Package org.apache.derby.iapi.security
Class SecurityUtil
java.lang.Object
org.apache.derby.iapi.security.SecurityUtil
This class provides helper functions for security-related features.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final SystemPermission
Permission to access Derby contexts (permissions are immutable). -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic void
Raise an exception if the current user does not have permission to perform the indicated operation.static void
Verify that we have been granted permission to use Derby internalsstatic void
checkSubjectHasPermission
(Subject subject, Permission perm) Checks that a Subject has a Permission under the SecurityManager.static void
checkUserHasPermission
(String user, Permission perm) Checks that a User has a Permission under the SecurityManager.static Subject
Creates a (read-only) Subject representing a given user as a System user within Derby.private static String
getAuthorizationId
(String name) Returns the Authorization Identifier for a principal name.private static Context
getContextOrNull
(String contextID) Privileged lookup of a Context.
-
Field Details
-
USE_DERBY_INTERNALS
Permission to access Derby contexts (permissions are immutable).
-
-
Constructor Details
-
SecurityUtil
public SecurityUtil()
-
-
Method Details
-
createSystemPrincipalSubject
Creates a (read-only) Subject representing a given user as a System user within Derby.- Parameters:
user
- the user name- Returns:
- a Subject representing the user by its exact and normalized name
- See Also:
-
getAuthorizationId
Returns the Authorization Identifier for a principal name.- Parameters:
name
- the name of the principal- Returns:
- the authorization identifier for this principal
-
checkSubjectHasPermission
Checks that a Subject has a Permission under the SecurityManager. To perform this check the following policy grant is required- to run the encapsulated test: permission javax.security.auth.AuthPermission "doAsPrivileged";
- Parameters:
subject
- the subject representing the SystemPrincipal(s)perm
- the permission to be checked- Throws:
AccessControlException
- if permissions are missing
-
checkUserHasPermission
Checks that a User has a Permission under the SecurityManager. To perform this check the following policy grant is required- to run the encapsulated test: permission javax.security.auth.AuthPermission "doAsPrivileged";
- Parameters:
user
- the user to be check for having the permissionperm
- the permission to be checked- Throws:
AccessControlException
- if permissions are missing
-
authorize
Raise an exception if the current user does not have permission to perform the indicated operation.- Throws:
StandardException
-
checkDerbyInternalsPrivilege
public static void checkDerbyInternalsPrivilege()Verify that we have been granted permission to use Derby internals -
getContextOrNull
Privileged lookup of a Context. Must be private so that user code can't call this entry point.
-