stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8078528: clean out tidy warnings from security.auth

Browse Source 
Some HTML markup fixes for docs

Reviewed-by: xuelei
This commit is contained in:
Alexander Stepanov 2015-04-29 17:29:14 +04:00
parent 6929be6fff
commit 86a3e55dec
28 changed files with 751 additions and 1029 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
jdk/src/java.smartcardio/share/classes/javax/smartcardio/package.html
View File

@ -46,12 +46,10 @@ The API is defined by classes in the package
<a href="CommandAPDU.html">CommandAPDU</a>,
<a href="ResponseAPDU.html">ResponseAPDU</a>
<p>
<dt>Factory to obtain implementations
<dd>
<a href="TerminalFactory.html">TerminalFactory</a>
<p>
<dt>Main classes for card and terminal functions
<dd>
<a href="CardTerminals.html">CardTerminals</a>,
@ -59,14 +57,12 @@ The API is defined by classes in the package
<a href="Card.html">Card</a>,
<a href="CardChannel.html">CardChannel</a>
<p>
<dt>Supporting permission and exception classes
<dd>
<a href="CardPermission.html">CardPermission</a>,
<a href="CardException.html">CardException</a>,
<a href="CardNotPresentException.html">CardNotPresentException</a>
<p>
<dt>Service provider interface, not accessed directly by applications
<dd>
<a href="TerminalFactorySpi.html">TerminalFactorySpi</a>
@ -94,7 +90,6 @@ A simple example of using the API is:
card.disconnect(false);
</pre>
<P>
@since 1.6
@author Andreas Sterbenz
@author JSR 268 Expert Group

50
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/NTDomainPrincipal.java
View File

@ -28,19 +28,19 @@ package com.sun.security.auth;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* This class implements the {@code Principal} interface
* and represents the name of the Windows NT domain into which the
* user authenticated. This will be a domain name if the user logged
* into a Windows NT domain, a workgroup name if the user logged into
* a workgroup, or a machine name if the user logged into a standalone
* configuration.
*
* <p> Principals such as this <code>NTDomainPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* <p> Principals such as this {@code NTDomainPrincipal}
* may be associated with a particular {@code Subject}
* to augment that {@code Subject} with an additional
* identity. Refer to the {@code Subject} class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* the Principals associated with a {@code Subject}.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
@ -56,14 +56,12 @@ public class NTDomainPrincipal implements Principal, java.io.Serializable {
private String name;
/**
* Create an <code>NTDomainPrincipal</code> with a Windows NT domain name.
* Create an {@code NTDomainPrincipal} with a Windows NT domain name.
*
* <p>
* @param name the Windows NT domain name for this user.
*
* @param name the Windows NT domain name for this user. <p>
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
* @exception NullPointerException if the {@code name}
* is {@code null}.
*/
public NTDomainPrincipal(String name) {
if (name == null) {
@ -79,23 +77,19 @@ public class NTDomainPrincipal implements Principal, java.io.Serializable {
/**
* Return the Windows NT domain name for this
* <code>NTDomainPrincipal</code>.
*
* <p>
* {@code NTDomainPrincipal}.
*
* @return the Windows NT domain name for this
* <code>NTDomainPrincipal</code>
* {@code NTDomainPrincipal}
*/
public String getName() {
return name;
}
/**
* Return a string representation of this <code>NTDomainPrincipal</code>.
* Return a string representation of this {@code NTDomainPrincipal}.
*
* <p>
*
* @return a string representation of this <code>NTDomainPrincipal</code>.
* @return a string representation of this {@code NTDomainPrincipal}.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
@ -107,18 +101,16 @@ public class NTDomainPrincipal implements Principal, java.io.Serializable {
}
/**
* Compares the specified Object with this <code>NTDomainPrincipal</code>
* Compares the specified Object with this {@code NTDomainPrincipal}
* for equality. Returns true if the given object is also a
* <code>NTDomainPrincipal</code> and the two NTDomainPrincipals
* {@code NTDomainPrincipal} and the two NTDomainPrincipals
* have the same name.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTDomainPrincipal</code>.
* {@code NTDomainPrincipal}.
*
* @return true if the specified Object is equal to this
* <code>NTDomainPrincipal</code>.
* {@code NTDomainPrincipal}.
*/
public boolean equals(Object o) {
if (o == null)
@ -137,11 +129,9 @@ public class NTDomainPrincipal implements Principal, java.io.Serializable {
}
/**
* Return a hash code for this <code>NTDomainPrincipal</code>.
* Return a hash code for this {@code NTDomainPrincipal}.
*
* <p>
*
* @return a hash code for this <code>NTDomainPrincipal</code>.
* @return a hash code for this {@code NTDomainPrincipal}.
*/
public int hashCode() {
return this.getName().hashCode();

38
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/NTNumericCredential.java
View File

@ -26,9 +26,8 @@
package com.sun.security.auth;
/**
* <p> This class abstracts an NT security token
* This class abstracts an NT security token
* and provides a mechanism to do same-process security impersonation.
*
*/
@jdk.Exported
@ -37,12 +36,9 @@ public class NTNumericCredential {
private long impersonationToken;
/**
* Create an <code>NTNumericCredential</code> with an integer value.
*
* <p>
*
* @param token the Windows NT security token for this user. <p>
* Create an {@code NTNumericCredential} with an integer value.
*
* @param token the Windows NT security token for this user.
*/
public NTNumericCredential(long token) {
this.impersonationToken = token;
@ -50,23 +46,19 @@ public class NTNumericCredential {
/**
* Return an integer representation of this
* <code>NTNumericCredential</code>.
*
* <p>
* {@code NTNumericCredential}.
*
* @return an integer representation of this
* <code>NTNumericCredential</code>.
* {@code NTNumericCredential}.
*/
public long getToken() {
return impersonationToken;
}
/**
* Return a string representation of this <code>NTNumericCredential</code>.
* Return a string representation of this {@code NTNumericCredential}.
*
* <p>
*
* @return a string representation of this <code>NTNumericCredential</code>.
* @return a string representation of this {@code NTNumericCredential}.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
@ -78,18 +70,16 @@ public class NTNumericCredential {
}
/**
* Compares the specified Object with this <code>NTNumericCredential</code>
* Compares the specified Object with this {@code NTNumericCredential}
* for equality. Returns true if the given object is also a
* <code>NTNumericCredential</code> and the two NTNumericCredentials
* {@code NTNumericCredential} and the two NTNumericCredentials
* represent the same NT security token.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTNumericCredential</code>.
* {@code NTNumericCredential}.
*
* @return true if the specified Object is equal to this
* <code>NTNumericCredential</code>.
* {@code NTNumericCredential}.
*/
public boolean equals(Object o) {
if (o == null)
@ -108,11 +98,9 @@ public class NTNumericCredential {
}
/**
* Return a hash code for this <code>NTNumericCredential</code>.
* Return a hash code for this {@code NTNumericCredential}.
*
* <p>
*
* @return a hash code for this <code>NTNumericCredential</code>.
* @return a hash code for this {@code NTNumericCredential}.
*/
public int hashCode() {
return (int)this.impersonationToken;

52
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/NTSid.java
View File

@ -28,7 +28,7 @@ package com.sun.security.auth;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* This class implements the {@code Principal} interface
* and represents information about a Windows NT user, group or realm.
*
* <p> Windows NT chooses to represent users, groups and realms (or domains)
@ -37,12 +37,12 @@ import java.security.Principal;
* also provides services that render these SIDs into string forms.
* This class represents these string forms.
*
* <p> Principals such as this <code>NTSid</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* <p> Principals such as this {@code NTSid}
* may be associated with a particular {@code Subject}
* to augment that {@code Subject} with an additional
* identity. Refer to the {@code Subject} class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* the Principals associated with a {@code Subject}.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
@ -58,16 +58,14 @@ public class NTSid implements Principal, java.io.Serializable {
private String sid;
/**
* Create an <code>NTSid</code> with a Windows NT SID.
* Create an {@code NTSid} with a Windows NT SID.
*
* <p>
* @param stringSid the Windows NT SID.
*
* @param stringSid the Windows NT SID. <p>
* @exception NullPointerException if the {@code String}
* is {@code null}.
*
* @exception NullPointerException if the <code>String</code>
* is <code>null</code>.
*
* @exception IllegalArgumentException if the <code>String</code>
* @exception IllegalArgumentException if the {@code String}
* has zero length.
*/
public NTSid (String stringSid) {
@ -89,22 +87,18 @@ public class NTSid implements Principal, java.io.Serializable {
}
/**
* Return a string version of this <code>NTSid</code>.
* Return a string version of this {@code NTSid}.
*
* <p>
*
* @return a string version of this <code>NTSid</code>
* @return a string version of this {@code NTSid}
*/
public String getName() {
return sid;
}
/**
* Return a string representation of this <code>NTSid</code>.
* Return a string representation of this {@code NTSid}.
*
* <p>
*
* @return a string representation of this <code>NTSid</code>.
* @return a string representation of this {@code NTSid}.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
@ -116,18 +110,16 @@ public class NTSid implements Principal, java.io.Serializable {
}
/**
* Compares the specified Object with this <code>NTSid</code>
* Compares the specified Object with this {@code NTSid}
* for equality. Returns true if the given object is also a
* <code>NTSid</code> and the two NTSids have the same String
* {@code NTSid} and the two NTSids have the same String
* representation.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTSid</code>.
* {@code NTSid}.
*
* @return true if the specified Object is equal to this
* <code>NTSid</code>.
* {@code NTSid}.
*/
public boolean equals(Object o) {
if (o == null)
@ -147,11 +139,9 @@ public class NTSid implements Principal, java.io.Serializable {
}
/**
* Return a hash code for this <code>NTSid</code>.
* Return a hash code for this {@code NTSid}.
*
* <p>
*
* @return a hash code for this <code>NTSid</code>.
* @return a hash code for this {@code NTSid}.
*/
public int hashCode() {
return sid.hashCode();

38
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/NTSidDomainPrincipal.java
View File

@ -26,19 +26,19 @@
package com.sun.security.auth;
/**
* <p> This class extends <code>NTSid</code>
* This class extends {@code NTSid}
* and represents a Windows NT user's domain SID.
*
* <p> An NT user only has a domain SID if in fact they are logged
* into an NT domain. If the user is logged into a workgroup or
* just a standalone configuration, they will NOT have a domain SID.
*
* <p> Principals such as this <code>NTSidDomainPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* <p> Principals such as this {@code NTSidDomainPrincipal}
* may be associated with a particular {@code Subject}
* to augment that {@code Subject} with an additional
* identity. Refer to the {@code Subject} class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* the Principals associated with a {@code Subject}.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
@ -49,27 +49,23 @@ public class NTSidDomainPrincipal extends NTSid {
private static final long serialVersionUID = 5247810785821650912L;
/**
* Create an <code>NTSidDomainPrincipal</code> with a Windows NT SID.
*
* <p>
* Create an {@code NTSidDomainPrincipal} with a Windows NT SID.
*
* @param name a string version of the Windows NT SID for this
* user's domain.<p>
* user's domain.
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
* @exception NullPointerException if the {@code name}
* is {@code null}.
*/
public NTSidDomainPrincipal(String name) {
super(name);
}
/**
* Return a string representation of this <code>NTSidDomainPrincipal</code>.
*
* <p>
* Return a string representation of this {@code NTSidDomainPrincipal}.
*
* @return a string representation of this
* <code>NTSidDomainPrincipal</code>.
* {@code NTSidDomainPrincipal}.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
@ -81,18 +77,16 @@ public class NTSidDomainPrincipal extends NTSid {
}
/**
* Compares the specified Object with this <code>NTSidDomainPrincipal</code>
* Compares the specified Object with this {@code NTSidDomainPrincipal}
* for equality. Returns true if the given object is also a
* <code>NTSidDomainPrincipal</code> and the two NTSidDomainPrincipals
* {@code NTSidDomainPrincipal} and the two NTSidDomainPrincipals
* have the same SID.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTSidDomainPrincipal</code>.
* {@code NTSidDomainPrincipal}.
*
* @return true if the specified Object is equal to this
* <code>NTSidDomainPrincipal</code>.
* {@code NTSidDomainPrincipal}.
*/
public boolean equals(Object o) {
if (o == null)

38
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/NTSidGroupPrincipal.java
View File

@ -26,15 +26,15 @@
package com.sun.security.auth;
/**
* <p> This class extends <code>NTSid</code>
* This class extends {@code NTSid}
* and represents one of the groups to which a Windows NT user belongs.
*
* <p> Principals such as this <code>NTSidGroupPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* <p> Principals such as this {@code NTSidGroupPrincipal}
* may be associated with a particular {@code Subject}
* to augment that {@code Subject} with an additional
* identity. Refer to the {@code Subject} class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* the Principals associated with a {@code Subject}.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
@ -46,25 +46,21 @@ public class NTSidGroupPrincipal extends NTSid {
private static final long serialVersionUID = -1373347438636198229L;
/**
* Create an <code>NTSidGroupPrincipal</code> with a Windows NT group name.
* Create an {@code NTSidGroupPrincipal} with a Windows NT group name.
*
* <p>
* @param name the Windows NT group SID for this user.
*
* @param name the Windows NT group SID for this user. <p>
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
* @exception NullPointerException if the {@code name}
* is {@code null}.
*/
public NTSidGroupPrincipal(String name) {
super(name);
}
/**
* Return a string representation of this <code>NTSidGroupPrincipal</code>.
* Return a string representation of this {@code NTSidGroupPrincipal}.
*
* <p>
*
* @return a string representation of this <code>NTSidGroupPrincipal</code>.
* @return a string representation of this {@code NTSidGroupPrincipal}.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
@ -76,18 +72,16 @@ public class NTSidGroupPrincipal extends NTSid {
}
/**
* Compares the specified Object with this <code>NTSidGroupPrincipal</code>
* Compares the specified Object with this {@code NTSidGroupPrincipal}
* for equality. Returns true if the given object is also a
* <code>NTSidGroupPrincipal</code> and the two NTSidGroupPrincipals
* {@code NTSidGroupPrincipal} and the two NTSidGroupPrincipals
* have the same SID.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTSidGroupPrincipal</code>.
* {@code NTSidGroupPrincipal}.
*
* @return true if the specified Object is equal to this
* <code>NTSidGroupPrincipal</code>.
* {@code NTSidGroupPrincipal}.
*/
public boolean equals(Object o) {
if (o == null)

38
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/NTSidPrimaryGroupPrincipal.java
View File

@ -26,15 +26,15 @@
package com.sun.security.auth;
/**
* <p> This class extends <code>NTSid</code>
* This class extends {@code NTSid}
* and represents a Windows NT user's primary group SID.
*
* <p> Principals such as this <code>NTSidPrimaryGroupPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* <p> Principals such as this {@code NTSidPrimaryGroupPrincipal}
* may be associated with a particular {@code Subject}
* to augment that {@code Subject} with an additional
* identity. Refer to the {@code Subject} class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* the Principals associated with a {@code Subject}.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
@ -45,15 +45,13 @@ public class NTSidPrimaryGroupPrincipal extends NTSid {
private static final long serialVersionUID = 8011978367305190527L;
/**
* Create an <code>NTSidPrimaryGroupPrincipal</code> with a Windows NT
* Create an {@code NTSidPrimaryGroupPrincipal} with a Windows NT
* group SID.
*
* <p>
* @param name the primary Windows NT group SID for this user.
*
* @param name the primary Windows NT group SID for this user. <p>
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
* @exception NullPointerException if the {@code name}
* is {@code null}.
*/
public NTSidPrimaryGroupPrincipal(String name) {
super(name);
@ -61,12 +59,10 @@ public class NTSidPrimaryGroupPrincipal extends NTSid {
/**
* Return a string representation of this
* <code>NTSidPrimaryGroupPrincipal</code>.
*
* <p>
* {@code NTSidPrimaryGroupPrincipal}.
*
* @return a string representation of this
* <code>NTSidPrimaryGroupPrincipal</code>.
* {@code NTSidPrimaryGroupPrincipal}.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
@ -79,18 +75,16 @@ public class NTSidPrimaryGroupPrincipal extends NTSid {
/**
* Compares the specified Object with this
* <code>NTSidPrimaryGroupPrincipal</code>
* {@code NTSidPrimaryGroupPrincipal}
* for equality. Returns true if the given object is also a
* <code>NTSidPrimaryGroupPrincipal</code> and the two
* {@code NTSidPrimaryGroupPrincipal} and the two
* NTSidPrimaryGroupPrincipals have the same SID.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTSidPrimaryGroupPrincipal</code>.
* {@code NTSidPrimaryGroupPrincipal}.
*
* @return true if the specified Object is equal to this
* <code>NTSidPrimaryGroupPrincipal</code>.
* {@code NTSidPrimaryGroupPrincipal}.
*/
public boolean equals(Object o) {
if (o == null)

38
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/NTSidUserPrincipal.java
View File

@ -26,15 +26,15 @@
package com.sun.security.auth;
/**
* <p> This class extends <code>NTSid</code>
* This class extends {@code NTSid}
* and represents a Windows NT user's SID.
*
* <p> Principals such as this <code>NTSidUserPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* <p> Principals such as this {@code NTSidUserPrincipal}
* may be associated with a particular {@code Subject}
* to augment that {@code Subject} with an additional
* identity. Refer to the {@code Subject} class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* the Principals associated with a {@code Subject}.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
@ -45,25 +45,21 @@ public class NTSidUserPrincipal extends NTSid {
private static final long serialVersionUID = -5573239889517749525L;
/**
* Create an <code>NTSidUserPrincipal</code> with a Windows NT SID.
* Create an {@code NTSidUserPrincipal} with a Windows NT SID.
*
* <p>
* @param name a string version of the Windows NT SID for this user.
*
* @param name a string version of the Windows NT SID for this user.<p>
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
* @exception NullPointerException if the {@code name}
* is {@code null}.
*/
public NTSidUserPrincipal(String name) {
super(name);
}
/**
* Return a string representation of this <code>NTSidUserPrincipal</code>.
* Return a string representation of this {@code NTSidUserPrincipal}.
*
* <p>
*
* @return a string representation of this <code>NTSidUserPrincipal</code>.
* @return a string representation of this {@code NTSidUserPrincipal}.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
@ -75,18 +71,16 @@ public class NTSidUserPrincipal extends NTSid {
}
/**
* Compares the specified Object with this <code>NTSidUserPrincipal</code>
* Compares the specified Object with this {@code NTSidUserPrincipal}
* for equality. Returns true if the given object is also a
* <code>NTSidUserPrincipal</code> and the two NTSidUserPrincipals
* {@code NTSidUserPrincipal} and the two NTSidUserPrincipals
* have the same SID.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTSidUserPrincipal</code>.
* {@code NTSidUserPrincipal}.
*
* @return true if the specified Object is equal to this
* <code>NTSidUserPrincipal</code>.
* {@code NTSidUserPrincipal}.
*/
public boolean equals(Object o) {
if (o == null)

50
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/NTUserPrincipal.java
View File

@ -28,15 +28,15 @@ package com.sun.security.auth;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* This class implements the {@code Principal} interface
* and represents a Windows NT user.
*
* <p> Principals such as this <code>NTUserPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* <p> Principals such as this {@code NTUserPrincipal}
* may be associated with a particular {@code Subject}
* to augment that {@code Subject} with an additional
* identity. Refer to the {@code Subject} class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* the Principals associated with a {@code Subject}.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
@ -52,14 +52,12 @@ public class NTUserPrincipal implements Principal, java.io.Serializable {
private String name;
/**
* Create an <code>NTUserPrincipal</code> with a Windows NT username.
* Create an {@code NTUserPrincipal} with a Windows NT username.
*
* <p>
* @param name the Windows NT username for this user.
*
* @param name the Windows NT username for this user. <p>
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
* @exception NullPointerException if the {@code name}
* is {@code null}.
*/
public NTUserPrincipal(String name) {
if (name == null) {
@ -74,22 +72,18 @@ public class NTUserPrincipal implements Principal, java.io.Serializable {
}
/**
* Return the Windows NT username for this <code>NTPrincipal</code>.
* Return the Windows NT username for this {@code NTPrincipal}.
*
* <p>
*
* @return the Windows NT username for this <code>NTPrincipal</code>
* @return the Windows NT username for this {@code NTPrincipal}
*/
public String getName() {
return name;
}
/**
* Return a string representation of this <code>NTPrincipal</code>.
* Return a string representation of this {@code NTPrincipal}.
*
* <p>
*
* @return a string representation of this <code>NTPrincipal</code>.
* @return a string representation of this {@code NTPrincipal}.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
@ -101,18 +95,16 @@ public class NTUserPrincipal implements Principal, java.io.Serializable {
}
/**
* Compares the specified Object with this <code>NTUserPrincipal</code>
* Compares the specified Object with this {@code NTUserPrincipal}
* for equality. Returns true if the given object is also a
* <code>NTUserPrincipal</code> and the two NTUserPrincipals
* {@code NTUserPrincipal} and the two NTUserPrincipals
* have the same name.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>NTPrincipal</code>.
* {@code NTPrincipal}.
*
* @return true if the specified Object is equal to this
* <code>NTPrincipal</code>.
* {@code NTPrincipal}.
*/
public boolean equals(Object o) {
if (o == null)
@ -131,11 +123,9 @@ public class NTUserPrincipal implements Principal, java.io.Serializable {
}
/**
* Return a hash code for this <code>NTUserPrincipal</code>.
* Return a hash code for this {@code NTUserPrincipal}.
*
* <p>
*
* @return a hash code for this <code>NTUserPrincipal</code>.
* @return a hash code for this {@code NTUserPrincipal}.
*/
public int hashCode() {
return this.getName().hashCode();

135
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/PolicyFile.java
View File

@ -31,25 +31,25 @@ import javax.security.auth.Subject;
/**
* This class represents a default implementation for
* <code>javax.security.auth.Policy</code>.
* {@code javax.security.auth.Policy}.
*
* <p> This object stores the policy for entire Java runtime,
* and is the amalgamation of multiple static policy
* configurations that resides in files.
* The algorithm for locating the policy file(s) and reading their
* information into this <code>Policy</code> object is:
* information into this {@code Policy} object is:
*
* <ol>
* <li>
* Loop through the security properties,
* <i>auth.policy.url.1</i>, <i>auth.policy.url.2</i>, ...,
* <i>auth.policy.url.X</i>".
* Each property value specifies a <code>URL</code> pointing to a
* Each property value specifies a {@code URL} pointing to a
* policy file to be loaded. Read in and load each policy.
*
* <li>
* The <code>java.lang.System</code> property <i>java.security.auth.policy</i>
* may also be set to a <code>URL</code> pointing to another policy file
* The {@code java.lang.System} property <i>java.security.auth.policy</i>
* may also be set to a {@code URL} pointing to another policy file
* (which is the case when a user uses the -D switch at runtime).
* If this property is defined, and its use is allowed by the
* security property file (the Security property,
@ -83,35 +83,35 @@ import javax.security.auth.Subject;
* doesn't matter and some are optional, as noted below).
* Italicized items represent variable values.
*
* <p> A grant entry must begin with the word <code>grant</code>.
* The <code>signedBy</code> and <code>codeBase</code>
* <p> A grant entry must begin with the word {@code grant}.
* The {@code signedBy} and {@code codeBase}
* name/value pairs are optional.
* If they are not present, then any signer (including unsigned code)
* will match, and any codeBase will match. Note that the
* <code>principal</code> name/value pair is not optional.
* This <code>Policy</code> implementation only permits
* {@code principal} name/value pair is not optional.
* This {@code Policy} implementation only permits
* Principal-based grant entries. Note that the <i>principalClass</i>
* may be set to the wildcard value, *, which allows it to match
* any <code>Principal</code> class. In addition, the <i>principalName</i>
* any {@code Principal} class. In addition, the <i>principalName</i>
* may also be set to the wildcard value, *, allowing it to match
* any <code>Principal</code> name. When setting the <i>principalName</i>
* any {@code Principal} name. When setting the <i>principalName</i>
* to the *, do not surround the * with quotes.
*
* <p> A permission entry must begin with the word <code>permission</code>.
* The word <code><i>Type</i></code> in the template above is
* a specific permission type, such as <code>java.io.FilePermission</code>
* or <code>java.lang.RuntimePermission</code>.
* <p> A permission entry must begin with the word {@code permission}.
* The word <i>{@code Type}</i> in the template above is
* a specific permission type, such as {@code java.io.FilePermission}
* or {@code java.lang.RuntimePermission}.
*
* <p> The "<i>action</i>" is required for
* many permission types, such as <code>java.io.FilePermission</code>
* many permission types, such as {@code java.io.FilePermission}
* (where it specifies what type of file access that is permitted).
* It is not required for categories such as
* <code>java.lang.RuntimePermission</code>
* {@code java.lang.RuntimePermission}
* where it is not necessary - you either have the
* permission specified by the <code>"<i>name</i>"</code>
* permission specified by the "<i>{@code name}</i>"
* value following the type name or you don't.
*
* <p> The <code>signedBy</code> name/value pair for a permission entry
* <p> The {@code signedBy} name/value pair for a permission entry
* is optional. If present, it indicates a signed permission. That is,
* the permission class itself must be signed by the given alias in
* order for it to be granted. For example,
@ -124,18 +124,18 @@ import javax.security.auth.Subject;
* </pre>
*
* <p> Then this permission of type <i>Foo</i> is granted if the
* <code>Foo.class</code> permission has been signed by the
* "FooSoft" alias, or if <code>Foo.class</code> is a
* {@code Foo.class} permission has been signed by the
* "FooSoft" alias, or if {@code Foo.class} is a
* system class (i.e., is found on the CLASSPATH).
*
* <p> Items that appear in an entry must appear in the specified order
* (<code>permission</code>, <i>Type</i>, "<i>name</i>", and
* ({@code permission}, <i>Type</i>, "<i>name</i>", and
* "<i>action</i>"). An entry is terminated with a semicolon.
*
* <p> Case is unimportant for the identifiers (<code>permission</code>,
* <code>signedBy</code>, <code>codeBase</code>, etc.) but is
* <p> Case is unimportant for the identifiers ({@code permission},
* {@code signedBy}, {@code codeBase}, etc.) but is
* significant for the <i>Type</i>
* or for any string that is passed in as a value. <p>
* or for any string that is passed in as a value.
*
* <p> An example of two entries in a policy configuration file is
* <pre>
@ -153,15 +153,15 @@ import javax.security.auth.Subject;
* permission java.util.PropertyPermission "java.vendor";
* </pre>
*
* <p> This <code>Policy</code> implementation supports
* <p> This {@code Policy} implementation supports
* special handling for PrivateCredentialPermissions.
* If a grant entry is configured with a
* <code>PrivateCredentialPermission</code>,
* {@code PrivateCredentialPermission},
* and the "Principal Class/Principal Name" for that
* <code>PrivateCredentialPermission</code> is "self",
* then the entry grants the specified <code>Subject</code> permission to
* {@code PrivateCredentialPermission} is "self",
* then the entry grants the specified {@code Subject} permission to
* access its own private Credential. For example,
* the following grants the <code>Subject</code> "Duke"
* the following grants the {@code Subject} "Duke"
* access to its own a.b.Credential.
*
* <pre>
@ -172,7 +172,7 @@ import javax.security.auth.Subject;
* };
* </pre>
*
* The following grants the <code>Subject</code> "Duke"
* The following grants the {@code Subject} "Duke"
* access to all of its own private Credentials:
*
* <pre>
@ -184,7 +184,7 @@ import javax.security.auth.Subject;
* </pre>
*
* The following grants all Subjects authenticated as a
* <code>SolarisPrincipal</code> (regardless of their respective names)
* {@code SolarisPrincipal} (regardless of their respective names)
* permission to access their own private Credentials:
*
* <pre>
@ -207,7 +207,7 @@ import javax.security.auth.Subject;
* </pre>
* @deprecated As of JDK&nbsp;1.4, replaced by
* <code>sun.security.provider.PolicyFile</code>.
* {@code sun.security.provider.PolicyFile}.
* This class is entirely deprecated.
*
* @see java.security.CodeSource
@ -232,10 +232,8 @@ public class PolicyFile extends javax.security.auth.Policy {
/**
* Refreshes the policy object by re-reading all the policy files.
*
* <p>
*
* @exception SecurityException if the caller doesn't have permission
* to refresh the <code>Policy</code>.
* to refresh the {@code Policy}.
*/
@Override
public void refresh() {
@ -243,59 +241,56 @@ public class PolicyFile extends javax.security.auth.Policy {
}
/**
* Examines this <code>Policy</code> and returns the Permissions granted
* to the specified <code>Subject</code> and <code>CodeSource</code>.
* Examines this {@code Policy} and returns the Permissions granted
* to the specified {@code Subject} and {@code CodeSource}.
*
* <p> Permissions for a particular <i>grant</i> entry are returned
* if the <code>CodeSource</code> constructed using the codebase and
* signedby values specified in the entry <code>implies</code>
* the <code>CodeSource</code> provided to this method, and if the
* <code>Subject</code> provided to this method contains all of the
* if the {@code CodeSource} constructed using the codebase and
* signedby values specified in the entry {@code implies}
* the {@code CodeSource} provided to this method, and if the
* {@code Subject} provided to this method contains all of the
* Principals specified in the entry.
*
* <p> The <code>Subject</code> provided to this method contains all
* <p> The {@code Subject} provided to this method contains all
* of the Principals specified in the entry if, for each
* <code>Principal</code>, "P1", specified in the <i>grant</i> entry
* {@code Principal}, "P1", specified in the <i>grant</i> entry
* one of the following two conditions is met:
*
* <p>
* <ol>
* <li> the <code>Subject</code> has a
* <code>Principal</code>, "P2", where
* <code>P2.getClass().getName()</code> equals the
* <li> the {@code Subject} has a
* {@code Principal}, "P2", where
* {@code P2.getClass().getName()} equals the
* P1's class name, and where
* <code>P2.getName()</code> equals the P1's name.
* {@code P2.getName()} equals the P1's name.
*
* <li> P1 implements
* <code>com.sun.security.auth.PrincipalComparator</code>,
* and <code>P1.implies</code> the provided <code>Subject</code>.
* {@code com.sun.security.auth.PrincipalComparator},
* and {@code P1.implies} the provided {@code Subject}.
* </ol>
*
* <p> Note that this <code>Policy</code> implementation has
* <p> Note that this {@code Policy} implementation has
* special handling for PrivateCredentialPermissions.
* When this method encounters a <code>PrivateCredentialPermission</code>
* which specifies "self" as the <code>Principal</code> class and name,
* it does not add that <code>Permission</code> to the returned
* <code>PermissionCollection</code>. Instead, it builds
* a new <code>PrivateCredentialPermission</code>
* for each <code>Principal</code> associated with the provided
* <code>Subject</code>. Each new <code>PrivateCredentialPermission</code>
* When this method encounters a {@code PrivateCredentialPermission}
* which specifies "self" as the {@code Principal} class and name,
* it does not add that {@code Permission} to the returned
* {@code PermissionCollection}. Instead, it builds
* a new {@code PrivateCredentialPermission}
* for each {@code Principal} associated with the provided
* {@code Subject}. Each new {@code PrivateCredentialPermission}
* contains the same Credential class as specified in the
* originally granted permission, as well as the Class and name
* for the respective <code>Principal</code>.
* for the respective {@code Principal}.
*
* <p>
*
* @param subject the Permissions granted to this <code>Subject</code>
* and the additionally provided <code>CodeSource</code>
* are returned. <p>
*
* @param codesource the Permissions granted to this <code>CodeSource</code>
* and the additionally provided <code>Subject</code>
* @param subject the Permissions granted to this {@code Subject}
* and the additionally provided {@code CodeSource}
* are returned.
*
* @return the Permissions granted to the provided <code>Subject</code>
* <code>CodeSource</code>.
* @param codesource the Permissions granted to this {@code CodeSource}
* and the additionally provided {@code Subject}
* are returned.
*
* @return the Permissions granted to the provided {@code Subject}
* {@code CodeSource}.
*/
@Override
public PermissionCollection getPermissions(final Subject subject,

30
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/PrincipalComparator.java
View File

@ -26,25 +26,25 @@
package com.sun.security.auth;
/**
* An object that implements the <code>java.security.Principal</code>
* An object that implements the {@code java.security.Principal}
* interface typically also implements this interface to provide
* a means for comparing that object to a specified <code>Subject</code>.
* a means for comparing that object to a specified {@code Subject}.
*
* <p> The comparison is achieved via the <code>implies</code> method.
* The implementation of the <code>implies</code> method determines
* whether this object "implies" the specified <code>Subject</code>.
* <p> The comparison is achieved via the {@code implies} method.
* The implementation of the {@code implies} method determines
* whether this object "implies" the specified {@code Subject}.
* One example application of this method may be for
* a "group" object to imply a particular <code>Subject</code>
* if that <code>Subject</code> belongs to the group.
* a "group" object to imply a particular {@code Subject}
* if that {@code Subject} belongs to the group.
* Another example application of this method would be for
* "role" object to imply a particular <code>Subject</code>
* if that <code>Subject</code> is currently acting in that role.
* "role" object to imply a particular {@code Subject}
* if that {@code Subject} is currently acting in that role.
*
* <p> Although classes that implement this interface typically
* also implement the <code>java.security.Principal</code> interface,
* also implement the {@code java.security.Principal} interface,
* it is not required. In other words, classes may implement the
* <code>java.security.Principal</code> interface by itself,
* the <code>PrincipalComparator</code> interface by itself,
* {@code java.security.Principal} interface by itself,
* the {@code PrincipalComparator} interface by itself,
* or both at the same time.
*
* @see java.security.Principal
@ -53,12 +53,10 @@ package com.sun.security.auth;
@jdk.Exported
public interface PrincipalComparator {
/**
* Check if the specified <code>Subject</code> is implied by
* Check if the specified {@code Subject} is implied by
* this object.
*
* <p>
*
* @return true if the specified <code>Subject</code> is implied by
* @return true if the specified {@code Subject} is implied by
* this object, or false otherwise.
*/
boolean implies(javax.security.auth.Subject subject);

66
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/SolarisNumericGroupPrincipal.java
View File

@ -28,15 +28,15 @@ package com.sun.security.auth;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* This class implements the {@code Principal} interface
* and represents a user's Solaris group identification number (GID).
*
* <p> Principals such as this <code>SolarisNumericGroupPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* <p> Principals such as this {@code SolarisNumericGroupPrincipal}
* may be associated with a particular {@code Subject}
* to augment that {@code Subject} with an additional
* identity. Refer to the {@code Subject} class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* the Principals associated with a {@code Subject}.
* @deprecated As of JDK&nbsp;1.4, replaced by
* {@link UnixNumericGroupPrincipal}.
@ -73,20 +73,18 @@ public class SolarisNumericGroupPrincipal implements
private boolean primaryGroup;
/**
* Create a <code>SolarisNumericGroupPrincipal</code> using a
* <code>String</code> representation of the user's
* Create a {@code SolarisNumericGroupPrincipal} using a
* {@code String} representation of the user's
* group identification number (GID).
*
* <p>
*
* @param name the user's group identification number (GID)
* for this user. <p>
* for this user.
*
* @param primaryGroup true if the specified GID represents the
* primary group to which this user belongs.
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
* @exception NullPointerException if the {@code name}
* is {@code null}.
*/
public SolarisNumericGroupPrincipal(String name, boolean primaryGroup) {
if (name == null)
@ -97,13 +95,11 @@ public class SolarisNumericGroupPrincipal implements
}
/**
* Create a <code>SolarisNumericGroupPrincipal</code> using a
* Create a {@code SolarisNumericGroupPrincipal} using a
* long representation of the user's group identification number (GID).
*
* <p>
*
* @param name the user's group identification number (GID) for this user
* represented as a long. <p>
* represented as a long.
*
* @param primaryGroup true if the specified GID represents the
* primary group to which this user belongs.
@ -116,12 +112,10 @@ public class SolarisNumericGroupPrincipal implements
/**
* Return the user's group identification number (GID) for this
* <code>SolarisNumericGroupPrincipal</code>.
*
* <p>
* {@code SolarisNumericGroupPrincipal}.
*
* @return the user's group identification number (GID) for this
* <code>SolarisNumericGroupPrincipal</code>
* {@code SolarisNumericGroupPrincipal}
*/
public String getName() {
return name;
@ -129,12 +123,10 @@ public class SolarisNumericGroupPrincipal implements
/**
* Return the user's group identification number (GID) for this
* <code>SolarisNumericGroupPrincipal</code> as a long.
*
* <p>
* {@code SolarisNumericGroupPrincipal} as a long.
*
* @return the user's group identification number (GID) for this
* <code>SolarisNumericGroupPrincipal</code> as a long.
* {@code SolarisNumericGroupPrincipal} as a long.
*/
public long longValue() {
return Long.parseLong(name);
@ -144,8 +136,6 @@ public class SolarisNumericGroupPrincipal implements
* Return whether this group identification number (GID) represents
* the primary group to which this user belongs.
*
* <p>
*
* @return true if this group identification number (GID) represents
* the primary group to which this user belongs,
* or false otherwise.
@ -156,12 +146,10 @@ public class SolarisNumericGroupPrincipal implements
/**
* Return a string representation of this
* <code>SolarisNumericGroupPrincipal</code>.
*
* <p>
* {@code SolarisNumericGroupPrincipal}.
*
* @return a string representation of this
* <code>SolarisNumericGroupPrincipal</code>.
* {@code SolarisNumericGroupPrincipal}.
*/
public String toString() {
return((primaryGroup ?
@ -173,19 +161,17 @@ public class SolarisNumericGroupPrincipal implements
/**
* Compares the specified Object with this
* <code>SolarisNumericGroupPrincipal</code>
* {@code SolarisNumericGroupPrincipal}
* for equality. Returns true if the given object is also a
* <code>SolarisNumericGroupPrincipal</code> and the two
* {@code SolarisNumericGroupPrincipal} and the two
* SolarisNumericGroupPrincipals
* have the same group identification number (GID).
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>SolarisNumericGroupPrincipal</code>.
* {@code SolarisNumericGroupPrincipal}.
*
* @return true if the specified Object is equal to this
* <code>SolarisNumericGroupPrincipal</code>.
* {@code SolarisNumericGroupPrincipal}.
*/
public boolean equals(Object o) {
if (o == null)
@ -205,11 +191,9 @@ public class SolarisNumericGroupPrincipal implements
}
/**
* Return a hash code for this <code>SolarisNumericGroupPrincipal</code>.
* Return a hash code for this {@code SolarisNumericGroupPrincipal}.
*
* <p>
*
* @return a hash code for this <code>SolarisNumericGroupPrincipal</code>.
* @return a hash code for this {@code SolarisNumericGroupPrincipal}.
*/
public int hashCode() {
return toString().hashCode();

63
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/SolarisNumericUserPrincipal.java
View File

@ -28,15 +28,15 @@ package com.sun.security.auth;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* This class implements the {@code Principal} interface
* and represents a user's Solaris identification number (UID).
*
* <p> Principals such as this <code>SolarisNumericUserPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* <p> Principals such as this {@code SolarisNumericUserPrincipal}
* may be associated with a particular {@code Subject}
* to augment that {@code Subject} with an additional
* identity. Refer to the {@code Subject} class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* the Principals associated with a {@code Subject}.
* @deprecated As of JDK&nbsp;1.4, replaced by
* {@link UnixNumericUserPrincipal}.
* This class is entirely deprecated.
@ -68,16 +68,14 @@ public class SolarisNumericUserPrincipal implements
private String name;
/**
* Create a <code>SolarisNumericUserPrincipal</code> using a
* <code>String</code> representation of the
* Create a {@code SolarisNumericUserPrincipal} using a
* {@code String} representation of the
* user's identification number (UID).
*
* <p>
*
* @param name the user identification number (UID) for this user.
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
* @exception NullPointerException if the {@code name}
* is {@code null}.
*/
public SolarisNumericUserPrincipal(String name) {
if (name == null)
@ -87,11 +85,9 @@ public class SolarisNumericUserPrincipal implements
}
/**
* Create a <code>SolarisNumericUserPrincipal</code> using a
* Create a {@code SolarisNumericUserPrincipal} using a
* long representation of the user's identification number (UID).
*
* <p>
*
* @param name the user identification number (UID) for this user
* represented as a long.
*/
@ -101,12 +97,10 @@ public class SolarisNumericUserPrincipal implements
/**
* Return the user identification number (UID) for this
* <code>SolarisNumericUserPrincipal</code>.
*
* <p>
* {@code SolarisNumericUserPrincipal}.
*
* @return the user identification number (UID) for this
* <code>SolarisNumericUserPrincipal</code>
* {@code SolarisNumericUserPrincipal}
*/
public String getName() {
return name;
@ -114,12 +108,10 @@ public class SolarisNumericUserPrincipal implements
/**
* Return the user identification number (UID) for this
* <code>SolarisNumericUserPrincipal</code> as a long.
*
* <p>
* {@code SolarisNumericUserPrincipal} as a long.
*
* @return the user identification number (UID) for this
* <code>SolarisNumericUserPrincipal</code> as a long.
* {@code SolarisNumericUserPrincipal} as a long.
*/
public long longValue() {
return Long.parseLong(name);
@ -127,12 +119,10 @@ public class SolarisNumericUserPrincipal implements
/**
* Return a string representation of this
* <code>SolarisNumericUserPrincipal</code>.
*
* <p>
* {@code SolarisNumericUserPrincipal}.
*
* @return a string representation of this
* <code>SolarisNumericUserPrincipal</code>.
* {@code SolarisNumericUserPrincipal}.
*/
public String toString() {
return(rb.getString("SolarisNumericUserPrincipal.") + name);
@ -140,19 +130,17 @@ public class SolarisNumericUserPrincipal implements
/**
* Compares the specified Object with this
* <code>SolarisNumericUserPrincipal</code>
* {@code SolarisNumericUserPrincipal}
* for equality. Returns true if the given object is also a
* <code>SolarisNumericUserPrincipal</code> and the two
* {@code SolarisNumericUserPrincipal} and the two
* SolarisNumericUserPrincipals
* have the same user identification number (UID).
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>SolarisNumericUserPrincipal</code>.
* {@code SolarisNumericUserPrincipal}.
*
* @return true if the specified Object is equal to this
* <code>SolarisNumericUserPrincipal</code>.
* {@code SolarisNumericUserPrincipal}.
*/
public boolean equals(Object o) {
if (o == null)
@ -167,15 +155,14 @@ public class SolarisNumericUserPrincipal implements
if (this.getName().equals(that.getName()))
return true;
return false;
return false;
}
/**
* Return a hash code for this <code>SolarisNumericUserPrincipal</code>.
* Return a hash code for this {@code SolarisNumericUserPrincipal}.
*
* <p>
*
* @return a hash code for this <code>SolarisNumericUserPrincipal</code>.
* @return a hash code for this {@code SolarisNumericUserPrincipal}.
*/
public int hashCode() {
return name.hashCode();

46
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/SolarisPrincipal.java
View File

@ -28,15 +28,15 @@ package com.sun.security.auth;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* This class implements the {@code Principal} interface
* and represents a Solaris user.
*
* <p> Principals such as this <code>SolarisPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* <p> Principals such as this {@code SolarisPrincipal}
* may be associated with a particular {@code Subject}
* to augment that {@code Subject} with an additional
* identity. Refer to the {@code Subject} class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* the Principals associated with a {@code Subject}.
*
* @deprecated As of JDK&nbsp;1.4, replaced by
* {@link UnixPrincipal}.
@ -68,12 +68,10 @@ public class SolarisPrincipal implements Principal, java.io.Serializable {
/**
* Create a SolarisPrincipal with a Solaris username.
*
* <p>
*
* @param name the Unix username for this user.
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
* @exception NullPointerException if the {@code name}
* is {@code null}.
*/
public SolarisPrincipal(String name) {
if (name == null)
@ -83,40 +81,34 @@ public class SolarisPrincipal implements Principal, java.io.Serializable {
}
/**
* Return the Unix username for this <code>SolarisPrincipal</code>.
* Return the Unix username for this {@code SolarisPrincipal}.
*
* <p>
*
* @return the Unix username for this <code>SolarisPrincipal</code>
* @return the Unix username for this {@code SolarisPrincipal}
*/
public String getName() {
return name;
}
/**
* Return a string representation of this <code>SolarisPrincipal</code>.
* Return a string representation of this {@code SolarisPrincipal}.
*
* <p>
*
* @return a string representation of this <code>SolarisPrincipal</code>.
* @return a string representation of this {@code SolarisPrincipal}.
*/
public String toString() {
return(rb.getString("SolarisPrincipal.") + name);
}
/**
* Compares the specified Object with this <code>SolarisPrincipal</code>
* Compares the specified Object with this {@code SolarisPrincipal}
* for equality. Returns true if the given object is also a
* <code>SolarisPrincipal</code> and the two SolarisPrincipals
* {@code SolarisPrincipal} and the two SolarisPrincipals
* have the same username.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>SolarisPrincipal</code>.
* {@code SolarisPrincipal}.
*
* @return true if the specified Object is equal to this
* <code>SolarisPrincipal</code>.
* {@code SolarisPrincipal}.
*/
public boolean equals(Object o) {
if (o == null)
@ -135,11 +127,9 @@ public class SolarisPrincipal implements Principal, java.io.Serializable {
}
/**
* Return a hash code for this <code>SolarisPrincipal</code>.
* Return a hash code for this {@code SolarisPrincipal}.
*
* <p>
*
* @return a hash code for this <code>SolarisPrincipal</code>.
* @return a hash code for this {@code SolarisPrincipal}.
*/
public int hashCode() {
return name.hashCode();

66
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/UnixNumericGroupPrincipal.java
View File

@ -28,15 +28,15 @@ package com.sun.security.auth;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* This class implements the {@code Principal} interface
* and represents a user's Unix group identification number (GID).
*
* <p> Principals such as this <code>UnixNumericGroupPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* <p> Principals such as this {@code UnixNumericGroupPrincipal}
* may be associated with a particular {@code Subject}
* to augment that {@code Subject} with an additional
* identity. Refer to the {@code Subject} class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* the Principals associated with a {@code Subject}.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
@ -59,20 +59,18 @@ public class UnixNumericGroupPrincipal implements
private boolean primaryGroup;
/**
* Create a <code>UnixNumericGroupPrincipal</code> using a
* <code>String</code> representation of the user's
* Create a {@code UnixNumericGroupPrincipal} using a
* {@code String} representation of the user's
* group identification number (GID).
*
* <p>
*
* @param name the user's group identification number (GID)
* for this user. <p>
* for this user.
*
* @param primaryGroup true if the specified GID represents the
* primary group to which this user belongs.
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
* @exception NullPointerException if the {@code name}
* is {@code null}.
*/
public UnixNumericGroupPrincipal(String name, boolean primaryGroup) {
if (name == null) {
@ -89,13 +87,11 @@ public class UnixNumericGroupPrincipal implements
}
/**
* Create a <code>UnixNumericGroupPrincipal</code> using a
* Create a {@code UnixNumericGroupPrincipal} using a
* long representation of the user's group identification number (GID).
*
* <p>
*
* @param name the user's group identification number (GID) for this user
* represented as a long. <p>
* represented as a long.
*
* @param primaryGroup true if the specified GID represents the
* primary group to which this user belongs.
@ -108,12 +104,10 @@ public class UnixNumericGroupPrincipal implements
/**
* Return the user's group identification number (GID) for this
* <code>UnixNumericGroupPrincipal</code>.
*
* <p>
* {@code UnixNumericGroupPrincipal}.
*
* @return the user's group identification number (GID) for this
* <code>UnixNumericGroupPrincipal</code>
* {@code UnixNumericGroupPrincipal}
*/
public String getName() {
return name;
@ -121,12 +115,10 @@ public class UnixNumericGroupPrincipal implements
/**
* Return the user's group identification number (GID) for this
* <code>UnixNumericGroupPrincipal</code> as a long.
*
* <p>
* {@code UnixNumericGroupPrincipal} as a long.
*
* @return the user's group identification number (GID) for this
* <code>UnixNumericGroupPrincipal</code> as a long.
* {@code UnixNumericGroupPrincipal} as a long.
*/
public long longValue() {
return Long.parseLong(name);
@ -136,8 +128,6 @@ public class UnixNumericGroupPrincipal implements
* Return whether this group identification number (GID) represents
* the primary group to which this user belongs.
*
* <p>
*
* @return true if this group identification number (GID) represents
* the primary group to which this user belongs,
* or false otherwise.
@ -148,12 +138,10 @@ public class UnixNumericGroupPrincipal implements
/**
* Return a string representation of this
* <code>UnixNumericGroupPrincipal</code>.
*
* <p>
* {@code UnixNumericGroupPrincipal}.
*
* @return a string representation of this
* <code>UnixNumericGroupPrincipal</code>.
* {@code UnixNumericGroupPrincipal}.
*/
public String toString() {
@ -176,19 +164,17 @@ public class UnixNumericGroupPrincipal implements
/**
* Compares the specified Object with this
* <code>UnixNumericGroupPrincipal</code>
* {@code UnixNumericGroupPrincipal}
* for equality. Returns true if the given object is also a
* <code>UnixNumericGroupPrincipal</code> and the two
* {@code UnixNumericGroupPrincipal} and the two
* UnixNumericGroupPrincipals
* have the same group identification number (GID).
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>UnixNumericGroupPrincipal</code>.
* {@code UnixNumericGroupPrincipal}.
*
* @return true if the specified Object is equal to this
* <code>UnixNumericGroupPrincipal</code>.
* {@code UnixNumericGroupPrincipal}.
*/
public boolean equals(Object o) {
if (o == null)
@ -208,11 +194,9 @@ public class UnixNumericGroupPrincipal implements
}
/**
* Return a hash code for this <code>UnixNumericGroupPrincipal</code>.
* Return a hash code for this {@code UnixNumericGroupPrincipal}.
*
* <p>
*
* @return a hash code for this <code>UnixNumericGroupPrincipal</code>.
* @return a hash code for this {@code UnixNumericGroupPrincipal}.
*/
public int hashCode() {
return toString().hashCode();

60
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/UnixNumericUserPrincipal.java
View File

@ -28,15 +28,15 @@ package com.sun.security.auth;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* This class implements the {@code Principal} interface
* and represents a user's Unix identification number (UID).
*
* <p> Principals such as this <code>UnixNumericUserPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* <p> Principals such as this {@code UnixNumericUserPrincipal}
* may be associated with a particular {@code Subject}
* to augment that {@code Subject} with an additional
* identity. Refer to the {@code Subject} class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* the Principals associated with a {@code Subject}.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
@ -53,16 +53,14 @@ public class UnixNumericUserPrincipal implements
private String name;
/**
* Create a <code>UnixNumericUserPrincipal</code> using a
* <code>String</code> representation of the
* Create a {@code UnixNumericUserPrincipal} using a
* {@code String} representation of the
* user's identification number (UID).
*
* <p>
*
* @param name the user identification number (UID) for this user.
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
* @exception NullPointerException if the {@code name}
* is {@code null}.
*/
public UnixNumericUserPrincipal(String name) {
if (name == null) {
@ -78,11 +76,9 @@ public class UnixNumericUserPrincipal implements
}
/**
* Create a <code>UnixNumericUserPrincipal</code> using a
* Create a {@code UnixNumericUserPrincipal} using a
* long representation of the user's identification number (UID).
*
* <p>
*
* @param name the user identification number (UID) for this user
* represented as a long.
*/
@ -92,12 +88,10 @@ public class UnixNumericUserPrincipal implements
/**
* Return the user identification number (UID) for this
* <code>UnixNumericUserPrincipal</code>.
*
* <p>
* {@code UnixNumericUserPrincipal}.
*
* @return the user identification number (UID) for this
* <code>UnixNumericUserPrincipal</code>
* {@code UnixNumericUserPrincipal}
*/
public String getName() {
return name;
@ -105,12 +99,10 @@ public class UnixNumericUserPrincipal implements
/**
* Return the user identification number (UID) for this
* <code>UnixNumericUserPrincipal</code> as a long.
*
* <p>
* {@code UnixNumericUserPrincipal} as a long.
*
* @return the user identification number (UID) for this
* <code>UnixNumericUserPrincipal</code> as a long.
* {@code UnixNumericUserPrincipal} as a long.
*/
public long longValue() {
return Long.parseLong(name);
@ -118,12 +110,10 @@ public class UnixNumericUserPrincipal implements
/**
* Return a string representation of this
* <code>UnixNumericUserPrincipal</code>.
*
* <p>
* {@code UnixNumericUserPrincipal}.
*
* @return a string representation of this
* <code>UnixNumericUserPrincipal</code>.
* {@code UnixNumericUserPrincipal}.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
@ -136,19 +126,17 @@ public class UnixNumericUserPrincipal implements
/**
* Compares the specified Object with this
* <code>UnixNumericUserPrincipal</code>
* {@code UnixNumericUserPrincipal}
* for equality. Returns true if the given object is also a
* <code>UnixNumericUserPrincipal</code> and the two
* {@code UnixNumericUserPrincipal} and the two
* UnixNumericUserPrincipals
* have the same user identification number (UID).
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>UnixNumericUserPrincipal</code>.
* {@code UnixNumericUserPrincipal}.
*
* @return true if the specified Object is equal to this
* <code>UnixNumericUserPrincipal</code>.
* {@code UnixNumericUserPrincipal}.
*/
public boolean equals(Object o) {
if (o == null)
@ -167,11 +155,9 @@ public class UnixNumericUserPrincipal implements
}
/**
* Return a hash code for this <code>UnixNumericUserPrincipal</code>.
* Return a hash code for this {@code UnixNumericUserPrincipal}.
*
* <p>
*
* @return a hash code for this <code>UnixNumericUserPrincipal</code>.
* @return a hash code for this {@code UnixNumericUserPrincipal}.
*/
public int hashCode() {
return name.hashCode();

46
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/UnixPrincipal.java
View File

@ -28,15 +28,15 @@ package com.sun.security.auth;
import java.security.Principal;
/**
* <p> This class implements the <code>Principal</code> interface
* This class implements the {@code Principal} interface
* and represents a Unix user.
*
* <p> Principals such as this <code>UnixPrincipal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* <p> Principals such as this {@code UnixPrincipal}
* may be associated with a particular {@code Subject}
* to augment that {@code Subject} with an additional
* identity. Refer to the {@code Subject} class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* the Principals associated with a {@code Subject}.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
@ -54,12 +54,10 @@ public class UnixPrincipal implements Principal, java.io.Serializable {
/**
* Create a UnixPrincipal with a Unix username.
*
* <p>
*
* @param name the Unix username for this user.
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>.
* @exception NullPointerException if the {@code name}
* is {@code null}.
*/
public UnixPrincipal(String name) {
if (name == null) {
@ -75,22 +73,18 @@ public class UnixPrincipal implements Principal, java.io.Serializable {
}
/**
* Return the Unix username for this <code>UnixPrincipal</code>.
* Return the Unix username for this {@code UnixPrincipal}.
*
* <p>
*
* @return the Unix username for this <code>UnixPrincipal</code>
* @return the Unix username for this {@code UnixPrincipal}
*/
public String getName() {
return name;
}
/**
* Return a string representation of this <code>UnixPrincipal</code>.
* Return a string representation of this {@code UnixPrincipal}.
*
* <p>
*
* @return a string representation of this <code>UnixPrincipal</code>.
* @return a string representation of this {@code UnixPrincipal}.
*/
public String toString() {
java.text.MessageFormat form = new java.text.MessageFormat
@ -102,18 +96,16 @@ public class UnixPrincipal implements Principal, java.io.Serializable {
}
/**
* Compares the specified Object with this <code>UnixPrincipal</code>
* Compares the specified Object with this {@code UnixPrincipal}
* for equality. Returns true if the given object is also a
* <code>UnixPrincipal</code> and the two UnixPrincipals
* {@code UnixPrincipal} and the two UnixPrincipals
* have the same username.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>UnixPrincipal</code>.
* {@code UnixPrincipal}.
*
* @return true if the specified Object is equal to this
* <code>UnixPrincipal</code>.
* {@code UnixPrincipal}.
*/
public boolean equals(Object o) {
if (o == null)
@ -132,11 +124,9 @@ public class UnixPrincipal implements Principal, java.io.Serializable {
}
/**
* Return a hash code for this <code>UnixPrincipal</code>.
* Return a hash code for this {@code UnixPrincipal}.
*
* <p>
*
* @return a hash code for this <code>UnixPrincipal</code>.
* @return a hash code for this {@code UnixPrincipal}.
*/
public int hashCode() {
return name.hashCode();

46
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/X500Principal.java
View File

@ -29,17 +29,17 @@ import java.security.Principal;
import sun.security.x509.X500Name;
/**
* <p> This class represents an X.500 <code>Principal</code>.
* This class represents an X.500 {@code Principal}.
* X500Principals have names such as,
* "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US"
* (RFC 1779 style).
*
* <p> Principals such as this <code>X500Principal</code>
* may be associated with a particular <code>Subject</code>
* to augment that <code>Subject</code> with an additional
* identity. Refer to the <code>Subject</code> class for more information
* <p> Principals such as this {@code X500Principal}
* may be associated with a particular {@code Subject}
* to augment that {@code Subject} with an additional
* identity. Refer to the {@code Subject} class for more information
* on how to achieve this. Authorization decisions can then be based upon
* the Principals associated with a <code>Subject</code>.
* the Principals associated with a {@code Subject}.
*
* @see java.security.Principal
* @see javax.security.auth.Subject
@ -76,14 +76,12 @@ public class X500Principal implements Principal, java.io.Serializable {
* such as "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US"
* (RFC 1779 style).
*
* <p>
*
* @param name the X.500 name
*
* @exception NullPointerException if the <code>name</code>
* is <code>null</code>. <p>
* @exception NullPointerException if the {@code name}
* is {@code null}.
*
* @exception IllegalArgumentException if the <code>name</code>
* @exception IllegalArgumentException if the {@code name}
* is improperly specified.
*/
public X500Principal(String name) {
@ -100,38 +98,32 @@ public class X500Principal implements Principal, java.io.Serializable {
}
/**
* Return the Unix username for this <code>X500Principal</code>.
* Return the Unix username for this {@code X500Principal}.
*
* <p>
*
* @return the Unix username for this <code>X500Principal</code>
* @return the Unix username for this {@code X500Principal}
*/
public String getName() {
return thisX500Name.getName();
}
/**
* Return a string representation of this <code>X500Principal</code>.
* Return a string representation of this {@code X500Principal}.
*
* <p>
*
* @return a string representation of this <code>X500Principal</code>.
* @return a string representation of this {@code X500Principal}.
*/
public String toString() {
return thisX500Name.toString();
}
/**
* Compares the specified Object with this <code>X500Principal</code>
* Compares the specified Object with this {@code X500Principal}
* for equality.
*
* <p>
*
* @param o Object to be compared for equality with this
* <code>X500Principal</code>.
* {@code X500Principal}.
*
* @return true if the specified Object is equal to this
* <code>X500Principal</code>.
* {@code X500Principal}.
*/
public boolean equals(Object o) {
if (o == null)
@ -159,11 +151,9 @@ public class X500Principal implements Principal, java.io.Serializable {
}
/**
* Return a hash code for this <code>X500Principal</code>.
* Return a hash code for this {@code X500Principal}.
*
* <p>
*
* @return a hash code for this <code>X500Principal</code>.
* @return a hash code for this {@code X500Principal}.
*/
public int hashCode() {
return thisX500Name.hashCode();

88
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/module/JndiLoginModule.java
View File

@ -44,28 +44,28 @@ import com.sun.security.auth.UnixNumericGroupPrincipal;
/**
* <p> The module prompts for a username and password
* The module prompts for a username and password
* and then verifies the password against the password stored in
* a directory service configured under JNDI.
*
* <p> This <code>LoginModule</code> interoperates with
* <p> This {@code LoginModule} interoperates with
* any conformant JNDI service provider. To direct this
* <code>LoginModule</code> to use a specific JNDI service provider,
* two options must be specified in the login <code>Configuration</code>
* for this <code>LoginModule</code>.
* {@code LoginModule} to use a specific JNDI service provider,
* two options must be specified in the login {@code Configuration}
* for this {@code LoginModule}.
* <pre>
* user.provider.url=<b>name_service_url</b>
* group.provider.url=<b>name_service_url</b>
* </pre>
*
* <b>name_service_url</b> specifies
* the directory service and path where this <code>LoginModule</code>
* the directory service and path where this {@code LoginModule}
* can access the relevant user and group information. Because this
* <code>LoginModule</code> only performs one-level searches to
* find the relevant user information, the <code>URL</code>
* {@code LoginModule} only performs one-level searches to
* find the relevant user information, the {@code URL}
* must point to a directory one level above where the user and group
* information is stored in the directory service.
* For example, to instruct this <code>LoginModule</code>
* For example, to instruct this {@code LoginModule}
* to contact a NIS server, the following URLs must be specified:
* <pre>
* user.provider.url="nis://<b>NISServerHostName</b>/<b>NISDomain</b>/user"
@ -90,14 +90,14 @@ import com.sun.security.auth.UnixNumericGroupPrincipal;
*
* <p> The format in which the user's information must be stored in
* the directory service is specified in RFC 2307. Specifically,
* this <code>LoginModule</code> will search for the user's entry in the
* this {@code LoginModule} will search for the user's entry in the
* directory service using the user's <i>uid</i> attribute,
* where <i>uid=<b>username</b></i>. If the search succeeds,
* this <code>LoginModule</code> will then
* this {@code LoginModule} will then
* obtain the user's encrypted password from the retrieved entry
* using the <i>userPassword</i> attribute.
* This <code>LoginModule</code> assumes that the password is stored
* as a byte array, which when converted to a <code>String</code>,
* This {@code LoginModule} assumes that the password is stored
* as a byte array, which when converted to a {@code String},
* has the following format:
* <pre>
* "{crypt}<b>encrypted_password</b>"
@ -106,12 +106,12 @@ import com.sun.security.auth.UnixNumericGroupPrincipal;
* The LDAP directory server must be configured
* to permit read access to the userPassword attribute.
* If the user entered a valid username and password,
* this <code>LoginModule</code> associates a
* <code>UnixPrincipal</code>, <code>UnixNumericUserPrincipal</code>,
* this {@code LoginModule} associates a
* {@code UnixPrincipal}, {@code UnixNumericUserPrincipal},
* and the relevant UnixNumericGroupPrincipals with the
* <code>Subject</code>.
* {@code Subject}.
*
* <p> This LoginModule also recognizes the following <code>Configuration</code>
* <p> This LoginModule also recognizes the following {@code Configuration}
* options:
* <pre>
* debug if, true, debug messages are output to System.out.
@ -144,7 +144,7 @@ import com.sun.security.auth.UnixNumericGroupPrincipal;
* exist for the username and password in the shared state,
* or if authentication fails.
*
* clearPass if, true, this <code>LoginModule</code> clears the
* clearPass if, true, this {@code LoginModule} clears the
* username and password stored in the module's shared state
* after both phases of authentication (login and commit)
* have completed.
@ -208,21 +208,19 @@ public class JndiLoginModule implements LoginModule {
private static final String PWD = "javax.security.auth.login.password";
/**
* Initialize this <code>LoginModule</code>.
* Initialize this {@code LoginModule}.
*
* <p>
* @param subject the {@code Subject} to be authenticated.
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* @param callbackHandler a {@code CallbackHandler} for communicating
* with the end user (prompting for usernames and
* passwords, for example). <p>
* passwords, for example).
*
* @param sharedState shared <code>LoginModule</code> state. <p>
* @param sharedState shared {@code LoginModule} state.
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
* {@code Configuration} for this particular
* {@code LoginModule}.
*/
// Unchecked warning from (Map<String, Object>)sharedState is safe
// since javax.security.auth.login.LoginContext passes a raw HashMap.
@ -255,17 +253,15 @@ public class JndiLoginModule implements LoginModule {
}
/**
* <p> Prompt for username and password.
* Prompt for username and password.
* Verify the password against the relevant name service.
*
* <p>
*
* @return true always, since this <code>LoginModule</code>
* @return true always, since this {@code LoginModule}
* should not be ignored.
*
* @exception FailedLoginException if the authentication fails. <p>
* @exception FailedLoginException if the authentication fails.
*
* @exception LoginException if this <code>LoginModule</code>
* @exception LoginException if this {@code LoginModule}
* is unable to perform the authentication.
*/
public boolean login() throws LoginException {
@ -367,15 +363,13 @@ public class JndiLoginModule implements LoginModule {
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> method), then this method associates a
* <code>UnixPrincipal</code>
* with the <code>Subject</code> located in the
* <code>LoginModule</code>. If this LoginModule's own
* {@code login} method), then this method associates a
* {@code UnixPrincipal}
* with the {@code Subject} located in the
* {@code LoginModule}. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails
*
* @return true if this LoginModule's own login and commit
@ -418,18 +412,16 @@ public class JndiLoginModule implements LoginModule {
}
/**
* <p> This method is called if the LoginContext's
* This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> and <code>commit</code> methods),
* {@code login} and {@code commit} methods),
* then this method cleans up any state that was originally saved.
*
* <p>
*
* @exception LoginException if the abort fails.
*
* @return false if this LoginModule's own login and/or commit attempts
@ -464,13 +456,11 @@ public class JndiLoginModule implements LoginModule {
* Logout a user.
*
* <p> This method removes the Principals
* that were added by the <code>commit</code> method.
*
* <p>
* that were added by the {@code commit} method.
*
* @exception LoginException if the logout fails.
*
* @return true in all cases since this <code>LoginModule</code>
* @return true in all cases since this {@code LoginModule}
* should not be ignored.
*/
public boolean logout() throws LoginException {
@ -506,8 +496,6 @@ public class JndiLoginModule implements LoginModule {
/**
* Attempt authentication
*
* <p>
*
* @param getPasswdFromSharedState boolean that tells this method whether
* to retrieve the password from the sharedState.
*/
@ -674,8 +662,6 @@ public class JndiLoginModule implements LoginModule {
* values in the shared state in case subsequent LoginModules
* want to use them via use/tryFirstPass.
*
* <p>
*
* @param getPasswdFromSharedState boolean that tells this method whether
* to retrieve the password from the sharedState.
*/

80
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/module/KeyStoreLoginModule.java
View File

@ -55,53 +55,53 @@ import sun.security.util.Password;
/**
* Provides a JAAS login module that prompts for a key store alias and
* populates the subject with the alias's principal and credentials. Stores
* an <code>X500Principal</code> for the subject distinguished name of the
* an {@code X500Principal} for the subject distinguished name of the
* first certificate in the alias's credentials in the subject's principals,
* the alias's certificate path in the subject's public credentials, and a
* <code>X500PrivateCredential</code> whose certificate is the first
* {@code X500PrivateCredential} whose certificate is the first
* certificate in the alias's certificate path and whose private key is the
* alias's private key in the subject's private credentials. <p>
*
* Recognizes the following options in the configuration file:
* <dl>
*
* <dt> <code>keyStoreURL</code> </dt>
* <dt> {@code keyStoreURL} </dt>
* <dd> A URL that specifies the location of the key store. Defaults to
* a URL pointing to the .keystore file in the directory specified by the
* <code>user.home</code> system property. The input stream from this
* URL is passed to the <code>KeyStore.load</code> method.
* "NONE" may be specified if a <code>null</code> stream must be
* passed to the <code>KeyStore.load</code> method.
* {@code user.home} system property. The input stream from this
* URL is passed to the {@code KeyStore.load} method.
* "NONE" may be specified if a {@code null} stream must be
* passed to the {@code KeyStore.load} method.
* "NONE" should be specified if the KeyStore resides
* on a hardware token device, for example.</dd>
*
* <dt> <code>keyStoreType</code> </dt>
* <dt> {@code keyStoreType} </dt>
* <dd> The key store type. If not specified, defaults to the result of
* calling <code>KeyStore.getDefaultType()</code>.
* calling {@code KeyStore.getDefaultType()}.
* If the type is "PKCS11", then keyStoreURL must be "NONE"
* and privateKeyPasswordURL must not be specified.</dd>
*
* <dt> <code>keyStoreProvider</code> </dt>
* <dt> {@code keyStoreProvider} </dt>
* <dd> The key store provider. If not specified, uses the standard search
* order to find the provider. </dd>
*
* <dt> <code>keyStoreAlias</code> </dt>
* <dt> {@code keyStoreAlias} </dt>
* <dd> The alias in the key store to login as. Required when no callback
* handler is provided. No default value. </dd>
*
* <dt> <code>keyStorePasswordURL</code> </dt>
* <dt> {@code keyStorePasswordURL} </dt>
* <dd> A URL that specifies the location of the key store password. Required
* when no callback handler is provided and
* <code>protected</code> is false.
* {@code protected} is false.
* No default value. </dd>
*
* <dt> <code>privateKeyPasswordURL</code> </dt>
* <dt> {@code privateKeyPasswordURL} </dt>
* <dd> A URL that specifies the location of the specific private key password
* needed to access the private key for this alias.
* The keystore password
* is used if this value is needed and not specified. </dd>
*
* <dt> <code>protected</code> </dt>
* <dt> {@code protected} </dt>
* <dd> This value should be set to "true" if the KeyStore
* has a separate, protected authentication path
* (for example, a dedicated PIN-pad attached to a smart card).
@ -174,22 +174,20 @@ public class KeyStoreLoginModule implements LoginModule {
/* -- Methods -- */
/**
* Initialize this <code>LoginModule</code>.
* Initialize this {@code LoginModule}.
*
* <p>
* @param subject the {@code Subject} to be authenticated.
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* @param callbackHandler a {@code CallbackHandler} for communicating
* with the end user (prompting for usernames and
* passwords, for example),
* which may be <code>null</code>. <p>
* which may be {@code null}.
*
* @param sharedState shared <code>LoginModule</code> state. <p>
* @param sharedState shared {@code LoginModule} state.
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
* {@code Configuration} for this particular
* {@code LoginModule}.
*/
// Unchecked warning from (Map<String, Object>)sharedState is safe
// since javax.security.auth.login.LoginContext passes a raw HashMap.
@ -258,11 +256,9 @@ public class KeyStoreLoginModule implements LoginModule {
* <p> Get the Keystore alias and relevant passwords.
* Retrieve the alias's principal and credentials from the Keystore.
*
* <p>
* @exception FailedLoginException if the authentication fails.
*
* @exception FailedLoginException if the authentication fails. <p>
*
* @return true in all cases (this <code>LoginModule</code>
* @return true in all cases (this {@code LoginModule}
* should not be ignored).
*/
@ -719,19 +715,17 @@ public class KeyStoreLoginModule implements LoginModule {
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> method), then this method associates a
* <code>X500Principal</code> for the subject distinguished name of the
* {@code login} method), then this method associates a
* {@code X500Principal} for the subject distinguished name of the
* first certificate in the alias's credentials in the subject's
* principals,the alias's certificate path in the subject's public
* credentials, and a<code>X500PrivateCredential</code> whose certificate
* credentials, and a {@code X500PrivateCredential} whose certificate
* is the first certificate in the alias's certificate path and whose
* private key is the alias's private key in the subject's private
* credentials. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails
*
* @return true if this LoginModule's own login and commit
@ -774,21 +768,19 @@ public class KeyStoreLoginModule implements LoginModule {
}
/**
* <p> This method is called if the LoginContext's
* This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> and <code>commit</code> methods),
* {@code login} and {@code commit} methods),
* then this method cleans up any state that was originally saved.
*
* <p> If the loaded KeyStore's provider extends
* <code>java.security.AuthProvider</code>,
* then the provider's <code>logout</code> method is invoked.
*
* <p>
* {@code java.security.AuthProvider},
* then the provider's {@code logout} method is invoked.
*
* @exception LoginException if the abort fails.
*
@ -815,17 +807,15 @@ public class KeyStoreLoginModule implements LoginModule {
* Logout a user.
*
* <p> This method removes the Principals, public credentials and the
* private credentials that were added by the <code>commit</code> method.
* private credentials that were added by the {@code commit} method.
*
* <p> If the loaded KeyStore's provider extends
* <code>java.security.AuthProvider</code>,
* then the provider's <code>logout</code> method is invoked.
*
* <p>
* {@code java.security.AuthProvider},
* then the provider's {@code logout} method is invoked.
*
* @exception LoginException if the logout fails.
*
* @return true in all cases since this <code>LoginModule</code>
* @return true in all cases since this {@code LoginModule}
* should not be ignored.
*/

377
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/module/Krb5LoginModule.java
View File

@ -47,147 +47,142 @@ import sun.security.krb5.Credentials;
import sun.misc.HexDumpEncoder;
/**
* <p> This <code>LoginModule</code> authenticates users using
* This {@code LoginModule} authenticates users using
* Kerberos protocols.
*
* <p> The configuration entry for <code>Krb5LoginModule</code> has
* <p> The configuration entry for {@code Krb5LoginModule} has
* several options that control the authentication process and
* additions to the <code>Subject</code>'s private credential
* set. Irrespective of these options, the <code>Subject</code>'s
* additions to the {@code Subject}'s private credential
* set. Irrespective of these options, the {@code Subject}'s
* principal set and private credentials set are updated only when
* <code>commit</code> is called.
* When <code>commit</code> is called, the <code>KerberosPrincipal</code>
* is added to the <code>Subject</code>'s principal set (unless the
* <code>principal</code> is specified as "*"). If <code>isInitiator</code>
* is true, the <code>KerberosTicket</code> is
* added to the <code>Subject</code>'s private credentials.
* {@code commit} is called.
* When {@code commit} is called, the {@code KerberosPrincipal}
* is added to the {@code Subject}'s principal set (unless the
* {@code principal} is specified as "*"). If {@code isInitiator}
* is true, the {@code KerberosTicket} is
* added to the {@code Subject}'s private credentials.
*
* <p> If the configuration entry for <code>KerberosLoginModule</code>
* has the option <code>storeKey</code> set to true, then
* <code>KerberosKey</code> or <code>KeyTab</code> will also be added to the
* subject's private credentials. <code>KerberosKey</code>, the principal's
* key(s) will be derived from user's password, and <code>KeyTab</code> is
* the keytab used when <code>useKeyTab</code> is set to true. The
* <code>KeyTab</code> object is restricted to be used by the specified
* <p> If the configuration entry for {@code KerberosLoginModule}
* has the option {@code storeKey} set to true, then
* {@code KerberosKey} or {@code KeyTab} will also be added to the
* subject's private credentials. {@code KerberosKey}, the principal's
* key(s) will be derived from user's password, and {@code KeyTab} is
* the keytab used when {@code useKeyTab} is set to true. The
* {@code KeyTab} object is restricted to be used by the specified
* principal unless the principal value is "*".
*
* <p> This <code>LoginModule</code> recognizes the <code>doNotPrompt</code>
* <p> This {@code LoginModule} recognizes the {@code doNotPrompt}
* option. If set to true the user will not be prompted for the password.
*
* <p> The user can specify the location of the ticket cache by using
* the option <code>ticketCache</code> in the configuration entry.
* the option {@code ticketCache} in the configuration entry.
*
* <p>The user can specify the keytab location by using
* the option <code>keyTab</code>
* the option {@code keyTab}
* in the configuration entry.
*
* <p> The principal name can be specified in the configuration entry
* by using the option <code>principal</code>. The principal name
* by using the option {@code principal}. The principal name
* can either be a simple user name, a service name such as
* <code>host/mission.eng.sun.com</code>, or "*". The principal can also
* be set using the system property <code>sun.security.krb5.principal</code>.
* {@code host/mission.eng.sun.com}, or "*". The principal can also
* be set using the system property {@code sun.security.krb5.principal}.
* This property is checked during login. If this property is not set, then
* the principal name from the configuration is used. In the
* case where the principal property is not set and the principal
* entry also does not exist, the user is prompted for the name.
* When this property of entry is set, and <code>useTicketCache</code>
* When this property of entry is set, and {@code useTicketCache}
* is set to true, only TGT belonging to this principal is used.
*
* <p> The following is a list of configuration options supported
* for <code>Krb5LoginModule</code>:
* for {@code Krb5LoginModule}:
* <blockquote><dl>
* <dt><b><code>refreshKrb5Config</code></b>:</dt>
* <dt>{@code refreshKrb5Config}:</dt>
* <dd> Set this to true, if you want the configuration
* to be refreshed before the <code>login</code> method is called.</dd>
* <dt><b><code>useTicketCache</code></b>:</dt>
* to be refreshed before the {@code login} method is called.</dd>
* <dt>{@code useTicketCache}:</dt>
* <dd>Set this to true, if you want the
* TGT to be obtained
* from the ticket cache. Set this option
* TGT to be obtained from the ticket cache. Set this option
* to false if you do not want this module to use the ticket cache.
* (Default is False).
* This module will
* search for the ticket
* cache in the following locations:
* On Solaris and Linux
* it will look for the ticket cache in /tmp/krb5cc_<code>uid</code>
* where the uid is numeric user
* identifier. If the ticket cache is
* This module will search for the ticket
* cache in the following locations: On Solaris and Linux
* it will look for the ticket cache in /tmp/krb5cc_{@code uid}
* where the uid is numeric user identifier. If the ticket cache is
* not available in the above location, or if we are on a
* Windows platform, it will look for the cache as
* {user.home}{file.separator}krb5cc_{user.name}.
* You can override the ticket cache location by using
* <code>ticketCache</code>.
* {@code ticketCache}.
* For Windows, if a ticket cannot be retrieved from the file ticket cache,
* it will use Local Security Authority (LSA) API to get the TGT.
* <dt><b><code>ticketCache</code></b>:</dt>
* <dt>{@code ticketCache}:</dt>
* <dd>Set this to the name of the ticket
* cache that contains user's TGT.
* If this is set, <code>useTicketCache</code>
* If this is set, {@code useTicketCache}
* must also be set to true; Otherwise a configuration error will
* be returned.</dd>
* <dt><b><code>renewTGT</code></b>:</dt>
* <dt>{@code renewTGT}:</dt>
* <dd>Set this to true, if you want to renew
* the TGT. If this is set, <code>useTicketCache</code> must also be
* the TGT. If this is set, {@code useTicketCache} must also be
* set to true; otherwise a configuration error will be returned.</dd>
* <dt><b><code>doNotPrompt</code></b>:</dt>
* <dt>{@code doNotPrompt}:</dt>
* <dd>Set this to true if you do not want to be
* prompted for the password
* if credentials can not be obtained from the cache, the keytab,
* or through shared state.(Default is false)
* If set to true, credential must be obtained through cache, keytab,
* or shared state. Otherwise, authentication will fail.</dd>
* <dt><b><code>useKeyTab</code></b>:</dt>
* <dt>{@code useKeyTab}:</dt>
* <dd>Set this to true if you
* want the module to get the principal's key from the
* the keytab.(default value is False)
* If <code>keytab</code>
* is not set then
* If {@code keytab} is not set then
* the module will locate the keytab from the
* Kerberos configuration file.
* If it is not specified in the Kerberos configuration file
* then it will look for the file
* <code>{user.home}{file.separator}</code>krb5.keytab.</dd>
* <dt><b><code>keyTab</code></b>:</dt>
* {@code {user.home}{file.separator}}krb5.keytab.</dd>
* <dt>{@code keyTab}:</dt>
* <dd>Set this to the file name of the
* keytab to get principal's secret key.</dd>
* <dt><b><code>storeKey</code></b>:</dt>
* <dt>{@code storeKey}:</dt>
* <dd>Set this to true to if you want the keytab or the
* principal's key to be stored in the Subject's private credentials.
* For <code>isInitiator</code> being false, if <code>principal</code>
* For {@code isInitiator} being false, if {@code principal}
* is "*", the {@link KeyTab} stored can be used by anyone, otherwise,
* it's restricted to be used by the specified principal only.</dd>
* <dt><b><code>principal</code></b>:</dt>
* <dt>{@code principal}:</dt>
* <dd>The name of the principal that should
* be used. The principal can be a simple username such as
* "<code>testuser</code>" or a service name such as
* "<code>host/testhost.eng.sun.com</code>". You can use the
* <code>principal</code> option to set the principal when there are
* "{@code testuser}" or a service name such as
* "{@code host/testhost.eng.sun.com}". You can use the
* {@code principal} option to set the principal when there are
* credentials for multiple principals in the
* <code>keyTab</code> or when you want a specific ticket cache only.
* {@code keyTab} or when you want a specific ticket cache only.
* The principal can also be set using the system property
* <code>sun.security.krb5.principal</code>. In addition, if this
* {@code sun.security.krb5.principal}. In addition, if this
* system property is defined, then it will be used. If this property
* is not set, then the principal name from the configuration will be
* used.
* The principal name can be set to "*" when <code>isInitiator</code> is false.
* The principal name can be set to "*" when {@code isInitiator} is false.
* In this case, the acceptor is not bound to a single principal. It can
* act as any principal an initiator requests if keys for that principal
* can be found. When <code>isInitiator</code> is true, the principal name
* can be found. When {@code isInitiator} is true, the principal name
* cannot be set to "*".
* </dd>
* <dt><b><code>isInitiator</code></b>:</dt>
* <dt>{@code isInitiator}:</dt>
* <dd>Set this to true, if initiator. Set this to false, if acceptor only.
* (Default is true).
* Note: Do not set this value to false for initiators.</dd>
* </dl></blockquote>
*
* <p> This <code>LoginModule</code> also recognizes the following additional
* <code>Configuration</code>
* <p> This {@code LoginModule} also recognizes the following additional
* {@code Configuration}
* options that enable you to share username and passwords across different
* authentication modules:
* <blockquote><dl>
*
* <dt><b><code>useFirstPass</code></b>:</dt>
* <dt>{@code useFirstPass}:</dt>
* <dd>if, true, this LoginModule retrieves the
* username and password from the module's shared state,
* using "javax.security.auth.login.name" and
@ -197,7 +192,7 @@ import sun.misc.HexDumpEncoder;
* is made, and the failure is reported back to the
* calling application.</dd>
*
* <dt><b><code>tryFirstPass</code></b>:</dt>
* <dt>{@code tryFirstPass}:</dt>
* <dd>if, true, this LoginModule retrieves the
* the username and password from the module's shared
* state using "javax.security.auth.login.name" and
@ -210,7 +205,7 @@ import sun.misc.HexDumpEncoder;
* is made. If the authentication fails,
* the failure is reported back to the calling application</dd>
*
* <dt><b><code>storePass</code></b>:</dt>
* <dt>{@code storePass}:</dt>
* <dd>if, true, this LoginModule stores the username and
* password obtained from the CallbackHandler in the
* modules shared state, using
@ -220,7 +215,7 @@ import sun.misc.HexDumpEncoder;
* exist for the username and password in the shared
* state, or if authentication fails.</dd>
*
* <dt><b><code>clearPass</code></b>:</dt>
* <dt>{@code clearPass}:</dt>
* <dd>if, true, this LoginModule clears the
* username and password stored in the module's shared
* state after both phases of authentication
@ -236,148 +231,137 @@ import sun.misc.HexDumpEncoder;
* <li>shared state
* <li>user prompt
* </ol>
*
* <p>Note that if any step fails, it will fallback to the next step.
* There's only one exception, if the shared state step fails and
* <code>useFirstPass</code>=true, no user prompt is made.
* {@code useFirstPass = true}, no user prompt is made.
* <p>Examples of some configuration values for Krb5LoginModule in
* JAAS config file and the results are:
* <ul>
* <p> <code>doNotPrompt</code>=true;
* </ul>
* <p> This is an illegal combination since none of <code>useTicketCache</code>,
* <code>useKeyTab</code>, <code>useFirstPass</code> and <code>tryFirstPass</code>
* is set and the user can not be prompted for the password.
*<ul>
* <p> <code>ticketCache</code> = &lt;filename&gt;;
*</ul>
* <p> This is an illegal combination since <code>useTicketCache</code>
* <blockquote><dl>
* <dd><pre>{@code
* doNotPrompt = true}</pre>
* This is an illegal combination since none of {@code useTicketCache,
* useKeyTab, useFirstPass} and {@code tryFirstPass}
* is set and the user can not be prompted for the password.</dd>
*
* <dd><pre>{@code
* ticketCache = <filename>}</pre>
* This is an illegal combination since {@code useTicketCache}
* is not set to true and the ticketCache is set. A configuration error
* will occur.
* <ul>
* <p> <code>renewTGT</code>=true;
*</ul>
* <p> This is an illegal combination since <code>useTicketCache</code> is
* not set to true and renewTGT is set. A configuration error will occur.
* <ul>
* <p> <code>storeKey</code>=true
* <code>useTicketCache</code> = true
* <code>doNotPrompt</code>=true;;
*</ul>
* <p> This is an illegal combination since <code>storeKey</code> is set to
* will occur.</dd>
*
* <dd><pre>{@code
* renewTGT = true}</pre>
* This is an illegal combination since {@code useTicketCache} is
* not set to true and renewTGT is set. A configuration error will occur.</dd>
*
* <dd><pre>{@code
* storeKey = true useTicketCache = true doNotPrompt = true}</pre>
* This is an illegal combination since {@code storeKey} is set to
* true but the key can not be obtained either by prompting the user or from
* the keytab, or from the shared state. A configuration error will occur.
* <ul>
* <p> <code>keyTab</code> = &lt;filename&gt; <code>doNotPrompt</code>=true ;
* </ul>
* <p>This is an illegal combination since useKeyTab is not set to true and
* the keyTab is set. A configuration error will occur.
* <ul>
* <p> <code>debug=true </code>
*</ul>
* <p> Prompt the user for the principal name and the password.
* the keytab, or from the shared state. A configuration error will occur.</dd>
*
* <dd><pre>{@code
* keyTab = <filename> doNotPrompt = true}</pre>
* This is an illegal combination since useKeyTab is not set to true and
* the keyTab is set. A configuration error will occur.</dd>
*
* <dd><pre>{@code
* debug = true}</pre>
* Prompt the user for the principal name and the password.
* Use the authentication exchange to get TGT from the KDC and
* populate the <code>Subject</code> with the principal and TGT.
* Output debug messages.
* <ul>
* <p> <code>useTicketCache</code> = true <code>doNotPrompt</code>=true;
*</ul>
* <p>Check the default cache for TGT and populate the <code>Subject</code>
* populate the {@code Subject} with the principal and TGT.
* Output debug messages.</dd>
*
* <dd><pre>{@code
* useTicketCache = true doNotPrompt = true}</pre>
* Check the default cache for TGT and populate the {@code Subject}
* with the principal and TGT. If the TGT is not available,
* do not prompt the user, instead fail the authentication.
* <ul>
* <p><code>principal</code>=&lt;name&gt;<code>useTicketCache</code> = true
* <code>doNotPrompt</code>=true;
*</ul>
* <p> Get the TGT from the default cache for the principal and populate the
* do not prompt the user, instead fail the authentication.</dd>
*
* <dd><pre>{@code
* principal = <name> useTicketCache = true doNotPrompt = true}</pre>
* Get the TGT from the default cache for the principal and populate the
* Subject's principal and private creds set. If ticket cache is
* not available or does not contain the principal's TGT
* authentication will fail.
* <ul>
* <p> <code>useTicketCache</code> = true
* <code>ticketCache</code>=&lt;file name&gt;<code>useKeyTab</code> = true
* <code> keyTab</code>=&lt;keytab filename&gt;
* <code>principal</code> = &lt;principal name&gt;
* <code>doNotPrompt</code>=true;
*</ul>
* <p> Search the cache for the principal's TGT. If it is not available
* authentication will fail.</dd>
*
* <dd><pre>{@code
* useTicketCache = true
* ticketCache = <file name>
* useKeyTab = true
* keyTab = <keytab filename>
* principal = <principal name>
* doNotPrompt = true}</pre>
* Search the cache for the principal's TGT. If it is not available
* use the key in the keytab to perform authentication exchange with the
* KDC and acquire the TGT.
* The Subject will be populated with the principal and the TGT.
* If the key is not available or valid then authentication will fail.
* <ul>
* <p><code>useTicketCache</code> = true
* <code>ticketCache</code>=&lt;file name&gt;
*</ul>
* <p> The TGT will be obtained from the cache specified.
* If the key is not available or valid then authentication will fail.</dd>
*
* <dd><pre>{@code
* useTicketCache = true ticketCache = <filename>}</pre>
* The TGT will be obtained from the cache specified.
* The Kerberos principal name used will be the principal name in
* the Ticket cache. If the TGT is not available in the
* ticket cache the user will be prompted for the principal name
* and the password. The TGT will be obtained using the authentication
* exchange with the KDC.
* The Subject will be populated with the TGT.
*<ul>
* <p> <code>useKeyTab</code> = true
* <code>keyTab</code>=&lt;keytab filename&gt;
* <code>principal</code>= &lt;principal name&gt;
* <code>storeKey</code>=true;
*</ul>
* <p> The key for the principal will be retrieved from the keytab.
* The Subject will be populated with the TGT.</dd>
*
* <dd><pre>{@code
* useKeyTab = true keyTab=<keytab filename> principal = <principal name> storeKey = true}</pre>
* The key for the principal will be retrieved from the keytab.
* If the key is not available in the keytab the user will be prompted
* for the principal's password. The Subject will be populated
* with the principal's key either from the keytab or derived from the
* password entered.
* <ul>
* <p> <code>useKeyTab</code> = true
* <code>keyTab</code>=&lt;keytabname&gt;
* <code>storeKey</code>=true
* <code>doNotPrompt</code>=false;
*</ul>
* <p>The user will be prompted for the service principal name.
* password entered.</dd>
*
* <dd><pre>{@code
* useKeyTab = true keyTab = <keytabname> storeKey = true doNotPrompt = false}</pre>
* The user will be prompted for the service principal name.
* If the principal's
* longterm key is available in the keytab , it will be added to the
* Subject's private credentials. An authentication exchange will be
* attempted with the principal name and the key from the Keytab.
* If successful the TGT will be added to the
* Subject's private credentials set. Otherwise the authentication will
* fail.
* <ul>
* <p> <code>isInitiator</code> = false <code>useKeyTab</code> = true
* <code>keyTab</code>=&lt;keytabname&gt;
* <code>storeKey</code>=true
* <code>principal</code>=*;
*</ul>
* <p>The acceptor will be an unbound acceptor and it can act as any principal
* as long that principal has keys in the keytab.
*<ul>
* <p>
* <code>useTicketCache</code>=true
* <code>ticketCache</code>=&lt;file name&gt;;
* <code>useKeyTab</code> = true
* <code>keyTab</code>=&lt;file name&gt; <code>storeKey</code>=true
* <code>principal</code>= &lt;principal name&gt;
*</ul>
* <p>
* Subject's private credentials set. Otherwise the authentication will fail.</dd>
*
* <dd><pre>{@code
* isInitiator = false useKeyTab = true keyTab = <keytabname> storeKey = true principal = *}</pre>
* The acceptor will be an unbound acceptor and it can act as any principal
* as long that principal has keys in the keytab.</dd>
*
* <dd><pre>{@code
* useTicketCache = true
* ticketCache = <file name>
* useKeyTab = true
* keyTab = <file name>
* storeKey = true
* principal = <principal name>}</pre>
* The client's TGT will be retrieved from the ticket cache and added to the
* <code>Subject</code>'s private credentials. If the TGT is not available
* {@code Subject}'s private credentials. If the TGT is not available
* in the ticket cache, or the TGT's client name does not match the principal
* name, Java will use a secret key to obtain the TGT using the authentication
* exchange and added to the Subject's private credentials.
* This secret key will be first retrieved from the keytab. If the key
* is not available, the user will be prompted for the password. In either
* case, the key derived from the password will be added to the
* Subject's private credentials set.
* <ul>
* <p><code>isInitiator</code> = false
*</ul>
* <p>Configured to act as acceptor only, credentials are not acquired
* Subject's private credentials set.</dd>
*
* <dd><pre>{@code
* isInitiator = false}</pre>
* Configured to act as acceptor only, credentials are not acquired
* via AS exchange. For acceptors only, set this value to false.
* For initiators, do not set this value to false.
* <ul>
* <p><code>isInitiator</code> = true
*</ul>
* <p>Configured to act as initiator, credentials are acquired
* For initiators, do not set this value to false.</dd>
*
* <dd><pre>{@code
* isInitiator = true}</pre>
* Configured to act as initiator, credentials are acquired
* via AS exchange. For initiators, set this value to true, or leave this
* option unset, in which case default value (true) will be used.
* option unset, in which case default value (true) will be used.</dd>
*
* </dl></blockquote>
*
* @author Ram Marti
*/
@ -445,20 +429,19 @@ public class Krb5LoginModule implements LoginModule {
);
/**
* Initialize this <code>LoginModule</code>.
* Initialize this {@code LoginModule}.
*
* <p>
* @param subject the <code>Subject</code> to be authenticated. <p>
* @param subject the {@code Subject} to be authenticated.
*
* @param callbackHandler a <code>CallbackHandler</code> for
* @param callbackHandler a {@code CallbackHandler} for
* communication with the end user (prompting for
* usernames and passwords, for example). <p>
* usernames and passwords, for example).
*
* @param sharedState shared <code>LoginModule</code> state. <p>
* @param sharedState shared {@code LoginModule} state.
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
* {@code Configuration} for this particular
* {@code LoginModule}.
*/
// Unchecked warning from (Map<String, Object>)sharedState is safe
// since javax.security.auth.login.LoginContext passes a raw HashMap.
@ -536,14 +519,12 @@ public class Krb5LoginModule implements LoginModule {
/**
* Authenticate the user
*
* <p>
*
* @return true in all cases since this <code>LoginModule</code>
* @return true in all cases since this {@code LoginModule}
* should not be ignored.
*
* @exception FailedLoginException if the authentication fails. <p>
* @exception FailedLoginException if the authentication fails.
*
* @exception LoginException if this <code>LoginModule</code>
* @exception LoginException if this {@code LoginModule}
* is unable to perform the authentication.
*/
public boolean login() throws LoginException {
@ -1019,23 +1000,21 @@ public class Krb5LoginModule implements LoginModule {
}
/**
* <p> This method is called if the LoginContext's
* This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL
* LoginModules succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> method), then this method associates a
* <code>Krb5Principal</code>
* with the <code>Subject</code> located in the
* <code>LoginModule</code>. It adds Kerberos Credentials to the
* {@code login} method), then this method associates a
* {@code Krb5Principal}
* with the {@code Subject} located in the
* {@code LoginModule}. It adds Kerberos Credentials to the
* the Subject's private credentials set. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails.
*
* @return true if this LoginModule's own login and commit
@ -1147,18 +1126,16 @@ public class Krb5LoginModule implements LoginModule {
}
/**
* <p> This method is called if the LoginContext's
* This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL
* LoginModules did not succeed).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> and <code>commit</code> methods),
* {@code login} and {@code commit} methods),
* then this method cleans up any state that was originally saved.
*
* <p>
*
* @exception LoginException if the abort fails.
*
* @return false if this LoginModule's own login and/or commit attempts
@ -1183,14 +1160,12 @@ public class Krb5LoginModule implements LoginModule {
/**
* Logout the user.
*
* <p> This method removes the <code>Krb5Principal</code>
* that was added by the <code>commit</code> method.
*
* <p>
* <p> This method removes the {@code Krb5Principal}
* that was added by the {@code commit} method.
*
* @exception LoginException if the logout fails.
*
* @return true in all cases since this <code>LoginModule</code>
* @return true in all cases since this {@code LoginModule}
* should not be ignored.
*/
public boolean logout() throws LoginException {

113
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/module/LdapLoginModule.java
View File

@ -70,8 +70,8 @@ import com.sun.security.auth.UserPrincipal;
* conjunction with a specified search filter.
* If successful then authentication is attempted using the user's
* distinguished name and the supplied password.
* To enable this mode, set the <code>userFilter</code> option and omit the
* <code>authIdentity</code> option.
* To enable this mode, set the {@code userFilter} option and omit the
* {@code authIdentity} option.
* Use search-first mode when the user's distinguished name is not
* known in advance.
*
@ -79,22 +79,22 @@ import com.sun.security.auth.UserPrincipal;
* supplied username and password and then the LDAP directory is searched.
* If authentication is successful then a search is performed using the
* supplied username in conjunction with a specified search filter.
* To enable this mode, set the <code>authIdentity</code> and the
* <code>userFilter</code> options.
* To enable this mode, set the {@code authIdentity} and the
* {@code userFilter} options.
* Use authentication-first mode when accessing an LDAP directory
* that has been configured to disallow anonymous searches.
*
* <p> In authentication-only mode, authentication is attempted using the
* supplied username and password. The LDAP directory is not searched because
* the user's distinguished name is already known.
* To enable this mode, set the <code>authIdentity</code> option to a valid
* distinguished name and omit the <code>userFilter</code> option.
* To enable this mode, set the {@code authIdentity} option to a valid
* distinguished name and omit the {@code userFilter} option.
* Use authentication-only mode when the user's distinguished name is
* known in advance.
*
* <p> The following option is mandatory and must be specified in this
* module's login {@link Configuration}:
* <dl><dt></dt><dd>
* <dl><dd>
* <dl>
* <dt> <code>userProvider=<b>ldap_urls</b></code>
* </dt>
@ -106,7 +106,7 @@ import com.sun.security.auth.UserPrincipal;
* When several LDAP URLs are specified then each is attempted,
* in turn, until the first successful connection is established.
* Spaces in the distinguished name component of the URL must be escaped
* using the standard mechanism of percent character ('<code>%</code>')
* using the standard mechanism of percent character ('{@code %}')
* followed by two hexadecimal digits (see {@link java.net.URI}).
* Query components must also be omitted from the URL.
*
@ -120,33 +120,33 @@ import com.sun.security.auth.UserPrincipal;
*
* <p> This module also recognizes the following optional {@link Configuration}
* options:
* <dl><dt></dt><dd>
* <dl><dd>
* <dl>
* <dt> <code>userFilter=<b>ldap_filter</b></code> </dt>
* <dd> This option specifies the search filter to use to locate a user's
* entry in the LDAP directory. It is used to determine a user's
* distinguished name.
* <code><b>ldap_filter</b></code> is an LDAP filter string
* <b>{@code ldap_filter}</b> is an LDAP filter string
* (<a href="http://www.ietf.org/rfc/rfc2254.txt">RFC 2254</a>).
* If it contains the special token "<code><b>{USERNAME}</b></code>"
* If it contains the special token "<b>{@code {USERNAME}}</b>"
* then that token will be replaced with the supplied username value
* before the filter is used to search the directory. </dd>
*
* <dt> <code>authIdentity=<b>auth_id</b></code> </dt>
* <dd> This option specifies the identity to use when authenticating a user
* to the LDAP directory.
* <code><b>auth_id</b></code> may be an LDAP distinguished name string
* <b>{@code auth_id}</b> may be an LDAP distinguished name string
* (<a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a>) or some
* other string name.
* It must contain the special token "<code><b>{USERNAME}</b></code>"
* It must contain the special token "<b>{@code {USERNAME}}</b>"
* which will be replaced with the supplied username value before the
* name is used for authentication.
* Note that if this option does not contain a distinguished name then
* the <code>userFilter</code> option must also be specified. </dd>
* the {@code userFilter} option must also be specified. </dd>
*
* <dt> <code>authzIdentity=<b>authz_id</b></code> </dt>
* <dd> This option specifies an authorization identity for the user.
* <code><b>authz_id</b></code> is any string name.
* <b>{@code authz_id}</b> is any string name.
* If it comprises a single special token with curly braces then
* that token is treated as a attribute name and will be replaced with a
* single value of that attribute from the user's LDAP entry.
@ -156,23 +156,23 @@ import com.sun.security.auth.UserPrincipal;
* is created using the authorization identity and it is associated with
* the current {@link Subject}. </dd>
*
* <dt> <code>useSSL</code> </dt>
* <dd> if <code>false</code>, this module does not establish an SSL connection
* <dt> {@code useSSL} </dt>
* <dd> if {@code false}, this module does not establish an SSL connection
* to the LDAP server before attempting authentication. SSL is used to
* protect the privacy of the user's password because it is transmitted
* in the clear over LDAP.
* By default, this module uses SSL. </dd>
*
* <dt> <code>useFirstPass</code> </dt>
* <dd> if <code>true</code>, this module retrieves the username and password
* <dt> {@code useFirstPass} </dt>
* <dd> if {@code true}, this module retrieves the username and password
* from the module's shared state, using "javax.security.auth.login.name"
* and "javax.security.auth.login.password" as the respective keys. The
* retrieved values are used for authentication. If authentication fails,
* no attempt for a retry is made, and the failure is reported back to
* the calling application.</dd>
*
* <dt> <code>tryFirstPass</code> </dt>
* <dd> if <code>true</code>, this module retrieves the username and password
* <dt> {@code tryFirstPass} </dt>
* <dd> if {@code true}, this module retrieves the username and password
* from the module's shared state, using "javax.security.auth.login.name"
* and "javax.security.auth.login.password" as the respective keys. The
* retrieved values are used for authentication. If authentication fails,
@ -181,8 +181,8 @@ import com.sun.security.auth.UserPrincipal;
* authentication fails, the failure is reported back to the calling
* application.</dd>
*
* <dt> <code>storePass</code> </dt>
* <dd> if <code>true</code>, this module stores the username and password
* <dt> {@code storePass} </dt>
* <dd> if {@code true}, this module stores the username and password
* obtained from the {@link CallbackHandler} in the module's shared state,
* using
* "javax.security.auth.login.name" and
@ -190,13 +190,13 @@ import com.sun.security.auth.UserPrincipal;
* not performed if existing values already exist for the username and
* password in the shared state, or if authentication fails.</dd>
*
* <dt> <code>clearPass</code> </dt>
* <dd> if <code>true</code>, this module clears the username and password
* <dt> {@code clearPass} </dt>
* <dd> if {@code true}, this module clears the username and password
* stored in the module's shared state after both phases of authentication
* (login and commit) have completed.</dd>
*
* <dt> <code>debug</code> </dt>
* <dd> if <code>true</code>, debug messages are displayed on the standard
* <dt> {@code debug} </dt>
* <dd> if {@code true}, debug messages are displayed on the standard
* output stream.
* </dl>
* </dl>
@ -209,36 +209,36 @@ import com.sun.security.auth.UserPrincipal;
* Note that the following four JNDI properties are set by this module directly
* and are ignored if also present in the configuration:
* <ul>
* <li> <code>java.naming.provider.url</code>
* <li> <code>java.naming.security.principal</code>
* <li> <code>java.naming.security.credentials</code>
* <li> <code>java.naming.security.protocol</code>
* <li> {@code java.naming.provider.url}
* <li> {@code java.naming.security.principal}
* <li> {@code java.naming.security.credentials}
* <li> {@code java.naming.security.protocol}
* </ul>
*
* <p>
* Three sample {@link Configuration}s are shown below.
* The first one activates search-first mode. It identifies the LDAP server
* and specifies that users' entries be located by their <code>uid</code> and
* <code>objectClass</code> attributes. It also specifies that an identity
* based on the user's <code>employeeNumber</code> attribute should be created.
* and specifies that users' entries be located by their {@code uid} and
* {@code objectClass} attributes. It also specifies that an identity
* based on the user's {@code employeeNumber} attribute should be created.
* The second one activates authentication-first mode. It requests that the
* LDAP server be located dynamically, that authentication be performed using
* the supplied username directly but without the protection of SSL and that
* users' entries be located by one of three naming attributes and their
* <code>objectClass</code> attribute.
* {@code objectClass} attribute.
* The third one activates authentication-only mode. It identifies alternative
* LDAP servers, it specifies the distinguished name to use for
* authentication and a fixed identity to use for authorization. No directory
* search is performed.
*
* <pre>
* <pre>{@literal
*
* ExampleApplication {
* com.sun.security.auth.module.LdapLoginModule REQUIRED
* userProvider="ldap://ldap-svr/ou=people,dc=example,dc=com"
* userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
* authzIdentity="{EMPLOYEENUMBER}"
* debug=true;
* userProvider="ldap://ldap-svr/ou=people,dc=example,dc=com"
* userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
* authzIdentity="{EMPLOYEENUMBER}"
* debug=true;
* };
*
* ExampleApplication {
@ -258,7 +258,7 @@ import com.sun.security.auth.UserPrincipal;
* debug=true;
* };
*
* </pre>
* }</pre>
*
* <dl>
* <dt><b>Note:</b> </dt>
@ -282,7 +282,6 @@ import com.sun.security.auth.UserPrincipal;
* <em>caller-specified</em> {@link Configuration} then the application
* must be granted the permissions required by the {@link LoginModule}.
* <em>This</em> module requires the following two permissions:
* <p>
* <ul>
* <li> The {@link SocketPermission} to connect to an LDAP server.
* <li> The {@link AuthPermission} to modify the set of {@link Principal}s
@ -373,15 +372,15 @@ public class LdapLoginModule implements LoginModule {
private SearchControls constraints = null;
/**
* Initialize this <code>LoginModule</code>.
* Initialize this {@code LoginModule}.
*
* @param subject the <code>Subject</code> to be authenticated.
* @param callbackHandler a <code>CallbackHandler</code> to acquire the
* @param subject the {@code Subject} to be authenticated.
* @param callbackHandler a {@code CallbackHandler} to acquire the
* username and password.
* @param sharedState shared <code>LoginModule</code> state.
* @param sharedState shared {@code LoginModule} state.
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
* {@code Configuration} for this particular
* {@code LoginModule}.
*/
// Unchecked warning from (Map<String, Object>)sharedState is safe
// since javax.security.auth.login.LoginContext passes a raw HashMap.
@ -492,10 +491,10 @@ public class LdapLoginModule implements LoginModule {
* <p> Acquire the user's credentials and verify them against the
* specified LDAP directory.
*
* @return true always, since this <code>LoginModule</code>
* @return true always, since this {@code LoginModule}
* should not be ignored.
* @exception FailedLoginException if the authentication fails.
* @exception LoginException if this <code>LoginModule</code>
* @exception LoginException if this {@code LoginModule}
* is unable to perform the authentication.
*/
public boolean login() throws LoginException {
@ -593,10 +592,10 @@ public class LdapLoginModule implements LoginModule {
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> method), then this method associates an
* <code>LdapPrincipal</code> and one or more <code>UserPrincipal</code>s
* with the <code>Subject</code> located in the
* <code>LoginModule</code>. If this LoginModule's own
* {@code login} method), then this method associates an
* {@code LdapPrincipal} and one or more {@code UserPrincipal}s
* with the {@code Subject} located in the
* {@code LoginModule}. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
@ -662,7 +661,7 @@ public class LdapLoginModule implements LoginModule {
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> and <code>commit</code> methods),
* {@code login} and {@code commit} methods),
* then this method cleans up any state that was originally saved.
*
* @exception LoginException if the abort fails.
@ -697,10 +696,10 @@ public class LdapLoginModule implements LoginModule {
* Logout a user.
*
* <p> This method removes the Principals
* that were added by the <code>commit</code> method.
* that were added by the {@code commit} method.
*
* @exception LoginException if the logout fails.
* @return true in all cases since this <code>LoginModule</code>
* @return true in all cases since this {@code LoginModule}
* should not be ignored.
*/
public boolean logout() throws LoginException {

62
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/module/NTLoginModule.java
View File

@ -41,10 +41,10 @@ import com.sun.security.auth.NTSidGroupPrincipal;
import com.sun.security.auth.NTNumericCredential;
/**
* <p> This <code>LoginModule</code>
* This {@code LoginModule}
* renders a user's NT security information as some number of
* <code>Principal</code>s
* and associates them with a <code>Subject</code>.
* {@code Principal}s
* and associates them with a {@code Subject}.
*
* <p> This LoginModule recognizes the debug option.
* If set to true in the login Configuration,
@ -85,23 +85,21 @@ public class NTLoginModule implements LoginModule {
private NTNumericCredential iToken; // impersonation token
/**
* Initialize this <code>LoginModule</code>.
* Initialize this {@code LoginModule}.
*
* <p>
* @param subject the {@code Subject} to be authenticated.
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* @param callbackHandler a {@code CallbackHandler} for communicating
* with the end user (prompting for usernames and
* passwords, for example). This particular LoginModule only
* extracts the underlying NT system information, so this
* parameter is ignored.<p>
* parameter is ignored.
*
* @param sharedState shared <code>LoginModule</code> state. <p>
* @param sharedState shared {@code LoginModule} state.
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
* {@code Configuration} for this particular
* {@code LoginModule}.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState,
@ -125,14 +123,12 @@ public class NTLoginModule implements LoginModule {
/**
* Import underlying NT system identity information.
*
* <p>
*
* @return true in all cases since this <code>LoginModule</code>
* @return true in all cases since this {@code LoginModule}
* should not be ignored.
*
* @exception FailedLoginException if the authentication fails. <p>
* @exception FailedLoginException if the authentication fails.
*
* @exception LoginException if this <code>LoginModule</code>
* @exception LoginException if this {@code LoginModule}
* is unable to perform the authentication.
*/
public boolean login() throws LoginException {
@ -221,22 +217,20 @@ public class NTLoginModule implements LoginModule {
}
/**
* <p> This method is called if the LoginContext's
* This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> method), then this method associates some
* number of various <code>Principal</code>s
* with the <code>Subject</code> located in the
* <code>LoginModuleContext</code>. If this LoginModule's own
* {@code login} method), then this method associates some
* number of various {@code Principal}s
* with the {@code Subject} located in the
* {@code LoginModuleContext}. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails.
*
* @return true if this LoginModule's own login and commit
@ -290,18 +284,16 @@ public class NTLoginModule implements LoginModule {
/**
* <p> This method is called if the LoginContext's
* This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> and <code>commit</code> methods),
* {@code login} and {@code commit} methods),
* then this method cleans up any state that was originally saved.
*
* <p>
*
* @exception LoginException if the abort fails.
*
* @return false if this LoginModule's own login and/or commit attempts
@ -336,17 +328,15 @@ public class NTLoginModule implements LoginModule {
/**
* Logout the user.
*
* <p> This method removes the <code>NTUserPrincipal</code>,
* <code>NTDomainPrincipal</code>, <code>NTSidUserPrincipal</code>,
* <code>NTSidDomainPrincipal</code>, <code>NTSidGroupPrincipal</code>s,
* and <code>NTSidPrimaryGroupPrincipal</code>
* that may have been added by the <code>commit</code> method.
*
* <p>
* <p> This method removes the {@code NTUserPrincipal},
* {@code NTDomainPrincipal}, {@code NTSidUserPrincipal},
* {@code NTSidDomainPrincipal}, {@code NTSidGroupPrincipal}s,
* and {@code NTSidPrimaryGroupPrincipal}
* that may have been added by the {@code commit} method.
*
* @exception LoginException if the logout fails.
*
* @return true in all cases since this <code>LoginModule</code>
* @return true in all cases since this {@code LoginModule}
* should not be ignored.
*/
public boolean logout() throws LoginException {

20
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/module/NTSystem.java
View File

@ -26,7 +26,7 @@
package com.sun.security.auth.module;
/**
* <p> This class implementation retrieves and makes available NT
* This class implementation retrieves and makes available NT
* security information for the current user.
*
*/
@ -45,7 +45,7 @@ public class NTSystem {
private long impersonationToken;
/**
* Instantiate an <code>NTSystem</code> and load
* Instantiate an {@code NTSystem} and load
* the native library to access the underlying system information.
*/
public NTSystem() {
@ -53,7 +53,7 @@ public class NTSystem {
}
/**
* Instantiate an <code>NTSystem</code> and load
* Instantiate an {@code NTSystem} and load
* the native library to access the underlying system information.
*/
NTSystem(boolean debug) {
@ -64,8 +64,6 @@ public class NTSystem {
/**
* Get the username for the current NT user.
*
* <p>
*
* @return the username for the current NT user.
*/
public String getName() {
@ -75,8 +73,6 @@ public class NTSystem {
/**
* Get the domain for the current NT user.
*
* <p>
*
* @return the domain for the current NT user.
*/
public String getDomain() {
@ -86,8 +82,6 @@ public class NTSystem {
/**
* Get a printable SID for the current NT user's domain.
*
* <p>
*
* @return a printable SID for the current NT user's domain.
*/
public String getDomainSID() {
@ -97,8 +91,6 @@ public class NTSystem {
/**
* Get a printable SID for the current NT user.
*
* <p>
*
* @return a printable SID for the current NT user.
*/
public String getUserSID() {
@ -108,8 +100,6 @@ public class NTSystem {
/**
* Get a printable primary group SID for the current NT user.
*
* <p>
*
* @return the primary group SID for the current NT user.
*/
public String getPrimaryGroupID() {
@ -119,8 +109,6 @@ public class NTSystem {
/**
* Get the printable group SIDs for the current NT user.
*
* <p>
*
* @return the group SIDs for the current NT user.
*/
public String[] getGroupIDs() {
@ -130,8 +118,6 @@ public class NTSystem {
/**
* Get an impersonation token for the current NT user.
*
* <p>
*
* @return an impersonation token for the current NT user.
*/
public synchronized long getImpersonationToken() {

52
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/module/SolarisLoginModule.java
View File

@ -36,17 +36,17 @@ import com.sun.security.auth.SolarisNumericUserPrincipal;
import com.sun.security.auth.SolarisNumericGroupPrincipal;
/**
* <p> This <code>LoginModule</code> imports a user's Solaris
* <code>Principal</code> information (<code>SolarisPrincipal</code>,
* <code>SolarisNumericUserPrincipal</code>,
* and <code>SolarisNumericGroupPrincipal</code>)
* and associates them with the current <code>Subject</code>.
* This {@code LoginModule} imports a user's Solaris
* {@code Principal} information ({@code SolarisPrincipal},
* {@code SolarisNumericUserPrincipal},
* and {@code SolarisNumericGroupPrincipal})
* and associates them with the current {@code Subject}.
*
* <p> This LoginModule recognizes the debug option.
* If set to true in the login Configuration,
* debug messages will be output to the output stream, System.out.
* @deprecated As of JDK1.4, replaced by
* <code>com.sun.security.auth.module.UnixLoginModule</code>.
* {@code com.sun.security.auth.module.UnixLoginModule}.
* This LoginModule is entirely deprecated and
* is here to allow for a smooth transition to the new
* UnixLoginModule.
@ -80,21 +80,19 @@ public class SolarisLoginModule implements LoginModule {
new LinkedList<>();
/**
* Initialize this <code>LoginModule</code>.
* Initialize this {@code LoginModule}.
*
* <p>
* @param subject the {@code Subject} to be authenticated.
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* @param callbackHandler a {@code CallbackHandler} for communicating
* with the end user (prompting for usernames and
* passwords, for example). <p>
* passwords, for example).
*
* @param sharedState shared <code>LoginModule</code> state. <p>
* @param sharedState shared {@code LoginModule} state.
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
* {@code Configuration} for this particular
* {@code LoginModule}.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState,
@ -114,15 +112,13 @@ public class SolarisLoginModule implements LoginModule {
* Authenticate the user (first phase).
*
* <p> The implementation of this method attempts to retrieve the user's
* Solaris <code>Subject</code> information by making a native Solaris
* Solaris {@code Subject} information by making a native Solaris
* system call.
*
* <p>
*
* @exception FailedLoginException if attempts to retrieve the underlying
* system information fail.
*
* @return true in all cases (this <code>LoginModule</code>
* @return true in all cases (this {@code LoginModule}
* should not be ignored).
*/
public boolean login() throws LoginException {
@ -175,13 +171,11 @@ public class SolarisLoginModule implements LoginModule {
* <p> If this LoginModule's own authentication attempt
* succeeded (the importing of the Solaris authentication information
* succeeded), then this method associates the Solaris Principals
* with the <code>Subject</code> currently tied to the
* <code>LoginModule</code>. If this LoginModule's
* with the {@code Subject} currently tied to the
* {@code LoginModule}. If this LoginModule's
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails
*
* @return true if this LoginModule's own login and commit attempts
@ -232,10 +226,8 @@ public class SolarisLoginModule implements LoginModule {
* did not succeed).
*
* <p> This method cleans up any state that was originally saved
* as part of the authentication attempt from the <code>login</code>
* and <code>commit</code> methods.
*
* <p>
* as part of the authentication attempt from the {@code login}
* and {@code commit} methods.
*
* @exception LoginException if the abort fails
*
@ -272,13 +264,11 @@ public class SolarisLoginModule implements LoginModule {
* Logout the user
*
* <p> This method removes the Principals associated
* with the <code>Subject</code>.
*
* <p>
* with the {@code Subject}.
*
* @exception LoginException if the logout fails
*
* @return true in all cases (this <code>LoginModule</code>
* @return true in all cases (this {@code LoginModule}
* should not be ignored).
*/
public boolean logout() throws LoginException {

12
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/module/SolarisSystem.java
View File

@ -26,7 +26,7 @@
package com.sun.security.auth.module;
/**
* <p> This class implementation retrieves and makes available Solaris
* This class implementation retrieves and makes available Solaris
* UID/GID/groups information for the current user.
*
* @deprecated replaced by {@link UnixSystem}.
@ -43,7 +43,7 @@ public class SolarisSystem {
protected long[] groups;
/**
* Instantiate a <code>SolarisSystem</code> and load
* Instantiate a {@code SolarisSystem} and load
* the native library to access the underlying system information.
*/
public SolarisSystem() {
@ -54,8 +54,6 @@ public class SolarisSystem {
/**
* Get the username for the current Solaris user.
*
* <p>
*
* @return the username for the current Solaris user.
*/
public String getUsername() {
@ -65,8 +63,6 @@ public class SolarisSystem {
/**
* Get the UID for the current Solaris user.
*
* <p>
*
* @return the UID for the current Solaris user.
*/
public long getUid() {
@ -76,8 +72,6 @@ public class SolarisSystem {
/**
* Get the GID for the current Solaris user.
*
* <p>
*
* @return the GID for the current Solaris user.
*/
public long getGid() {
@ -87,8 +81,6 @@ public class SolarisSystem {
/**
* Get the supplementary groups for the current Solaris user.
*
* <p>
*
* @return the supplementary groups for the current Solaris user.
*/
public long[] getGroups() {

50
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/module/UnixLoginModule.java
View File

@ -36,11 +36,11 @@ import com.sun.security.auth.UnixNumericUserPrincipal;
import com.sun.security.auth.UnixNumericGroupPrincipal;
/**
* <p> This <code>LoginModule</code> imports a user's Unix
* <code>Principal</code> information (<code>UnixPrincipal</code>,
* <code>UnixNumericUserPrincipal</code>,
* and <code>UnixNumericGroupPrincipal</code>)
* and associates them with the current <code>Subject</code>.
* This {@code LoginModule} imports a user's Unix
* {@code Principal} information ({@code UnixPrincipal},
* {@code UnixNumericUserPrincipal},
* and {@code UnixNumericGroupPrincipal})
* and associates them with the current {@code Subject}.
*
* <p> This LoginModule recognizes the debug option.
* If set to true in the login Configuration,
@ -74,21 +74,19 @@ public class UnixLoginModule implements LoginModule {
new LinkedList<>();
/**
* Initialize this <code>LoginModule</code>.
* Initialize this {@code LoginModule}.
*
* <p>
* @param subject the {@code Subject} to be authenticated.
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* @param callbackHandler a {@code CallbackHandler} for communicating
* with the end user (prompting for usernames and
* passwords, for example). <p>
* passwords, for example).
*
* @param sharedState shared <code>LoginModule</code> state. <p>
* @param sharedState shared {@code LoginModule} state.
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
* {@code Configuration} for this particular
* {@code LoginModule}.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String,?> sharedState,
@ -107,15 +105,13 @@ public class UnixLoginModule implements LoginModule {
* Authenticate the user (first phase).
*
* <p> The implementation of this method attempts to retrieve the user's
* Unix <code>Subject</code> information by making a native Unix
* Unix {@code Subject} information by making a native Unix
* system call.
*
* <p>
*
* @exception FailedLoginException if attempts to retrieve the underlying
* system information fail.
*
* @return true in all cases (this <code>LoginModule</code>
* @return true in all cases (this {@code LoginModule}
* should not be ignored).
*/
public boolean login() throws LoginException {
@ -169,13 +165,11 @@ public class UnixLoginModule implements LoginModule {
* <p> If this LoginModule's own authentication attempt
* succeeded (the importing of the Unix authentication information
* succeeded), then this method associates the Unix Principals
* with the <code>Subject</code> currently tied to the
* <code>LoginModule</code>. If this LoginModule's
* with the {@code Subject} currently tied to the
* {@code LoginModule}. If this LoginModule's
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails
*
* @return true if this LoginModule's own login and commit attempts
@ -228,10 +222,8 @@ public class UnixLoginModule implements LoginModule {
* did not succeed).
*
* <p> This method cleans up any state that was originally saved
* as part of the authentication attempt from the <code>login</code>
* and <code>commit</code> methods.
*
* <p>
* as part of the authentication attempt from the {@code login}
* and {@code commit} methods.
*
* @exception LoginException if the abort fails
*
@ -267,13 +259,11 @@ public class UnixLoginModule implements LoginModule {
* Logout the user
*
* <p> This method removes the Principals associated
* with the <code>Subject</code>.
*
* <p>
* with the {@code Subject}.
*
* @exception LoginException if the logout fails
*
* @return true in all cases (this <code>LoginModule</code>
* @return true in all cases (this {@code LoginModule}
* should not be ignored).
*/
public boolean logout() throws LoginException {

13
jdk/src/jdk.security.auth/share/classes/com/sun/security/auth/module/UnixSystem.java
View File

@ -26,9 +26,8 @@
package com.sun.security.auth.module;
/**
* <p> This class implementation retrieves and makes available Unix
* This class implementation retrieves and makes available Unix
* UID/GID/groups information for the current user.
*
*/
@jdk.Exported
public class UnixSystem {
@ -41,7 +40,7 @@ public class UnixSystem {
protected long[] groups;
/**
* Instantiate a <code>UnixSystem</code> and load
* Instantiate a {@code UnixSystem} and load
* the native library to access the underlying system information.
*/
public UnixSystem() {
@ -52,8 +51,6 @@ public class UnixSystem {
/**
* Get the username for the current Unix user.
*
* <p>
*
* @return the username for the current Unix user.
*/
public String getUsername() {
@ -63,8 +60,6 @@ public class UnixSystem {
/**
* Get the UID for the current Unix user.
*
* <p>
*
* @return the UID for the current Unix user.
*/
public long getUid() {
@ -74,8 +69,6 @@ public class UnixSystem {
/**
* Get the GID for the current Unix user.
*
* <p>
*
* @return the GID for the current Unix user.
*/
public long getGid() {
@ -85,8 +78,6 @@ public class UnixSystem {
/**
* Get the supplementary groups for the current Unix user.
*
* <p>
*
* @return the supplementary groups for the current Unix user.
*/
public long[] getGroups() {