A Subject
represents a grouping of related information for a single entity, such as a person. Such information includes the Subject's identities as well as its security-related attributes (passwords and cryptographic keys, for example).
Subjects may potentially have multiple identities. Each identity is represented as a Principal
within the Subject
. Principals simply bind names to a Subject
. For example, a Subject
that happens to be a person, Alice, might have two Principals: one which binds "Alice Bar", the name on her driver license, to the Subject
, and another which binds, "999-99-9999", the number on her student identification card, to the Subject
. Both Principals refer to the same Subject
even though each has a different name.
A Subject
may also own security-related attributes, which are referred to as credentials. Sensitive credentials that require special protection, such as private cryptographic keys, are stored within a private credential Set
. Credentials intended to be shared, such as public key certificates or Kerberos server tickets are stored within a public credential Set
. Different permissions are required to access and modify the different credential Sets.
To retrieve all the Principals associated with a Subject
, invoke the getPrincipals
method. To retrieve all the public or private credentials belonging to a Subject
, invoke the getPublicCredentials
method or getPrivateCredentials
method, respectively. To modify the returned Set
of Principals and credentials, use the methods defined in the Set
class. For example:
Subject subject;
Principal principal;
Object credential;
// add a Principal and credential to the Subject
subject.getPrincipals().add(principal);
subject.getPublicCredentials().add(credential);
This Subject
class implements Serializable
. While the Principals associated with the Subject
are serialized, the credentials associated with the Subject
are not. Note that the java.security.Principal
class does not implement Serializable
. Therefore all concrete Principal
implementations associated with Subjects must implement Serializable
.