public class JaasSecurityManagerBase extends Object implements SubjectSecurityManager, RealmMapping
isValid(Principal, Object, Subject)
,
getPrincipal(Principal)
,
doesUserHaveRole(Principal, Set)
Constructor and Description |
---|
JaasSecurityManagerBase()
Creates a default JaasSecurityManager for with a securityDomain
name of 'other'.
|
JaasSecurityManagerBase(String securityDomain,
CallbackHandler handler)
Creates a JaasSecurityManager for with a securityDomain
name of that given by the 'securityDomain' argument.
|
Modifier and Type | Method and Description |
---|---|
boolean |
doesUserHaveRole(Principal principal,
Set<Principal> rolePrincipals)
Does the current Subject have a role(a Principal) that equates to one
of the role names.
|
Subject |
getActiveSubject()
Get the currently authenticated Subject.
|
Principal |
getPrincipal(Principal principal)
Map the argument principal from the deployment environment principal
to the developer environment.
|
String |
getSecurityDomain()
Get the name of the security domain associated with this security mgr.
|
Principal |
getTargetPrincipal(Principal anotherDomainPrincipal,
Map<String,Object> contextMap)
Trust related usecases may require translation of a principal from another domain
to the current domain
An implementation of this interface may need to do a backdoor contact of the external
trust provider in deriving the target principal
|
Set<Principal> |
getUserRoles(Principal principal)
Return the set of domain roles the current active Subject 'Roles' group
found in the subject Principals set.
|
boolean |
isValid(Principal principal,
Object credential)
Validate that the given credential is correct for principal.
|
boolean |
isValid(Principal principal,
Object credential,
Subject activeSubject)
Validate that the given credential is correct for principal.
|
void |
logout(Principal principal,
Subject subject)
Performs the JAAS logout.
|
void |
setAuthorizationManager(AuthorizationManager authorizationManager)
Set an AuthorizationManager
|
void |
setDeepCopySubjectOption(Boolean flag)
Flag to specify if deep copy of subject sets needs to be
enabled
|
public JaasSecurityManagerBase()
public JaasSecurityManagerBase(String securityDomain, CallbackHandler handler)
securityDomain
- the name of the security domainhandler
- the JAAS callback handler instance to useUndeclaredThrowableException
- thrown if handler does not
implement a setSecurityInfo(Princpal, Object) methodpublic void setDeepCopySubjectOption(Boolean flag)
flag
- public void setAuthorizationManager(AuthorizationManager authorizationManager)
authorizationManager
- public String getSecurityDomain()
getSecurityDomain
in interface BaseSecurityManager
public Subject getActiveSubject()
getActiveSubject
in interface AuthenticationManager
PolicyContextHandler.getContext(String, Object)
public boolean isValid(Principal principal, Object credential)
isValid
in interface AuthenticationManager
principal
- - the security domain principal attempting accesscredential
- - the proof of identity offered by the principalAuthenticationManager.isValid(Principal, Object, Subject)
public boolean isValid(Principal principal, Object credential, Subject activeSubject)
isValid
in interface AuthenticationManager
principal
- - the security domain principal attempting accesscredential
- the proof of identity offered by the principalactiveSubject
- - if not null, a Subject that will be populated with
the state of the authenticated Subject.public Principal getPrincipal(Principal principal)
getPrincipal
in interface RealmMapping
principal
- the caller principal as known in the operation environment.public boolean doesUserHaveRole(Principal principal, Set<Principal> rolePrincipals)
doesUserHaveRole
in interface RealmMapping
principal
- - ignored. The current authenticated Subject determines
the active user and assigned user roles.rolePrincipals
- - a Set of Principals for the roles to check.Group;
,
Subject.getPrincipals()
public Set<Principal> getUserRoles(Principal principal)
getUserRoles
in interface RealmMapping
principal
- - ignored. The current authenticated Subject determines
the active user and assigned user roles.public Principal getTargetPrincipal(Principal anotherDomainPrincipal, Map<String,Object> contextMap)
AuthenticationManager
getTargetPrincipal
in interface AuthenticationManager
anotherDomainPrincipal
- Principal that is applicable in the other domain
(Can be null - in which case the contextMap is used
solely to derive the target principal)contextMap
- Any context information (including information on the other domain
that may be relevant in deriving the target principal). Any SAML
assertions that may be relevant can be passed here.AuthenticationManager.getTargetPrincipal(Principal,Map)
public void logout(Principal principal, Subject subject)
Subject
is used to create the LoginContext
and passed to the JAAS login modules so that proper cleanup can be performed by each module.logout
in interface AuthenticationManager
principal
- the Principal
being logged out.subject
- the Subject
associated with the principal being logged out.Copyright © 2017 JBoss by Red Hat. All rights reserved.