.concurrent.Callable<T>)
has been added which can be used to perform the same work.Subject
. This method first retrieves the current Thread's AccessControlContext
via AccessController.getContext
, and then instantiates a new AccessControlContext
using the retrieved context along with a new SubjectDomainCombiner
(constructed using the provided Subject
). Finally, this method invokes AccessController.doPrivileged
, passing it the provided PrivilegedAction
, as well as the newly constructed AccessControlContext
.
T
- the type of the value returned by the PrivilegedAction's run
method.subject
- the Subject
that the specified action
will run as. This parameter may be null
.action
- the code to be run as the specified Subject
.run
method.NullPointerException
- if the PrivilegedAction
is null
.SecurityException
- if a security manager is installed and the caller does not have an AuthPermission("doAs")
permission to invoke this method.@Deprecated(since="18", forRemoval=true) public static <T> T doAs(Subject subject, PrivilegedExceptionAction<T> action) throws PrivilegedActionException
AccessControlContext
which, in conjunction with the Security Manager, is deprecated and subject to removal in a future release. However, performing work as a Subject is useful independent of the Security Manager. Thus, a replacement API named callAs(javax.security.auth.Subject, java.util.concurrent.Callable<T>)
has been added which can be used to perform the same work.Subject
. This method first retrieves the current Thread's AccessControlContext
via AccessController.getContext
, and then instantiates a new AccessControlContext
using the retrieved context along with a new SubjectDomainCombiner
(constructed using the provided Subject
). Finally, this method invokes AccessController.doPrivileged
, passing it the provided PrivilegedExceptionAction
, as well as the newly constructed AccessControlContext
.
T
- the type of the value returned by the PrivilegedExceptionAction's run
method.subject
- the Subject
that the specified action
will run as. This parameter may be null
.action
- the code to be run as the specified Subject
.run
method.PrivilegedActionException
- if the PrivilegedExceptionAction.run
method throws a checked exception.NullPointerException
- if the specified PrivilegedExceptionAction
is null
.SecurityException
- if a security manager is installed and the caller does not have an AuthPermission("doAs")
permission to invoke this method.@Deprecated(since="17", forRemoval=true) public static <T> T doAsPrivileged(Subject subject, PrivilegedAction<T> action, AccessControlContext acc)
Subject
. This method behaves exactly as Subject.doAs
, except that instead of retrieving the current Thread's AccessControlContext
, it uses the provided AccessControlContext
. If the provided AccessControlContext
is null
, this method instantiates a new AccessControlContext
with an empty collection of ProtectionDomains.
T
- the type of the value returned by the PrivilegedAction's run
method.subject
- the Subject
that the specified action
will run as. This parameter may be null
.action
- the code to be run as the specified Subject
.acc
- the AccessControlContext
to be tied to the specified subject and action.run
method.NullPointerException
- if the PrivilegedAction
is null
.SecurityException
- if a security manager is installed and the caller does not have a AuthPermission("doAsPrivileged")
permission to invoke this method.@Deprecated(since="17", forRemoval=true) public static <T> T doAsPrivileged(Subject subject, PrivilegedExceptionAction<T> action, AccessControlContext acc) throws PrivilegedActionException
Subject
. This method behaves exactly as Subject.doAs
, except that instead of retrieving the current Thread's AccessControlContext
, it uses the provided AccessControlContext
. If the provided AccessControlContext
is null
, this method instantiates a new AccessControlContext
with an empty collection of ProtectionDomains.
T
- the type of the value returned by the PrivilegedExceptionAction's run
method.subject
- the Subject
that the specified action
will run as. This parameter may be null
.action
- the code to be run as the specified Subject
.acc
- the AccessControlContext
to be tied to the specified subject and action.run
method.PrivilegedActionException
- if the PrivilegedExceptionAction.run
method throws a checked exception.NullPointerException
- if the specified PrivilegedExceptionAction
is null
.SecurityException
- if a security manager is installed and the caller does not have a AuthPermission("doAsPrivileged")
permission to invoke this method.public Set<Principal> getPrincipals()
Set
of Principals associated with this Subject
. Each Principal
represents an identity for this Subject
. The returned Set
is backed by this Subject's internal Principal
Set
. Any modification to the returned Set
affects the internal Principal
Set
as well.
If a security manager is installed, the caller must have a AuthPermission("modifyPrincipals")
permission to modify the returned set, or a SecurityException
will be thrown.
Set
of Principals associated with this Subject
.public <T extends Principal> Set<T> getPrincipals(Class<T> c)
Set
of Principals associated with this Subject
that are instances or subclasses of the specified Class
. The returned Set
is not backed by this Subject's internal Principal
Set
. A new Set
is created and returned for each method invocation. Modifications to the returned Set
will not affect the internal Principal
Set
.
T
- the type of the class modeled by c
c
- the returned Set
of Principals will all be instances of this class.Set
of Principals that are instances of the specified Class
.NullPointerException
- if the specified Class
is null
.public Set<Object> getPublicCredentials()
Set
of public credentials held by this Subject
. The returned Set
is backed by this Subject's internal public Credential Set
. Any modification to the returned Set
affects the internal public Credential Set
as well.
If a security manager is installed, the caller must have a AuthPermission("modifyPublicCredentials")
permission to modify the returned set, or a SecurityException
will be thrown.
Set
of public credentials held by this Subject
.public Set<Object> getPrivateCredentials()
Set
of private credentials held by this Subject
. The returned Set
is backed by this Subject's internal private Credential Set
. Any modification to the returned Set
affects the internal private Credential Set
as well.
If a security manager is installed, the caller must have a AuthPermission("modifyPrivateCredentials")
permission to modify the returned set, or a SecurityException
will be thrown.
While iterating through the Set
, a SecurityException
is thrown if a security manager is installed and the caller does not have a PrivateCredentialPermission
to access a particular Credential. The Iterator
is nevertheless advanced to the next element in the Set
.
Set
of private credentials held by this Subject
.public <T> Set<T> getPublicCredentials(Class<T> c)
Set
of public credentials associated with this Subject
that are instances or subclasses of the specified Class
. The returned Set
is not backed by this Subject's internal public Credential Set
. A new Set
is created and returned for each method invocation. Modifications to the returned Set
will not affect the internal public Credential Set
.
T
- the type of the class modeled by c
c
- the returned Set
of public credentials will all be instances of this class.Set
of public credentials that are instances of the specified Class
.NullPointerException
- if the specified Class
is null
.public <T> Set<T> getPrivateCredentials(Class<T> c)
Set
of private credentials associated with this Subject
that are instances or subclasses of the specified Class
. If a security manager is installed, the caller must have a PrivateCredentialPermission
to access all of the requested Credentials, or a SecurityException
will be thrown.
The returned Set
is not backed by this Subject's internal private Credential Set
. A new Set
is created and returned for each method invocation. Modifications to the returned Set
will not affect the internal private Credential Set
.
T
- the type of the class modeled by c
c
- the returned Set
of private credentials will all be instances of this class.Set
of private credentials that are instances of the specified Class
.NullPointerException
- if the specified Class
is null
.public boolean equals(Object o)
Subject
for equality. Returns true if the given object is also a Subject and the two Subject
instances are equivalent. More formally, two Subject
instances are equal if their Principal
and Credential
Sets are equal.equals
in class Object
o
- Object to be compared for equality with this Subject
.Subject
.SecurityException
- if a security manager is installed and the caller does not have a PrivateCredentialPermission
permission to access the private credentials for this Subject
or the provided Subject
.public String toString()
Subject
.public int hashCode()
Subject
.hashCode
in class Object
Subject
.SecurityException
- if a security manager is installed and the caller does not have a PrivateCredentialPermission
permission to access this Subject's private credentials.
© 1993, 2023, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/21/docs/api/java.base/javax/security/auth/Subject.html
AccessControlContext
which, in conjunction with the Security Manager, is deprecated and subject to removal in a future release.