org.jboss.security.auth.container.modules

Class AbstractServerAuthModule

java.lang.Object

org.jboss.security.auth.container.modules.AbstractServerAuthModule

All Implemented Interfaces:

ServerAuthModule, ServerAuth

Direct Known Subclasses:

AllFailureServerAuthModule, AllSuccessServerAuthModule, DelegatingServerAuthModule, SimpleServerAuthModule

public abstract class AbstractServerAuthModule
extends Object
implements ServerAuthModule

Superclass of all ServerAuthModules Can be a container for common functionality and custom methods

The ServerAuthModule can delegate to a login module passed via the module option "login-module-delegate"

Since:

Jan 9, 2006

Version:

$Revision$

Author:

Anil Saldhana

Field Summary

Fields

Modifier and Type	Field and Description
protected CallbackHandler	callbackHandler Call back handler
protected Map	options
protected MessagePolicy	requestPolicy
protected MessagePolicy	responsePolicy
protected ArrayList<Class>	supportedTypes

Constructor Summary

Constructors

Constructor and Description
AbstractServerAuthModule()

Method Summary

Methods

Modifier and Type	Method and Description
void	cleanSubject(MessageInfo messageInfo, Subject subject) Remove implementation specific principals and credentials from the subject.
CallbackHandler	getCallbackHandler()
Class[]	getSupportedMessageTypes() Get the one or more Class objects representing the message types supported by the module.
void	initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, Map options) Initialize this module with request and response message policies to enforce, a CallbackHandler, and any module-specific configuration properties.
void	setCallbackHandler(CallbackHandler callbackHandler)
protected abstract boolean	validate(Subject clientSubject, MessageInfo messageInfo) Subclasses have to implement this method to actually validate the subject
AuthStatus	validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) This method delegates to a login module if configured in the module options.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.security.auth.message.ServerAuth

secureResponse

Field Detail

callbackHandler

protected CallbackHandler callbackHandler

Call back handler

requestPolicy

protected MessagePolicy requestPolicy

responsePolicy

protected MessagePolicy responsePolicy

options

protected Map options

supportedTypes

protected ArrayList<Class> supportedTypes

Constructor Detail

AbstractServerAuthModule

public AbstractServerAuthModule()

Method Detail

initialize

public void initialize(MessagePolicy requestPolicy,
              MessagePolicy responsePolicy,
              CallbackHandler handler,
              Map options)
                throws AuthException

Description copied from interface: ServerAuthModule

Initialize this module with request and response message policies to enforce, a CallbackHandler, and any module-specific configuration properties.

The request policy and the response policy must not both be null.

Specified by:

initialize in interface ServerAuthModule

Parameters:

requestPolicy - the request policy this module must enforce, or null.

responsePolicy - the response policy this module must enforce, or null.

handler - CallbackHandler used to request information.

options - a Map of module-specific configuration properties.

Throws:

AuthException - - if module initialization fails, including for the case where the options argument contains elements that are not supported by the module.

See Also:

ServerAuthModule.initialize(javax.security.auth.message.MessagePolicy, javax.security.auth.message.MessagePolicy, javax.security.auth.callback.CallbackHandler, java.util.Map)

cleanSubject

public void cleanSubject(MessageInfo messageInfo,
                Subject subject)
                  throws AuthException

Description copied from interface: ServerAuth

Remove implementation specific principals and credentials from the subject.

Specified by:

cleanSubject in interface ServerAuth

Parameters:

messageInfo - - A contextual object that encapsulates the client request and server response objects, and that may be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing a secure message exchange.

subject - - The Subject instance from which the Principals and credentials are to be removed.

Throws:

AuthException - if an error occurs during the Subject processing.

validateRequest

public AuthStatus validateRequest(MessageInfo messageInfo,
                         Subject clientSubject,
                         Subject serviceSubject)
                           throws AuthException

This method delegates to a login module if configured in the module options. The sub classes will need to validate the request

Specified by:

validateRequest in interface ServerAuth

Parameters:

messageInfo - - A contextual object that encapsulates the client request and server response objects, and that may be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing a secure message exchange.

clientSubject - - A Subject that represents the recipient of the service response, or null. It may be used by the method implementation as the source of Principals or credentials to be used to validate the response. If the Subject is not null, the method implementation may add additional Principals or credentials (pertaining to the recipient of the service request) to the Subject.

serviceSubject - - A Subject that represents the source of the service response, or null. If the Subject is not null, the method implementation may add additional Principals or credentials (pertaining to the source of the service response) to the Subject.

Returns:

an AuthStatus object representing the completion status of the processing performed by the module.

• AuthStatus.PROCEED returned when the validation of the application response message succeded. The runtime may proceed to return the response message in the AuthParam to the application.
• AuthStatus.RETRY returned when the message validation succeded, but when the validated message is a mechanism specific message sent in advance of the application message. The runtime must not proceed to process the response message in the AuthParam. The runtime should throw an exception if it is unable to process the retry. Otherwise, it should send the request message returned in AuthParam (and without calling secureRequest).
• AuthStatus.ERROR returned when the validation failed and indicates that the module has defined an appropriate error request message in the AuthParam. The runtime must not proceed to process the response message in the AuthParam, and may send the request message returned in AuthParam (and without calling secureRequest).

Throws:

AuthException

getSupportedMessageTypes

public Class[] getSupportedMessageTypes()

Description copied from interface: ServerAuthModule

Get the one or more Class objects representing the message types supported by the module.

Specified by:

getSupportedMessageTypes in interface ServerAuthModule

Returns:

an array of Class objects where each element defines a message type supported by the module. A module should return an array containing at least one element. An empty array indicates that the module will attempt to support any message type. This method never returns null.

See Also:

ServerAuthModule.getSupportedMessageTypes()

getCallbackHandler

public CallbackHandler getCallbackHandler()

setCallbackHandler

public void setCallbackHandler(CallbackHandler callbackHandler)

validate

protected abstract boolean validate(Subject clientSubject,
               MessageInfo messageInfo)
                             throws AuthException

Subclasses have to implement this method to actually validate the subject

Returns:

Throws:

AuthException