Class SecurityUtil

java.lang.Object
org.apache.derby.iapi.security.SecurityUtil

public class SecurityUtil extends Object
This class provides helper functions for security-related features.
  • Field Details

    • USE_DERBY_INTERNALS

      private static final SystemPermission USE_DERBY_INTERNALS
      Permission to access Derby contexts (permissions are immutable).
  • Constructor Details

    • SecurityUtil

      public SecurityUtil()
  • Method Details

    • createSystemPrincipalSubject

      public static Subject createSystemPrincipalSubject(String user)
      Creates a (read-only) Subject representing a given user as a System user within Derby.
      Parameters:
      user - the user name
      Returns:
      a Subject representing the user by its exact and normalized name
      See Also:
    • getAuthorizationId

      private static String getAuthorizationId(String name)
      Returns the Authorization Identifier for a principal name.
      Parameters:
      name - the name of the principal
      Returns:
      the authorization identifier for this principal
    • checkSubjectHasPermission

      public static void checkSubjectHasPermission(Subject subject, Permission perm)
      Checks that a Subject has a Permission under the SecurityManager. To perform this check the following policy grant is required
      • to run the encapsulated test: permission javax.security.auth.AuthPermission "doAsPrivileged";
      or an AccessControlException will be raised detailing the cause.

      Parameters:
      subject - the subject representing the SystemPrincipal(s)
      perm - the permission to be checked
      Throws:
      AccessControlException - if permissions are missing
    • checkUserHasPermission

      public static void checkUserHasPermission(String user, Permission perm)
      Checks that a User has a Permission under the SecurityManager. To perform this check the following policy grant is required
      • to run the encapsulated test: permission javax.security.auth.AuthPermission "doAsPrivileged";
      or an AccessControlException will be raised detailing the cause.

      Parameters:
      user - the user to be check for having the permission
      perm - the permission to be checked
      Throws:
      AccessControlException - if permissions are missing
    • authorize

      public static void authorize(Securable operation) throws StandardException
      Raise an exception if the current user does not have permission to perform the indicated operation.
      Throws:
      StandardException
    • checkDerbyInternalsPrivilege

      public static void checkDerbyInternalsPrivilege()
      Verify that we have been granted permission to use Derby internals
    • getContextOrNull

      private static Context getContextOrNull(String contextID)
      Privileged lookup of a Context. Must be private so that user code can't call this entry point.