SecurityUtil (Apache Derby V10.14 Internals)

java.lang.Object
- org.apache.derby.iapi.security.SecurityUtil

```
public class SecurityUtil
extends java.lang.Object
```
This class provides helper functions for security-related features.

Field Summary

Fields
Modifier and Type Field Description

private static SystemPermission USE_DERBY_INTERNALS
Permission to access Derby contexts (permissions are immutable).

Fields
Modifier and Type	Field	Description
`private static SystemPermission`	`USE_DERBY_INTERNALS`	Permission to access Derby contexts (permissions are immutable).

Constructor Summary

Constructors
Constructor Description

SecurityUtil()

Constructors
Constructor	Description
`SecurityUtil()`

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static void`	`authorize(Securable operation)`	Raise an exception if the current user does not have permission to perform the indicated operation.
`static void`	`checkDerbyInternalsPrivilege()`	Verify that we have been granted permission to use Derby internals
`static void`	`checkSubjectHasPermission(javax.security.auth.Subject subject, java.security.Permission perm)`	Checks that a Subject has a Permission under the SecurityManager.
`static void`	`checkUserHasPermission(java.lang.String user, java.security.Permission perm)`	Checks that a User has a Permission under the SecurityManager.
`static javax.security.auth.Subject`	`createSystemPrincipalSubject(java.lang.String user)`	Creates a (read-only) Subject representing a given user as a System user within Derby.
`private static java.lang.String`	`getAuthorizationId(java.lang.String name)`	Returns the Authorization Identifier for a principal name.
`private static Context`	`getContextOrNull(java.lang.String contextID)`	Privileged lookup of a Context.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - USE_DERBY_INTERNALS
```
private static final SystemPermission USE_DERBY_INTERNALS
```
    Permission to access Derby contexts (permissions are immutable).
- Constructor Detail
  - SecurityUtil
```
public SecurityUtil()
```
- Method Detail
  - createSystemPrincipalSubject
```
public static javax.security.auth.Subject createSystemPrincipalSubject(java.lang.String user)
```
    Creates a (read-only) Subject representing a given user as a System user within Derby.
    
    Parameters:
    
    user - the user name
    
    Returns:
    
    a Subject representing the user by its exact and normalized name
    
    See Also:
    
    User Names & Authorization Identifiers in Derby
  - getAuthorizationId
```
private static java.lang.String getAuthorizationId(java.lang.String name)
```
    Returns the Authorization Identifier for a principal name.
    
    Parameters:
    
    name - the name of the principal
    
    Returns:
    
    the authorization identifier for this principal
  - checkSubjectHasPermission
```
public static void checkSubjectHasPermission(javax.security.auth.Subject subject,
                                             java.security.Permission perm)
```
    Checks that a Subject has a Permission under the SecurityManager. To perform this check the following policy grant is required
    - to run the encapsulated test: permission javax.security.auth.AuthPermission "doAsPrivileged";
    or an AccessControlException will be raised detailing the cause.
    Parameters:
    
    subject - the subject representing the SystemPrincipal(s)
    
    perm - the permission to be checked
    
    Throws:
    
    java.security.AccessControlException - if permissions are missing
  - checkUserHasPermission
```
public static void checkUserHasPermission(java.lang.String user,
                                          java.security.Permission perm)
```
    Checks that a User has a Permission under the SecurityManager. To perform this check the following policy grant is required
    - to run the encapsulated test: permission javax.security.auth.AuthPermission "doAsPrivileged";
    or an AccessControlException will be raised detailing the cause.
    Parameters:
    
    user - the user to be check for having the permission
    
    perm - the permission to be checked
    
    Throws:
    
    java.security.AccessControlException - if permissions are missing
  - authorize
```
public static void authorize(Securable operation)
                      throws StandardException
```
    Raise an exception if the current user does not have permission to perform the indicated operation.
    
    Throws:
    
    StandardException
  - checkDerbyInternalsPrivilege
```
public static void checkDerbyInternalsPrivilege()
```
    Verify that we have been granted permission to use Derby internals
  - getContextOrNull
```
private static Context getContextOrNull(java.lang.String contextID)
```
    Privileged lookup of a Context. Must be private so that user code can't call this entry point.

Class SecurityUtil

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

USE_DERBY_INTERNALS

Constructor Detail

SecurityUtil

Method Detail

createSystemPrincipalSubject

getAuthorizationId

checkSubjectHasPermission

checkUserHasPermission

authorize

checkDerbyInternalsPrivilege

getContextOrNull