Class SecurityUtil

java.lang.Object

org.apache.derby.iapi.security.SecurityUtil

public class SecurityUtil
extends Object

This class provides helper functions for security-related features.

Field Summary

Fields

Modifier and Type	Field	Description
private static final SystemPermission	USE_DERBY_INTERNALS	Permission to access Derby contexts (permissions are immutable).

Constructor Summary

Constructors

Constructor	Description
SecurityUtil()

Method Summary

Modifier and Type	Method	Description
static void	authorize(Securable operation)	Raise an exception if the current user does not have permission to perform the indicated operation.
static void	checkDerbyInternalsPrivilege()	Verify that we have been granted permission to use Derby internals
static void	checkSubjectHasPermission(Subject subject, Permission perm)	Checks that a Subject has a Permission under the SecurityManager.
static void	checkUserHasPermission(String user, Permission perm)	Checks that a User has a Permission under the SecurityManager.
static Subject	createSystemPrincipalSubject(String user)	Creates a (read-only) Subject representing a given user as a System user within Derby.
private static String	getAuthorizationId(String name)	Returns the Authorization Identifier for a principal name.
private static Context	getContextOrNull(String contextID)	Privileged lookup of a Context.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

USE_DERBY_INTERNALS

private static final SystemPermission USE_DERBY_INTERNALS

Permission to access Derby contexts (permissions are immutable).

Constructor Details

SecurityUtil

public SecurityUtil()

Method Details

createSystemPrincipalSubject

public static Subject createSystemPrincipalSubject(String user)

Creates a (read-only) Subject representing a given user as a System user within Derby.

Parameters:

user - the user name

Returns:

a Subject representing the user by its exact and normalized name

See Also:

• User Names invalid input: '&' Authorization Identifiers in Derby

getAuthorizationId

private static String getAuthorizationId(String name)

Returns the Authorization Identifier for a principal name.

Parameters:

name - the name of the principal

Returns:

the authorization identifier for this principal

checkSubjectHasPermission

public static void checkSubjectHasPermission(Subject subject,
 Permission perm)

Checks that a Subject has a Permission under the SecurityManager. To perform this check the following policy grant is required

• to run the encapsulated test: permission javax.security.auth.AuthPermission "doAsPrivileged";

or an AccessControlException will be raised detailing the cause.

Parameters:

subject - the subject representing the SystemPrincipal(s)

perm - the permission to be checked

Throws:

AccessControlException - if permissions are missing

checkUserHasPermission

public static void checkUserHasPermission(String user,
 Permission perm)

Checks that a User has a Permission under the SecurityManager. To perform this check the following policy grant is required

• to run the encapsulated test: permission javax.security.auth.AuthPermission "doAsPrivileged";

or an AccessControlException will be raised detailing the cause.

Parameters:

user - the user to be check for having the permission

perm - the permission to be checked

Throws:

AccessControlException - if permissions are missing

authorize

public static void authorize(Securable operation)
                      throws StandardException

Raise an exception if the current user does not have permission to perform the indicated operation.

Throws:

StandardException

checkDerbyInternalsPrivilege

public static void checkDerbyInternalsPrivilege()

Verify that we have been granted permission to use Derby internals

getContextOrNull

private static Context getContextOrNull(String contextID)

Privileged lookup of a Context. Must be private so that user code can't call this entry point.