Examples of javax.security.auth.AuthPermission

• javax.security.auth.AuthPermission
  This class is for authentication permissions. An AuthPermission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.

  The target name is the name of a security configuration parameter (see below). Currently the AuthPermission object is used to guard access to the Policy, Subject, LoginContext, and Configuration objects.

  The possible target names for an Authentication Permission are:

   doAs -                  allow the caller to invoke the {@code Subject.doAs} methods.doAsPrivileged -        allow the caller to invoke the {@code Subject.doAsPrivileged} methods.getSubject -            allow for the retrieval of the Subject(s) associated with the current Thread. getSubjectFromDomainCombiner -  allow for the retrieval of the Subject associated with the a  {@code SubjectDomainCombiner}. setReadOnly -           allow the caller to set a Subject to be read-only. modifyPrincipals -      allow the caller to modify the  {@code Set}of Principals associated with a {@code Subject}modifyPublicCredentials - allow the caller to modify the {@code Set} of public credentialsassociated with a  {@code Subject}modifyPrivateCredentials - allow the caller to modify the {@code Set} of private credentialsassociated with a  {@code Subject}refreshCredential -     allow code to invoke the  {@code refresh}method on a credential which implements the  {@code Refreshable} interface.destroyCredential -     allow code to invoke the  {@code destroy}method on a credential  {@code object}which implements the  {@code Destroyable}interface. createLoginContext.{name} -  allow code to instantiate a {@code LoginContext} with thespecified name.  name is used as the index into the installed login {@code Configuration}(that returned by {@code Configuration.getConfiguration()}). name can be wildcarded (set to '*') to allow for any name. getLoginConfiguration - allow for the retrieval of the system-wide login Configuration. createLoginConfiguration.{type} - allow code to obtain a Configuration object via {@code Configuration.getInstance}. setLoginConfiguration - allow for the setting of the system-wide login Configuration. refreshLoginConfiguration - allow for the refreshing of the system-wide login Configuration. 

  The following target name has been deprecated in favor of {@code} createLoginContext.name}}.

   createLoginContext -    allow code to instantiate a {@code LoginContext}. 

  {@code javax.security.auth.Policy} has beendeprecated in favor of {@code java.security.Policy}. Therefore, the following target names have also been deprecated:

   getPolicy -             allow the caller to retrieve the system-wide Subject-based access control policy. setPolicy -             allow the caller to set the system-wide Subject-based access control policy. refreshPolicy -         allow the caller to refresh the system-wide Subject-based access control policy. 

        assertFalse(lookupAuthPermission(requests, otherPermName));
        //
        // now check whether 'other' was also checked
        //
        requests.clear();
        allowedPerms.add(new AuthPermission(dummyPermName));
        try {
            new LoginContext(dummyName);
            fail("must not pass here - 1.");
        } catch (LoginException _) {
            fail("no, no, no. Throw SecurityException instead");

     */
    static boolean canGetSubject() {
  try {
      SecurityManager sm = System.getSecurityManager();
      if (sm != null)
    sm.checkPermission(new AuthPermission("getSubject"));
      return true;
  } catch (SecurityException e) {
      return false;
  }
    }

    AuthenticationPermission authPerm =
        new AuthenticationPermission(
      Collections.singleton(serverEndpoint.getPrincipal()),
      null, "listen");
    this.permsToRunWith = new Permission[] {
        new AuthPermission("getSubject"),
        new SocketPermission("*:1024-", "accept,connect,listen"),
        authPerm};
      }

      if (constraints != null) {

        authPerm = new AuthenticationPermission(
      "javax.security.auth.kerberos.KerberosPrincipal \"*\"",
      "listen");
    }
    this.permsToRunWith = new Permission[] {
        new AuthPermission("doAs"),
        new AuthPermission("getSubject"),
        new SocketPermission("*:1024-", "accept,connect,listen"),
        authPerm};
      }
      this.returnErrMsg = returnErrMsg;
      this.UnsupportedConsErrMsg = UnsupportedConsErrMsg;

      Collections.singleton(serverPrincipal), null,
      "listen");
    this.permsToRunWith = new Permission[] {
        new SocketPermission("*:1024-", "accept,connect,listen"),
        authPerm,
        new AuthPermission("doAs"),
        new RuntimePermission("modifyThread"),
        new RuntimePermission("modifyThreadGroup"),
        new RuntimePermission("setContextClassLoader"),
        new ServicePermission(serverPrincipal.getName(), "accept")
    };

      TestPrincipal.class.getName() + " \"peer\"";
  String actions = "listen, accept, delegate";
  defaultPermsNoSocketPerm = new Permission[] {
      new TestPermission("testPermission"),
      new AuthenticationPermission(name, actions),
      new AuthPermission("doAs"), // needed for newRequest()
      // so provider will throw detailed exception instead of generic one
      new AuthPermission("getSubject")
  };
  defaultPermsWithSocketPerm = new Permission[] {
      new TestPermission("testPermission"),
      new AuthenticationPermission(name, actions),
      new AuthPermission("doAs"), // needed for newRequest()
      // so provider will throw detailed exception instead of generic one
      new AuthPermission("getSubject"),
      new SocketPermission("*:1024-", "accept,connect,listen")
  };
  rand = new Random();
  nextID = 1; // id starts from 1

  byte[] oneLongArray4 = getBytes(20000);
  byte[][] multiLongArray1 = getBytes(65, 1000);
  byte[][] multiLongArray2 = getBytes(90, 1000);

  Permission[] permsNoAuth = new Permission[] {
      new AuthPermission("doAs"),
      new AuthPermission("getSubject"),
      new SocketPermission("*:1024-", "accept,connect,listen"),
  };

  Permission[] sockPermOnly = new Permission[] {
      new SocketPermission("*:1024-", "accept,connect,listen"),

  @Test
  public void testTrustedExecution() throws Exception {
    beanFactory.setSecurityContextProvider(null);

    Permissions perms = new Permissions();
    perms.add(new AuthPermission("getSubject"));
    ProtectionDomain pd = new ProtectionDomain(null, perms);

    new AccessControlContext(new ProtectionDomain[] { pd });

    final Subject subject = new Subject();

  /**
   * Tests that setConfiguration() is properly secured via SecurityManager.
   */
  public void testSetConfiguration() {
        SecurityChecker checker = new SecurityChecker(new AuthPermission(
        "setLoginConfiguration"), true);
    System.setSecurityManager(checker);
    Configuration custom = new ConfTestProvider();
    Configuration.setConfiguration(custom);
    assertTrue(checker.checkAsserted);

  /**
   * Tests that getConfiguration() is properly secured via SecurityManager.
   */
  public void testGetConfiguration() {
    Configuration.setConfiguration(new ConfTestProvider());
        SecurityChecker checker = new SecurityChecker(new AuthPermission(
        "getLoginConfiguration"), true);
    System.setSecurityManager(checker);
    Configuration.getConfiguration();
    assertTrue(checker.checkAsserted);
    checker.reset();