Package org.apache.derby.iapi.security
Class SecurityUtil
- java.lang.Object
-
- org.apache.derby.iapi.security.SecurityUtil
-
public class SecurityUtil extends java.lang.Object
This class provides helper functions for security-related features.
-
-
Field Summary
Fields Modifier and Type Field Description private static SystemPermission
USE_DERBY_INTERNALS
Permission to access Derby contexts (permissions are immutable).
-
Constructor Summary
Constructors Constructor Description SecurityUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static void
authorize(Securable operation)
Raise an exception if the current user does not have permission to perform the indicated operation.static void
checkDerbyInternalsPrivilege()
Verify that we have been granted permission to use Derby internalsstatic void
checkSubjectHasPermission(javax.security.auth.Subject subject, java.security.Permission perm)
Checks that a Subject has a Permission under the SecurityManager.static void
checkUserHasPermission(java.lang.String user, java.security.Permission perm)
Checks that a User has a Permission under the SecurityManager.static javax.security.auth.Subject
createSystemPrincipalSubject(java.lang.String user)
Creates a (read-only) Subject representing a given user as a System user within Derby.private static java.lang.String
getAuthorizationId(java.lang.String name)
Returns the Authorization Identifier for a principal name.private static Context
getContextOrNull(java.lang.String contextID)
Privileged lookup of a Context.
-
-
-
Field Detail
-
USE_DERBY_INTERNALS
private static final SystemPermission USE_DERBY_INTERNALS
Permission to access Derby contexts (permissions are immutable).
-
-
Method Detail
-
createSystemPrincipalSubject
public static javax.security.auth.Subject createSystemPrincipalSubject(java.lang.String user)
Creates a (read-only) Subject representing a given user as a System user within Derby.- Parameters:
user
- the user name- Returns:
- a Subject representing the user by its exact and normalized name
- See Also:
- User Names & Authorization Identifiers in Derby
-
getAuthorizationId
private static java.lang.String getAuthorizationId(java.lang.String name)
Returns the Authorization Identifier for a principal name.- Parameters:
name
- the name of the principal- Returns:
- the authorization identifier for this principal
-
checkSubjectHasPermission
public static void checkSubjectHasPermission(javax.security.auth.Subject subject, java.security.Permission perm)
Checks that a Subject has a Permission under the SecurityManager. To perform this check the following policy grant is required- to run the encapsulated test: permission javax.security.auth.AuthPermission "doAsPrivileged";
- Parameters:
subject
- the subject representing the SystemPrincipal(s)perm
- the permission to be checked- Throws:
java.security.AccessControlException
- if permissions are missing
-
checkUserHasPermission
public static void checkUserHasPermission(java.lang.String user, java.security.Permission perm)
Checks that a User has a Permission under the SecurityManager. To perform this check the following policy grant is required- to run the encapsulated test: permission javax.security.auth.AuthPermission "doAsPrivileged";
- Parameters:
user
- the user to be check for having the permissionperm
- the permission to be checked- Throws:
java.security.AccessControlException
- if permissions are missing
-
authorize
public static void authorize(Securable operation) throws StandardException
Raise an exception if the current user does not have permission to perform the indicated operation.- Throws:
StandardException
-
checkDerbyInternalsPrivilege
public static void checkDerbyInternalsPrivilege()
Verify that we have been granted permission to use Derby internals
-
getContextOrNull
private static Context getContextOrNull(java.lang.String contextID)
Privileged lookup of a Context. Must be private so that user code can't call this entry point.
-
-