|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.jboss.mx.util.JBossNotificationBroadcasterSupport
org.jboss.system.ServiceMBeanSupport
org.jboss.security.plugins.JaasSecurityManager
The JaasSecurityManager is responsible both for authenticating credentials associated with principals and for role mapping. This implementation relies on the JAAS LoginContext/LoginModules associated with the security domain name associated with the class for authentication, and the context JAAS Subject object for role mapping.
isValid(Principal, Object)
,
getPrincipal(Principal)
,
doesUserHaveRole(Principal, Set)
Nested Class Summary | |
static class |
JaasSecurityManager.DomainInfo
The authentication cache object. |
Field Summary | |
protected org.jboss.logging.Logger |
log
The log4j category for the security manager domain |
protected boolean |
trace
|
Fields inherited from class org.jboss.system.ServiceMBeanSupport |
server, SERVICE_CONTROLLER_SIG, serviceName |
Fields inherited from interface org.jboss.system.ServiceMBean |
CREATE_EVENT, CREATED, DESTROY_EVENT, DESTROYED, FAILED, REGISTERED, START_EVENT, STARTED, STARTING, states, STOP_EVENT, STOPPED, STOPPING, UNREGISTERED |
Constructor Summary | |
JaasSecurityManager()
Creates a default JaasSecurityManager for with a securityDomain name of 'other'. |
|
JaasSecurityManager(String securityDomain,
CallbackHandler handler)
Creates a JaasSecurityManager for with a securityDomain name of that given by the 'securityDomain' argument. |
Method Summary | |
protected boolean |
doesRoleGroupHaveRole(Principal role,
Group userRoles)
Check that the indicated application domain role is a member of the user's assigned roles. |
boolean |
doesUserHaveRole(Principal principal,
Principal role)
Validates operational environment Principal against the specified application domain role. |
boolean |
doesUserHaveRole(Principal principal,
Set rolePrincipals)
Does the current Subject have a role(a Principal) that equates to one of the role names. |
void |
flushCache()
Not really used anymore as the security manager service manages the security domain authentication caches. |
Subject |
getActiveSubject()
Get the currently authenticated Subject. |
Principal |
getPrincipal(Principal principal)
Map the argument principal from the deployment environment principal to the developer environment. |
String |
getSecurityDomain()
Get the name of the security domain associated with this security mgr. |
Set |
getUserRoles(Principal principal)
Return the set of domain roles the principal has been assigned. |
boolean |
isValid(Principal principal,
Object credential)
Validate that the given credential is correct for principal. |
boolean |
isValid(Principal principal,
Object credential,
Subject activeSubject)
Validate that the given credential is correct for principal. |
void |
setCachePolicy(org.jboss.util.CachePolicy domainCache)
The domainCache is typically a shared object that is populated by the login code(LoginModule, etc.) and read by this class in the isValid() method. |
Methods inherited from class org.jboss.system.ServiceMBeanSupport |
create, createService, destroy, destroyService, getLog, getName, getNextNotificationSequenceNumber, getObjectName, getServer, getServiceName, getState, getStateString, jbossInternalCreate, jbossInternalDescription, jbossInternalDestroy, jbossInternalLifecycle, jbossInternalStart, jbossInternalStop, postDeregister, postRegister, preDeregister, preRegister, start, startService, stop, stopService |
Methods inherited from class org.jboss.mx.util.JBossNotificationBroadcasterSupport |
addNotificationListener, getNotificationInfo, handleNotification, removeNotificationListener, removeNotificationListener, sendNotification |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
protected org.jboss.logging.Logger log
protected boolean trace
Constructor Detail |
public JaasSecurityManager()
public JaasSecurityManager(String securityDomain, CallbackHandler handler)
securityDomain
- the name of the security domainhandler
- the JAAS callback handler instance to use
UndeclaredThrowableException
- thrown if handler does not
implement a setSecurityInfo(Princpal, Object) methodMethod Detail |
public void setCachePolicy(org.jboss.util.CachePolicy domainCache)
isValid(Principal, Object)
public void flushCache()
public String getSecurityDomain()
getSecurityDomain
in interface org.jboss.security.AuthenticationManager
public Subject getActiveSubject()
getActiveSubject
in interface org.jboss.security.AuthenticationManager
public boolean isValid(Principal principal, Object credential)
isValid
in interface org.jboss.security.AuthenticationManager
principal
- - the security domain principal attempting accesscredential
- - the proof of identity offered by the principal
public boolean isValid(Principal principal, Object credential, Subject activeSubject)
isValid
in interface org.jboss.security.AuthenticationManager
principal
- - the security domain principal attempting accesscredential
- the proof of identity offered by the principalactiveSubject
- - if not null, a Subject that will be populated with
the state of the authenticated Subject.
public Principal getPrincipal(Principal principal)
getPrincipal
in interface org.jboss.security.RealmMapping
public boolean doesUserHaveRole(Principal principal, Set rolePrincipals)
doesUserHaveRole
in interface org.jboss.security.RealmMapping
principal
- - ignored. The current authenticated Subject determines
the active user and assigned user roles.rolePrincipals
- - a Set of Principals for the roles to check.java.security.acl.Group;
,
Subject.getPrincipals()
public boolean doesUserHaveRole(Principal principal, Principal role)
principal
- - the caller principal as known in the operation environment.role
- - the application domain role that the principal is to be validated against.
public Set getUserRoles(Principal principal)
getUserRoles
in interface org.jboss.security.RealmMapping
protected boolean doesRoleGroupHaveRole(Principal role, Group userRoles)
role
- , the application domain role required for accessuserRoles
- , the set of roles assigned to the user
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |