org.jboss.security.plugins
Class JaasSecurityManagerService

java.lang.Object
  extended by org.jboss.mx.util.JBossNotificationBroadcasterSupport
      extended by org.jboss.system.ServiceMBeanSupport
          extended by org.jboss.security.plugins.JaasSecurityManagerService
All Implemented Interfaces:
javax.management.MBeanRegistration, javax.management.NotificationBroadcaster, javax.management.NotificationEmitter, JaasSecurityManagerServiceMBean, SecurityManagerMBean, org.jboss.system.Service, org.jboss.system.ServiceMBean

public class JaasSecurityManagerService
extends org.jboss.system.ServiceMBeanSupport
implements JaasSecurityManagerServiceMBean

This is a JMX service which manages JAAS based SecurityManagers. JAAS SecurityManagers are responsible for validating credentials associated with principals. The service defaults to the org.jboss.security.plugins.JaasSecurityManager implementation but this can be changed via the securityManagerClass property.

Version:
$Revision: 1.27.2.17 $
Author:
Oleg Nitz, Rickard Oberg, Scott Stark
See Also:
JaasSecurityManager, SubjectSecurityManager

Nested Class Summary
static class JaasSecurityManagerService.DefaultCacheObjectFactory
          java:/timedCacheFactory ObjectFactory implementation
static class JaasSecurityManagerService.SecurityDomainObjectFactory
           
 
Field Summary
 
Fields inherited from class org.jboss.system.ServiceMBeanSupport
server, SERVICE_CONTROLLER_SIG, serviceName
 
Fields inherited from interface org.jboss.security.plugins.JaasSecurityManagerServiceMBean
OBJECT_NAME
 
Fields inherited from interface org.jboss.system.ServiceMBean
CREATE_EVENT, CREATED, DESTROY_EVENT, DESTROYED, FAILED, REGISTERED, START_EVENT, STARTED, STARTING, states, STOP_EVENT, STOPPED, STOPPING, UNREGISTERED
 
Constructor Summary
JaasSecurityManagerService()
          The constructor does nothing as the security manager is created on each lookup into java:/jaas/xxx.
 
Method Summary
 boolean doesUserHaveRole(String securityDomain, Principal principal, Object credential, Set roles)
          Validates the application domain roles to which the operational environment Principal belongs.
 void flushAuthenticationCache(String securityDomain)
          flush the cache policy for the indicated security domain if one exists.
 void flushAuthenticationCache(String securityDomain, Principal user)
          Flush a principal's authentication cache entry associated with the given securityDomain.
 String getAuthenticationCacheJndiName()
          Get the jndi name under which the authentication cache policy is found
 List getAuthenticationCachePrincipals(String securityDomain)
          Return the active principals in the indicated security domain auth cache.
 String getCallbackHandlerClassName()
          Get the default CallbackHandler implementation class name
 boolean getDeepCopySubjectMode()
          A flag indicating if the Deep Copy of Subject Sets should be enabled in the security managers
 int getDefaultCacheResolution()
          Get the default timed cache policy resolution.
 int getDefaultCacheTimeout()
          Get the default timed cache policy timeout.
 String getDefaultUnauthenticatedPrincipal()
          Get the default unauthenticated principal.
 Principal getPrincipal(String securityDomain, Principal principal)
          Map from the operational environment Principal to the application domain principal.
 String getSecurityManagerClassName()
          Get the name of the class that provides the security manager implementation.
 String getSecurityProxyFactoryClassName()
          Get the name of the class that provides the SecurityProxyFactory implementation.
 boolean getServerMode()
          A flag indicating if the SecurityAssociation.setServer should be called on service startup.
 Set getUserRoles(String securityDomain, Principal principal, Object credential)
          Return the set of domain roles the principal has been assigned.
 boolean isValid(String securityDomain, Principal principal, Object credential)
          The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity.
 void registerSecurityDomain(String securityDomain, SecurityDomain instance)
          Register a SecurityDomain implmentation.
 void setAuthenticationCacheJndiName(String jndiName)
          Set the jndi name under which the authentication cache policy is found
 void setCacheTimeout(String securityDomain, int timeoutInSecs, int resInSecs)
          Set the indicated security domain cache timeout.
 void setCallbackHandlerClassName(String className)
          Set the default CallbackHandler implementation class name
 void setDeepCopySubjectMode(boolean flag)
          A flag indicating if the Deep Copy of Subject Sets should be enabled in the security managers
 void setDefaultCacheResolution(int resInSecs)
          Set the default timed cache policy resolution.
 void setDefaultCacheTimeout(int timeoutInSecs)
          Set the default timed cache policy timeout.
 void setDefaultUnauthenticatedPrincipal(String principal)
          Set the default unauthenticated principal.
 void setSecurityManagerClassName(String className)
          Set the name of the class that provides the security manager implementation.
 void setSecurityProxyFactoryClassName(String className)
          Set the name of the class that provides the SecurityProxyFactory implementation.
 void setServerMode(boolean mode)
          The SecurityAssociation server mode flag.
protected  void startService()
           
protected  void stopService()
           
 
Methods inherited from class org.jboss.system.ServiceMBeanSupport
create, createService, destroy, destroyService, getDeploymentInfo, getLog, getName, getNextNotificationSequenceNumber, getObjectName, getServer, getServiceName, getState, getStateString, jbossInternalCreate, jbossInternalDescription, jbossInternalDestroy, jbossInternalLifecycle, jbossInternalStart, jbossInternalStop, postDeregister, postRegister, preDeregister, preRegister, start, stop
 
Methods inherited from class org.jboss.mx.util.JBossNotificationBroadcasterSupport
addNotificationListener, getNotificationInfo, handleNotification, nextNotificationSequenceNumber, removeNotificationListener, removeNotificationListener, sendNotification
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.jboss.system.ServiceMBean
getName, getState, getStateString, jbossInternalLifecycle
 
Methods inherited from interface org.jboss.system.Service
create, destroy, start, stop
 

Constructor Detail

JaasSecurityManagerService

public JaasSecurityManagerService()
The constructor does nothing as the security manager is created on each lookup into java:/jaas/xxx. This is also why all variables in this class are static.

Method Detail

getServerMode

public boolean getServerMode()
Description copied from interface: JaasSecurityManagerServiceMBean
A flag indicating if the SecurityAssociation.setServer should be called on service startup.

Specified by:
getServerMode in interface JaasSecurityManagerServiceMBean
Returns:
the SecurityAssociation.setServer flag.

setServerMode

public void setServerMode(boolean mode)
Description copied from interface: JaasSecurityManagerServiceMBean
The SecurityAssociation server mode flag.

Specified by:
setServerMode in interface JaasSecurityManagerServiceMBean
Parameters:
mode - - A flag indicating if the SecurityAssociation.setServer should be called on service startup.

getSecurityManagerClassName

public String getSecurityManagerClassName()
Description copied from interface: JaasSecurityManagerServiceMBean
Get the name of the class that provides the security manager implementation.

Specified by:
getSecurityManagerClassName in interface JaasSecurityManagerServiceMBean

setSecurityManagerClassName

public void setSecurityManagerClassName(String className)
                                 throws ClassNotFoundException,
                                        ClassCastException
Description copied from interface: JaasSecurityManagerServiceMBean
Set the name of the class that provides the security manager implementation.

Specified by:
setSecurityManagerClassName in interface JaasSecurityManagerServiceMBean
Throws:
ClassNotFoundException - thrown if the className cannot be found using the thread context class loader.
ClassCastException - thrown if the className does not implement the org.jboss.security.AuthenticationManager interface.

getSecurityProxyFactoryClassName

public String getSecurityProxyFactoryClassName()
Description copied from interface: JaasSecurityManagerServiceMBean
Get the name of the class that provides the SecurityProxyFactory implementation.

Specified by:
getSecurityProxyFactoryClassName in interface JaasSecurityManagerServiceMBean

setSecurityProxyFactoryClassName

public void setSecurityProxyFactoryClassName(String className)
                                      throws ClassNotFoundException
Description copied from interface: JaasSecurityManagerServiceMBean
Set the name of the class that provides the SecurityProxyFactory implementation.

Specified by:
setSecurityProxyFactoryClassName in interface JaasSecurityManagerServiceMBean
Throws:
ClassNotFoundException

getCallbackHandlerClassName

public String getCallbackHandlerClassName()
Get the default CallbackHandler implementation class name

Specified by:
getCallbackHandlerClassName in interface JaasSecurityManagerServiceMBean
Returns:
The fully qualified classname of the

setCallbackHandlerClassName

public void setCallbackHandlerClassName(String className)
                                 throws ClassNotFoundException
Set the default CallbackHandler implementation class name

Specified by:
setCallbackHandlerClassName in interface JaasSecurityManagerServiceMBean
Throws:
ClassNotFoundException
See Also:
CallbackHandler

getAuthenticationCacheJndiName

public String getAuthenticationCacheJndiName()
Get the jndi name under which the authentication cache policy is found

Specified by:
getAuthenticationCacheJndiName in interface JaasSecurityManagerServiceMBean

setAuthenticationCacheJndiName

public void setAuthenticationCacheJndiName(String jndiName)
Set the jndi name under which the authentication cache policy is found

Specified by:
setAuthenticationCacheJndiName in interface JaasSecurityManagerServiceMBean
Parameters:
jndiName - the name to the ObjectFactory or CachePolicy binding.

getDefaultCacheTimeout

public int getDefaultCacheTimeout()
Get the default timed cache policy timeout.

Specified by:
getDefaultCacheTimeout in interface JaasSecurityManagerServiceMBean
Returns:
the default cache timeout in seconds.

setDefaultCacheTimeout

public void setDefaultCacheTimeout(int timeoutInSecs)
Set the default timed cache policy timeout. This has no affect if the AuthenticationCacheJndiName has been changed from the default value.

Specified by:
setDefaultCacheTimeout in interface JaasSecurityManagerServiceMBean
Parameters:
timeoutInSecs - - the cache timeout in seconds.

getDefaultCacheResolution

public int getDefaultCacheResolution()
Get the default timed cache policy resolution.

Specified by:
getDefaultCacheResolution in interface JaasSecurityManagerServiceMBean

setDefaultCacheResolution

public void setDefaultCacheResolution(int resInSecs)
Set the default timed cache policy resolution. This has no affect if the AuthenticationCacheJndiName has been changed from the default value.

Specified by:
setDefaultCacheResolution in interface JaasSecurityManagerServiceMBean
Parameters:
resInSecs - - resolution of timeouts in seconds.

getDeepCopySubjectMode

public boolean getDeepCopySubjectMode()
Description copied from interface: JaasSecurityManagerServiceMBean
A flag indicating if the Deep Copy of Subject Sets should be enabled in the security managers

Specified by:
getDeepCopySubjectMode in interface JaasSecurityManagerServiceMBean
See Also:
JaasSecurityManagerServiceMBean.getDeepCopySubjectMode()

setDeepCopySubjectMode

public void setDeepCopySubjectMode(boolean flag)
Description copied from interface: JaasSecurityManagerServiceMBean
A flag indicating if the Deep Copy of Subject Sets should be enabled in the security managers

Specified by:
setDeepCopySubjectMode in interface JaasSecurityManagerServiceMBean
See Also:
JaasSecurityManagerServiceMBean.getDeepCopySubjectMode()

setCacheTimeout

public void setCacheTimeout(String securityDomain,
                            int timeoutInSecs,
                            int resInSecs)
Set the indicated security domain cache timeout. This only has an effect if the security domain is using the default jboss TimedCachePolicy implementation.

Specified by:
setCacheTimeout in interface JaasSecurityManagerServiceMBean
Parameters:
securityDomain - the name of the security domain cache
timeoutInSecs - - the cache timeout in seconds.
resInSecs - - resolution of timeouts in seconds.

flushAuthenticationCache

public void flushAuthenticationCache(String securityDomain)
flush the cache policy for the indicated security domain if one exists.

Specified by:
flushAuthenticationCache in interface JaasSecurityManagerServiceMBean
Parameters:
securityDomain - the name of the security domain cache

flushAuthenticationCache

public void flushAuthenticationCache(String securityDomain,
                                     Principal user)
Flush a principal's authentication cache entry associated with the given securityDomain.

Specified by:
flushAuthenticationCache in interface JaasSecurityManagerServiceMBean
Parameters:
securityDomain - the name of the security domain cache
user - the principal of the user to flush

getAuthenticationCachePrincipals

public List getAuthenticationCachePrincipals(String securityDomain)
Return the active principals in the indicated security domain auth cache.

Specified by:
getAuthenticationCachePrincipals in interface JaasSecurityManagerServiceMBean
Parameters:
securityDomain - the name of the security to lookup the cache for
Returns:
List of active keys found in the auth cache if the cache exists and is accessible, null otherwise.

isValid

public boolean isValid(String securityDomain,
                       Principal principal,
                       Object credential)
Description copied from interface: SecurityManagerMBean
The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity.

Specified by:
isValid in interface SecurityManagerMBean
Parameters:
securityDomain - - the name of the security to use
principal - - the user identity in the operation environment
credential - - the proof of user identity as known in the operation environment
Returns:
true if the principal, credential pair is valid, false otherwise.

getPrincipal

public Principal getPrincipal(String securityDomain,
                              Principal principal)
Description copied from interface: SecurityManagerMBean
Map from the operational environment Principal to the application domain principal. This is used by the EJBContext.getCallerPrincipal implentation to map from the authenticated principal to a principal in the application domain.

Specified by:
getPrincipal in interface SecurityManagerMBean
principal - - the caller principal as known in the operation environment.
Returns:
the principal

doesUserHaveRole

public boolean doesUserHaveRole(String securityDomain,
                                Principal principal,
                                Object credential,
                                Set roles)
Description copied from interface: SecurityManagerMBean
Validates the application domain roles to which the operational environment Principal belongs. This may first authenticate the principal as some security manager impls require a preceeding isValid call.

Specified by:
doesUserHaveRole in interface SecurityManagerMBean
Parameters:
securityDomain - - the name of the security to use
principal - - the user identity in the operation environment
credential - - the proof of user identity as known in the
roles - - Set for the application domain roles that the principal is to be validated against.
Returns:
true if the principal has at least one of the roles in the roles set, false otherwise.

getUserRoles

public Set getUserRoles(String securityDomain,
                        Principal principal,
                        Object credential)
Description copied from interface: SecurityManagerMBean
Return the set of domain roles the principal has been assigned. This may first authenticate the principal as some security manager impls require a preceeding isValid call.

Specified by:
getUserRoles in interface SecurityManagerMBean
Parameters:
securityDomain - - the name of the security to use
principal - - the user identity in the operation environment
credential - - the proof of user identity as known in the
Returns:
The Set for the application domain roles that the principal has been assigned.

startService

protected void startService()
                     throws Exception
Overrides:
startService in class org.jboss.system.ServiceMBeanSupport
Throws:
Exception

stopService

protected void stopService()
                    throws Exception
Overrides:
stopService in class org.jboss.system.ServiceMBeanSupport
Throws:
Exception

registerSecurityDomain

public void registerSecurityDomain(String securityDomain,
                                   SecurityDomain instance)
Register a SecurityDomain implmentation. This is synchronized to ensure that the binding of the security domain and cache population is atomic.

Specified by:
registerSecurityDomain in interface JaasSecurityManagerServiceMBean
Parameters:
securityDomain - the name of the security domain
instance - the SecurityDomain instance to bind

getDefaultUnauthenticatedPrincipal

public String getDefaultUnauthenticatedPrincipal()
Get the default unauthenticated principal.

Specified by:
getDefaultUnauthenticatedPrincipal in interface JaasSecurityManagerServiceMBean
Returns:
The principal name

setDefaultUnauthenticatedPrincipal

public void setDefaultUnauthenticatedPrincipal(String principal)
Set the default unauthenticated principal.

Specified by:
setDefaultUnauthenticatedPrincipal in interface JaasSecurityManagerServiceMBean
Parameters:
principal - The principal name


Copyright © 2002 JBoss Group, LLC. All Rights Reserved.