public final class AuthPermission
extends BasicPermission

此类用于身份验证权限。 AuthPermission包含名称（也称为“目标名称”）但没有动作列表; 您要么拥有命名权限，要么不拥有。

目标名称是安全配置参数的名称（请参见下文）。 目前AuthPermission对象用于保护访问Subject ， LoginContext和Configuration对象。

身份验证权限的标准目标名称是：

  doAs -                  allow the caller to invoke the
                              Subject.doAs methods.

      doAsPrivileged -        allow the caller to invoke the
                              Subject.doAsPrivileged methods.

      getSubject -            allow for the retrieval of the
                              Subject(s) associated with the
                              current Thread.

      getSubjectFromDomainCombiner -  allow for the retrieval of the
                              Subject associated with the
                              a SubjectDomainCombiner.

      setReadOnly -           allow the caller to set a Subject
                              to be read-only.

      modifyPrincipals -      allow the caller to modify the Set
                              of Principals associated with a
                              Subject

      modifyPublicCredentials - allow the caller to modify the
                              Set of public credentials
                              associated with a Subject

      modifyPrivateCredentials - allow the caller to modify the
                              Set of private credentials
                              associated with a Subject

      refreshCredential -     allow code to invoke the refresh
                              method on a credential which implements
                              the Refreshable interface.

      destroyCredential -     allow code to invoke the destroy
                              method on a credential object
                              which implements the Destroyable
                              interface.

      createLoginContext.{name} -  allow code to instantiate a
                              LoginContext with the
                              specified name.  name
                              is used as the index into the installed login
                              Configuration
                              (that returned by
                              Configuration.getConfiguration()).
                              name can be wildcarded (set to '*')
                              to allow for any name.

      getLoginConfiguration - allow for the retrieval of the system-wide
                              login Configuration.

      createLoginConfiguration.{type} - allow code to obtain a Configuration
                              object via
                              Configuration.getInstance.

      setLoginConfiguration - allow for the setting of the system-wide
                              login Configuration.

      refreshLoginConfiguration - allow for the refreshing of the system-wide
                              login Configuration. 

请注意，使用“modifyPrincipals”，“modifyPublicCredentials”或“modifyPrivateCredentials”目标授予此权限允许JAAS登录模块将主体或凭证对象填充到主题中。 虽然读取私有凭证集内的信息需要授予凭证类型PrivateCredentialPermission ，但读取主体集和公共凭据集内的信息不需要其他权限。 这些对象可能包含潜在的敏感信息。 例如，读取本地用户信息或执行Kerberos登录的登录模块能够将可能敏感的信息（例如用户ID，组和域名）添加到主体集中。

以下目标名称已被弃用，转而使用createLoginContext.{name} 。

  createLoginContext -    allow code to instantiate a
                              LoginContext.