public class DefaultAuthenticationPolicy extends java.lang.Object implements AuthenticationPolicy
| Constructor and Description |
|---|
DefaultAuthenticationPolicy() |
| Modifier and Type | Method and Description |
|---|---|
protected org.apache.shiro.subject.PrincipalCollection |
createAssumedIdentity(ConnectionReference conn)
Returns a Shiro
PrincipalCollection representing the identity to assume (without true authentication) for
the specified Connection. |
protected boolean |
credentialsAvailable(ConnectionReference conn)
Returns
true if the client connection has supplied credentials to authenticate itself, false
otherwise. |
void |
customizeSubject(org.apache.shiro.subject.Subject.Builder subjectBuilder,
ConnectionReference conn)
Allows customization of the
Subject being built for the specified client
connection. |
java.lang.String |
getAnonymousAccountRealmName() |
java.lang.String |
getAnonymousAccountUsername() |
java.lang.String |
getSystemAccountRealmName() |
java.lang.String |
getSystemAccountUsername() |
boolean |
isAnonymousAccessAllowed() |
protected boolean |
isAnonymousAccount(org.apache.shiro.subject.Subject subject) |
protected boolean |
isAssumeIdentity(ConnectionReference conn)
Returns
true if an unauthenticated connection should still assume a specific identity, false
otherwise. |
boolean |
isAuthenticationRequired(SubjectConnectionReference conn)
Returns
true if the connection's Subject instance should be authenticated, false otherwise. |
protected boolean |
isSystemAccount(org.apache.shiro.subject.Subject subject) |
protected boolean |
isSystemConnection(ConnectionReference conn) |
boolean |
isVmConnectionAuthenticationRequired() |
protected boolean |
matches(org.apache.shiro.subject.PrincipalCollection principals,
java.lang.String username,
java.lang.String realmName) |
void |
setAnonymousAccessAllowed(boolean anonymousAccessAllowed) |
void |
setAnonymousAccountRealmName(java.lang.String anonymousAccountRealmName) |
void |
setAnonymousAccountUsername(java.lang.String anonymousAccountUsername) |
void |
setSystemAccountRealmName(java.lang.String systemAccountRealmName) |
void |
setSystemAccountUsername(java.lang.String systemAccountUsername) |
void |
setVmConnectionAuthenticationRequired(boolean vmConnectionAuthenticationRequired) |
public boolean isVmConnectionAuthenticationRequired()
public void setVmConnectionAuthenticationRequired(boolean vmConnectionAuthenticationRequired)
public java.lang.String getSystemAccountUsername()
public void setSystemAccountUsername(java.lang.String systemAccountUsername)
public java.lang.String getSystemAccountRealmName()
public void setSystemAccountRealmName(java.lang.String systemAccountRealmName)
public boolean isAnonymousAccessAllowed()
public void setAnonymousAccessAllowed(boolean anonymousAccessAllowed)
public java.lang.String getAnonymousAccountUsername()
public void setAnonymousAccountUsername(java.lang.String anonymousAccountUsername)
public java.lang.String getAnonymousAccountRealmName()
public void setAnonymousAccountRealmName(java.lang.String anonymousAccountRealmName)
protected boolean credentialsAvailable(ConnectionReference conn)
true if the client connection has supplied credentials to authenticate itself, false
otherwise.conn - the client's connection contexttrue if the client connection has supplied credentials to authenticate itself, false
otherwise.public boolean isAuthenticationRequired(SubjectConnectionReference conn)
AuthenticationPolicytrue if the connection's Subject instance should be authenticated, false otherwise.isAuthenticationRequired in interface AuthenticationPolicyconn - the subject's connectiontrue if the connection's Subject instance should be authenticated, false otherwise.protected boolean isAnonymousAccount(org.apache.shiro.subject.Subject subject)
protected boolean isSystemAccount(org.apache.shiro.subject.Subject subject)
protected boolean matches(org.apache.shiro.subject.PrincipalCollection principals,
java.lang.String username,
java.lang.String realmName)
protected boolean isSystemConnection(ConnectionReference conn)
public void customizeSubject(org.apache.shiro.subject.Subject.Builder subjectBuilder,
ConnectionReference conn)
AuthenticationPolicySubject being built for the specified client
connection. This allows for any pre-existing connection-specific identity or state to be applied to the
Subject.Builder before the Subject instance is actually created.
NOTE: This method is called by the SubjectFilter before the filter chain
is executed (and before an authentication attempt occurs). Implementations MUST NOT
attempt to actually build the subject or perform
an authentication attempt in this method.customizeSubject in interface AuthenticationPolicysubjectBuilder - the builder for the Subject that will be created representing the associated client connectionconn - a reference to the client's connection metadataSubjectFilterprotected boolean isAssumeIdentity(ConnectionReference conn)
true if an unauthenticated connection should still assume a specific identity, false
otherwise. This method will only be called if there are no connection
credentialsAvailable.
If a client supplies connection credentials, they will always be used to authenticate the client with that
identity.
If true is returned, the assumed identity will be returned by
createAssumedIdentity.
true in most other scenarios.conn - a reference to the client's connectiontrue if an unauthenticated connection should still assume a specific identity, false
otherwise.protected org.apache.shiro.subject.PrincipalCollection createAssumedIdentity(ConnectionReference conn)
PrincipalCollection representing the identity to assume (without true authentication) for
the specified Connection.
This method is only called if isAssumeIdentity(ConnectionReference) is true.conn - a reference to the client's connectionPrincipalCollection representing the identity to assume (without true authentication) for
the specified Connection.Copyright © 2005-2014 Red Hat, Inc.. All Rights Reserved.