Class SystemPrincipal

java.lang.Object
org.apache.derby.authentication.SystemPrincipal
All Implemented Interfaces:
Serializable, Principal

public final class SystemPrincipal extends Object implements Principal, Serializable
This class represents Derby's notion of a principal, a concept of user identity with controlled access to Derby System Privileges. An authenticated user may have other identities which make sense in other code domains.

Note that principal names do NOT follow Authorization Identifier rules. For instance, although edward and edWard both match the normalized authorization identifier EDWARD, the instances SystemPrincipal("edward") and SystemPrincipal("edWard") represent different principals under the methods getName(), equals(), and hashCode().

According to JAASRefGuide, Principal classes must implement Serializable.

See Also:
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    private final String
    The name of the principal.
    (package private) static final long
    BTW, this class currently does not require special handling during serialization/deserialization, so, there's no need to define methods readObject(ObjectInputStream) and writeObject(ObjectOutputStream).
  • Constructor Summary

    Constructors
    Constructor
    Description
    Constructs a principal for a given name.
  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    equals(Object other)
    Compares this principal to the specified object.
    Returns the name of this principal.
    int
    Returns a hashcode for this principal.
    private void
    Called upon deserialization for restoring the state of this SystemPrincipal from a stream.
    Returns a string representation of this principal.
    private static void
    Verify that the specified name of the principal is valid.

    Methods inherited from class java.lang.Object

    clone, finalize, getClass, notify, notifyAll, wait, wait, wait

    Methods inherited from interface java.security.Principal

    implies
  • Field Details

    • serialVersionUID

      static final long serialVersionUID
      BTW, this class currently does not require special handling during serialization/deserialization, so, there's no need to define methods readObject(ObjectInputStream) and writeObject(ObjectOutputStream).
      See Also:
    • name

      private final String name
      The name of the principal.

      Note that the name is not a "normalized" Authorization Identifier. This is due to peculiarities of the Java Security Runtime, which compares a javax.security.auth.Subject's Principals against the literal Principal name as declared in the policy files, and not against the return value of method getName(). So, a normalization of names within SystemPrincipal doesn't affect permission checking by the SecurityManager.

      In order for a javax.security.auth.Subject to be granted permissions on the basis Authorization Identifier rules, e.g., for a Subject authenticated as edWard to fall under a policy clause declared for EDWARD, the Subject has to be constructed (or augmented) with both the literal name and the normalized Authorization Identifier.

      As an alternative approach, class SystemPrincipal could implement the non-standard interface com.sun.security.auth.PrincipalComparator, which declares a method implies(Subject) that would allow for Principals to match Subjects on the basis of normalized Authorization Identifiers. But then we'd be relying upon non-standard Security Runtime behaviour.

      See Also:
  • Constructor Details

    • SystemPrincipal

      public SystemPrincipal(String name)
      Constructs a principal for a given name.
      Parameters:
      name - the name of the principal
      Throws:
      NullPointerException - if name is null
      IllegalArgumentException - if name is not a legal Principal name
  • Method Details