Package org.apache.derby.authentication

Class SystemPrincipal

java.lang.Object

org.apache.derby.authentication.SystemPrincipal

All Implemented Interfaces:

java.io.Serializable, java.security.Principal

public final class SystemPrincipal
extends java.lang.Object
implements java.security.Principal, java.io.Serializable

This class represents Derby's notion of a principal, a concept of user identity with controlled access to Derby System Privileges. An authenticated user may have other identities which make sense in other code domains.

Note that principal names do NOT follow Authorization Identifier rules. For instance, although edward and edWard both match the normalized authorization identifier EDWARD, the instances SystemPrincipal("edward") and SystemPrincipal("edWard") represent different principals under the methods getName(), equals(), and hashCode().

According to JAASRefGuide, Principal classes must implement Serializable.

See Also:

Principal.getName(), JAASRefGuide on Principals, Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
private java.lang.String	name	The name of the principal.
(package private) static long	serialVersionUID	BTW, this class currently does not require special handling during serialization/deserialization, so, there's no need to define methods readObject(ObjectInputStream) and writeObject(ObjectOutputStream).

Constructor Summary

Constructors

Constructor	Description
SystemPrincipal(java.lang.String name)	Constructs a principal for a given name.

Method Summary

Modifier and Type	Method	Description
boolean	equals(java.lang.Object other)	Compares this principal to the specified object.
java.lang.String	getName()	Returns the name of this principal.
int	hashCode()	Returns a hashcode for this principal.
private void	readObject(java.io.ObjectInputStream s)	Called upon deserialization for restoring the state of this SystemPrincipal from a stream.
java.lang.String	toString()	Returns a string representation of this principal.
private static void	validateName(java.lang.String name)	Verify that the specified name of the principal is valid.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.security.Principal

implies

Field Detail

serialVersionUID

static final long serialVersionUID

BTW, this class currently does not require special handling during serialization/deserialization, so, there's no need to define methods readObject(ObjectInputStream) and writeObject(ObjectOutputStream).

See Also:

Constant Field Values

name

private final java.lang.String name

The name of the principal.

Note that the name is not a "normalized" Authorization Identifier. This is due to peculiarities of the Java Security Runtime, which compares a javax.security.auth.Subject's Principals against the literal Principal name as declared in the policy files, and not against the return value of method getName(). So, a normalization of names within SystemPrincipal doesn't affect permission checking by the SecurityManager.

In order for a javax.security.auth.Subject to be granted permissions on the basis Authorization Identifier rules, e.g., for a Subject authenticated as edWard to fall under a policy clause declared for EDWARD, the Subject has to be constructed (or augmented) with both the literal name and the normalized Authorization Identifier.

As an alternative approach, class SystemPrincipal could implement the non-standard interface com.sun.security.auth.PrincipalComparator, which declares a method implies(Subject) that would allow for Principals to match Subjects on the basis of normalized Authorization Identifiers. But then we'd be relying upon non-standard Security Runtime behaviour.

See Also:

User Names & Authorization Identifiers in Derby

Constructor Detail

SystemPrincipal

public SystemPrincipal(java.lang.String name)

Constructs a principal for a given name.

Parameters:

name - the name of the principal

Throws:

java.lang.NullPointerException - if name is null

java.lang.IllegalArgumentException - if name is not a legal Principal name

Method Detail

validateName

private static void validateName(java.lang.String name)

Verify that the specified name of the principal is valid.

Parameters:

name - the name of the principal

Throws:

java.lang.NullPointerException - if name is null

java.lang.IllegalArgumentException - if name is not a legal Principal name

equals

public boolean equals(java.lang.Object other)

Compares this principal to the specified object. Returns true if the object passed in matches the principal represented by the implementation of this interface.

Specified by:

equals in interface java.security.Principal

Overrides:

equals in class java.lang.Object

Parameters:

other - principal to compare with

Returns:

true if the principal passed in is the same as that encapsulated by this principal, and false otherwise

See Also:

Principal.equals(java.lang.Object)

getName

public java.lang.String getName()

Returns the name of this principal.

Specified by:

getName in interface java.security.Principal

Returns:

the name of this principal

See Also:

Principal.getName()

hashCode

public int hashCode()

Returns a hashcode for this principal.

Specified by:

hashCode in interface java.security.Principal

Overrides:

hashCode in class java.lang.Object

Returns:

a hashcode for this principal

See Also:

Principal.hashCode()

toString

public java.lang.String toString()

Returns a string representation of this principal.

Specified by:

toString in interface java.security.Principal

Overrides:

toString in class java.lang.Object

Returns:

a string representation of this principal

See Also:

Principal.toString()

readObject

private void readObject(java.io.ObjectInputStream s)
                 throws java.io.IOException,
                        java.lang.ClassNotFoundException

Called upon deserialization for restoring the state of this SystemPrincipal from a stream.

Throws:

java.io.IOException

java.lang.ClassNotFoundException