|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.jboss.mx.util.JBossNotificationBroadcasterSupport
org.jboss.system.ServiceMBeanSupport
org.jboss.security.plugins.JaasSecurityManager
public class JaasSecurityManager
The JaasSecurityManager is responsible both for authenticating credentials associated with principals and for role mapping. This implementation relies on the JAAS LoginContext/LoginModules associated with the security domain name associated with the class for authentication, and the context JAAS Subject object for role mapping.
isValid(Principal, Object, Subject)
,
getPrincipal(Principal)
,
doesUserHaveRole(Principal, Set)
Nested Class Summary | |
---|---|
static class |
JaasSecurityManager.DomainInfo
The authentication cache object. |
Field Summary | |
---|---|
protected org.jboss.logging.Logger |
log
The log4j category for the security manager domain |
protected boolean |
trace
|
Fields inherited from class org.jboss.system.ServiceMBeanSupport |
---|
server, SERVICE_CONTROLLER_SIG, serviceName |
Fields inherited from interface org.jboss.system.ServiceMBean |
---|
CREATE_EVENT, CREATED, DESTROY_EVENT, DESTROYED, FAILED, REGISTERED, START_EVENT, STARTED, STARTING, states, STOP_EVENT, STOPPED, STOPPING, UNREGISTERED |
Constructor Summary | |
---|---|
JaasSecurityManager()
Creates a default JaasSecurityManager for with a securityDomain name of 'other'. |
|
JaasSecurityManager(String securityDomain,
CallbackHandler handler)
Creates a JaasSecurityManager for with a securityDomain name of that given by the 'securityDomain' argument. |
Method Summary | |
---|---|
protected boolean |
doesRoleGroupHaveRole(Principal role,
Group userRoles)
Check that the indicated application domain role is a member of the user's assigned roles. |
boolean |
doesUserHaveRole(Principal principal,
Principal role)
Does the current Subject have a role(a Principal) that equates to one of the role names. |
boolean |
doesUserHaveRole(Principal principal,
Set rolePrincipals)
Does the current Subject have a role(a Principal) that equates to one of the role names. |
void |
flushCache()
Not really used anymore as the security manager service manages the security domain authentication caches. |
Subject |
getActiveSubject()
Get the currently authenticated Subject. |
Principal |
getPrincipal(Principal principal)
Map the argument principal from the deployment environment principal to the developer environment. |
String |
getSecurityDomain()
Get the name of the security domain associated with this security mgr. |
Set |
getUserRoles(Principal principal)
Return the set of domain roles the current active Subject 'Roles' group found in the subject Principals set. |
boolean |
isValid(Principal principal,
Object credential)
Validate that the given credential is correct for principal. |
boolean |
isValid(Principal principal,
Object credential,
Subject activeSubject)
Validate that the given credential is correct for principal. |
void |
setCachePolicy(org.jboss.util.CachePolicy domainCache)
The domainCache is typically a shared object that is populated by the login code(LoginModule, etc.) and read by this class in the isValid() method. |
void |
setDeepCopySubjectOption(Boolean flag)
Flag to specify if deep copy of subject sets needs to be enabled |
Methods inherited from class org.jboss.system.ServiceMBeanSupport |
---|
create, createService, destroy, destroyService, getDeploymentInfo, getLog, getName, getNextNotificationSequenceNumber, getObjectName, getServer, getServiceName, getState, getStateString, jbossInternalCreate, jbossInternalDescription, jbossInternalDestroy, jbossInternalLifecycle, jbossInternalStart, jbossInternalStop, postDeregister, postRegister, preDeregister, preRegister, start, startService, stop, stopService |
Methods inherited from class org.jboss.mx.util.JBossNotificationBroadcasterSupport |
---|
addNotificationListener, getNotificationInfo, handleNotification, nextNotificationSequenceNumber, removeNotificationListener, removeNotificationListener, sendNotification |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected org.jboss.logging.Logger log
protected boolean trace
Constructor Detail |
---|
public JaasSecurityManager()
public JaasSecurityManager(String securityDomain, CallbackHandler handler)
securityDomain
- the name of the security domainhandler
- the JAAS callback handler instance to use
UndeclaredThrowableException
- thrown if handler does not
implement a setSecurityInfo(Princpal, Object) methodMethod Detail |
---|
public void setCachePolicy(org.jboss.util.CachePolicy domainCache)
isValid(Principal, Object, Subject)
public void setDeepCopySubjectOption(Boolean flag)
flag
- public void flushCache()
public String getSecurityDomain()
getSecurityDomain
in interface AuthenticationManager
public Subject getActiveSubject()
getActiveSubject
in interface AuthenticationManager
PolicyContextHandler.getContext(String, Object)
public boolean isValid(Principal principal, Object credential)
isValid
in interface AuthenticationManager
principal
- - the security domain principal attempting accesscredential
- - the proof of identity offered by the principal
AuthenticationManager.isValid(Principal, Object, Subject)
public boolean isValid(Principal principal, Object credential, Subject activeSubject)
isValid
in interface AuthenticationManager
principal
- - the security domain principal attempting accesscredential
- the proof of identity offered by the principalactiveSubject
- - if not null, a Subject that will be populated with
the state of the authenticated Subject.
public Principal getPrincipal(Principal principal)
getPrincipal
in interface RealmMapping
principal
- the caller principal as known in the operation environment.
public boolean doesUserHaveRole(Principal principal, Set rolePrincipals)
doesUserHaveRole
in interface RealmMapping
principal
- - ignored. The current authenticated Subject determines
the active user and assigned user roles.rolePrincipals
- - a Set of Principals for the roles to check.
Group;
,
Subject.getPrincipals()
public boolean doesUserHaveRole(Principal principal, Principal role)
principal
- - ignored. The current authenticated Subject determines
the active user and assigned user roles.role
- - the application domain role that the principal is to be
validated against.
doesUserHaveRole(Principal, Set)
public Set getUserRoles(Principal principal)
getUserRoles
in interface RealmMapping
principal
- - ignored. The current authenticated Subject determines
the active user and assigned user roles.
protected boolean doesRoleGroupHaveRole(Principal role, Group userRoles)
role
- , the application domain role required for accessuserRoles
- , the set of roles assigned to the user
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |