Class SecurityUtil


  • public class SecurityUtil
    extends java.lang.Object
    This class provides helper functions for security-related features.
    • Constructor Summary

      Constructors 
      Constructor Description
      SecurityUtil()  
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static void authorize​(Securable operation)
      Raise an exception if the current user does not have permission to perform the indicated operation.
      static void checkDerbyInternalsPrivilege()
      Verify that we have been granted permission to use Derby internals
      static void checkSubjectHasPermission​(javax.security.auth.Subject subject, java.security.Permission perm)
      Checks that a Subject has a Permission under the SecurityManager.
      static void checkUserHasPermission​(java.lang.String user, java.security.Permission perm)
      Checks that a User has a Permission under the SecurityManager.
      static javax.security.auth.Subject createSystemPrincipalSubject​(java.lang.String user)
      Creates a (read-only) Subject representing a given user as a System user within Derby.
      private static java.lang.String getAuthorizationId​(java.lang.String name)
      Returns the Authorization Identifier for a principal name.
      private static Context getContextOrNull​(java.lang.String contextID)
      Privileged lookup of a Context.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • USE_DERBY_INTERNALS

        private static final SystemPermission USE_DERBY_INTERNALS
        Permission to access Derby contexts (permissions are immutable).
    • Constructor Detail

      • SecurityUtil

        public SecurityUtil()
    • Method Detail

      • createSystemPrincipalSubject

        public static javax.security.auth.Subject createSystemPrincipalSubject​(java.lang.String user)
        Creates a (read-only) Subject representing a given user as a System user within Derby.
        Parameters:
        user - the user name
        Returns:
        a Subject representing the user by its exact and normalized name
        See Also:
        User Names & Authorization Identifiers in Derby
      • getAuthorizationId

        private static java.lang.String getAuthorizationId​(java.lang.String name)
        Returns the Authorization Identifier for a principal name.
        Parameters:
        name - the name of the principal
        Returns:
        the authorization identifier for this principal
      • checkSubjectHasPermission

        public static void checkSubjectHasPermission​(javax.security.auth.Subject subject,
                                                     java.security.Permission perm)
        Checks that a Subject has a Permission under the SecurityManager. To perform this check the following policy grant is required
        • to run the encapsulated test: permission javax.security.auth.AuthPermission "doAsPrivileged";
        or an AccessControlException will be raised detailing the cause.

        Parameters:
        subject - the subject representing the SystemPrincipal(s)
        perm - the permission to be checked
        Throws:
        java.security.AccessControlException - if permissions are missing
      • checkUserHasPermission

        public static void checkUserHasPermission​(java.lang.String user,
                                                  java.security.Permission perm)
        Checks that a User has a Permission under the SecurityManager. To perform this check the following policy grant is required
        • to run the encapsulated test: permission javax.security.auth.AuthPermission "doAsPrivileged";
        or an AccessControlException will be raised detailing the cause.

        Parameters:
        user - the user to be check for having the permission
        perm - the permission to be checked
        Throws:
        java.security.AccessControlException - if permissions are missing
      • authorize

        public static void authorize​(Securable operation)
                              throws StandardException
        Raise an exception if the current user does not have permission to perform the indicated operation.
        Throws:
        StandardException
      • checkDerbyInternalsPrivilege

        public static void checkDerbyInternalsPrivilege()
        Verify that we have been granted permission to use Derby internals
      • getContextOrNull

        private static Context getContextOrNull​(java.lang.String contextID)
        Privileged lookup of a Context. Must be private so that user code can't call this entry point.