public final class SecurityDomain extends Object
Modifier and Type | Class and Description |
---|---|
static class |
SecurityDomain.Builder
A builder for creating new security domains.
|
static class |
SecurityDomain.RealmBuilder
A builder for a realm within a security domain.
|
Modifier and Type | Method and Description |
---|---|
SecurityIdentity |
authenticate(Evidence evidence)
Perform an authentication based on
Evidence alone. |
SecurityIdentity |
authenticate(Principal principal,
Evidence evidence)
|
SecurityIdentity |
authenticate(String name,
Evidence evidence)
Perform an authentication based on
Evidence for the specified identity name. |
static SecurityDomain.Builder |
builder()
Create a new security domain builder.
|
SecurityIdentity |
createAdHocIdentity(Principal principal)
Create an empty ad-hoc identity.
|
SecurityIdentity |
createAdHocIdentity(String name)
Create an empty ad-hoc identity.
|
ServerAuthenticationContext |
createNewAuthenticationContext()
Create a new authentication context for this security domain which can be used to carry out a single authentication
operation.
|
ServerAuthenticationContext |
createNewAuthenticationContext(MechanismConfigurationSelector mechanismConfigurationSelector)
Create a new authentication context for this security domain which can be used to carry out a single authentication
operation.
|
static SecurityDomain |
forIdentity(SecurityIdentity identity)
Get the security domain associated with the given identity.
|
SecurityIdentity |
getAnonymousSecurityIdentity()
Get the anonymous security identity for this realm.
|
SupportLevel |
getCredentialAcquireSupport(Class<? extends Credential> credentialType)
Determine whether a credential of the given type and algorithm is definitely obtainable, possibly obtainable (for
some identities), or definitely not obtainable.
|
SupportLevel |
getCredentialAcquireSupport(Class<? extends Credential> credentialType,
String algorithmName)
Determine whether a credential of the given type and algorithm is definitely obtainable, possibly obtainable (for
some identities), or definitely not obtainable.
|
SupportLevel |
getCredentialAcquireSupport(Class<? extends Credential> credentialType,
String algorithmName,
AlgorithmParameterSpec parameterSpec)
Determine whether a credential of the given type and algorithm is definitely obtainable, possibly obtainable (for
some identities), or definitely not obtainable.
|
static SecurityDomain |
getCurrent()
Get the
SecurityDomain associated with the context class loader of the calling Thread or null if one is
not associated. |
SecurityIdentity |
getCurrentSecurityIdentity()
Get the current security identity for this domain.
|
SupportLevel |
getEvidenceVerifySupport(Class<? extends Evidence> evidenceType)
Determine whether a given type of evidence is definitely verifiable, possibly verifiable (for some identities),
or definitely not verifiable.
|
SupportLevel |
getEvidenceVerifySupport(Class<? extends Evidence> evidenceType,
String algorithmName)
Determine whether a given type of evidence is definitely verifiable, possibly verifiable (for some identities),
or definitely not verifiable.
|
RealmIdentity |
getIdentity(Principal principal)
Look up a
RealmIdentity by principal. |
RealmIdentity |
getIdentity(String name)
Look up a
RealmIdentity by name by wrapping the name in a NamePrincipal and calling getIdentity(Principal) . |
ModifiableRealmIdentity |
getIdentityForUpdate(Principal principal)
Look up a
ModifiableRealmIdentity by principal. |
org.wildfly.common.function.ExceptionFunction<Principal,ModifiableRealmIdentity,RealmUnavailableException> |
getIdentityLookupForUpdateFunction()
Get a function which can be used to look up principals for update without a security manager permission check.
|
org.wildfly.common.function.ExceptionFunction<Principal,RealmIdentity,RealmUnavailableException> |
getIdentityLookupFunction()
Get a function which can be used to look up principals without a security manager permission check.
|
static ScheduledExecutorService |
getScheduledExecutorService() |
void |
registerWithClassLoader(ClassLoader classLoader)
Register this
SecurityDomain with the specified ClassLoader . |
static void |
unregisterClassLoader(ClassLoader classLoader)
Unregister any
SecurityDomain associated with the specified ClassLoader . |
public void registerWithClassLoader(ClassLoader classLoader)
SecurityDomain
with the specified ClassLoader
.classLoader
- the non null
ClassLoader
to associate this SecurityDomain
with.IllegalStateException
- If a SecurityDomain
is already associated with the specified ClassLoader
.public static SecurityDomain getCurrent()
SecurityDomain
associated with the context class loader of the calling Thread or null
if one is
not associated.SecurityDomain
associated with the context class loader of the calling Thread or null
if one
is not associated.public static SecurityDomain forIdentity(SecurityIdentity identity)
identity
- the security identity (must not be null
)null
)public static void unregisterClassLoader(ClassLoader classLoader)
SecurityDomain
associated with the specified ClassLoader
.classLoader
- the non null
ClassLoader
to clear any SecurityDomain
association.public static SecurityDomain.Builder builder()
public ServerAuthenticationContext createNewAuthenticationContext()
public ServerAuthenticationContext createNewAuthenticationContext(MechanismConfigurationSelector mechanismConfigurationSelector)
mechanismConfigurationSelector
- the selector to use to obtain the mechanism configurationpublic SecurityIdentity authenticate(Evidence evidence) throws RealmUnavailableException, SecurityException
Evidence
alone.
Note: It is the caller's responsibility to destroy any evidence passed into this method.evidence
- the Evidence
to use for authentication.RealmUnavailableException
- if the requires SecurityRealm
is not available.SecurityException
- if authentication fails.public SecurityIdentity authenticate(String name, Evidence evidence) throws RealmUnavailableException, SecurityException
Evidence
for the specified identity name.
Note: It is the caller's responsibility to destroy any evidence passed into this method.name
- the name of the identity to authenticate or null
if the identity is to be derived from the evidence.evidence
- the Evidence
to use for authentication.RealmUnavailableException
- if the requires SecurityRealm
is not available.SecurityException
- if authentication fails.public SecurityIdentity authenticate(Principal principal, Evidence evidence) throws RealmUnavailableException, SecurityException
Evidence
for the specified identity Principal
.
Note: It is the caller's responsibility to destroy any evidence passed into this method.principal
- the principal of the identity to authenticate or null
if the identity is to be derived from the evidence.evidence
- the Evidence
to use for authentication.RealmUnavailableException
- if the requires SecurityRealm
is not available.SecurityException
- if authentication fails.public RealmIdentity getIdentity(String name) throws RealmUnavailableException
RealmIdentity
by name by wrapping the name in a NamePrincipal
and calling getIdentity(Principal)
.
The returned identity must be disposed.name
- the name to map (must not be null
)null
, may be non-existent)RealmUnavailableException
- if the realm is not able to perform the mappingIllegalArgumentException
- if the name is not validSecurityException
- if the caller is not authorized to perform the operationpublic RealmIdentity getIdentity(Principal principal) throws RealmUnavailableException, IllegalArgumentException
RealmIdentity
by principal.
The returned identity must be disposed.principal
- the principal to map (must not be null
)null
, may be non-existent)IllegalArgumentException
- if the principal could not be successfully decoded to a nameRealmUnavailableException
- if the realm is not able to perform the mappingSecurityException
- if the caller is not authorized to perform the operationpublic ModifiableRealmIdentity getIdentityForUpdate(Principal principal) throws RealmUnavailableException, IllegalArgumentException
ModifiableRealmIdentity
by principal.
The returned identity must be disposed.principal
- the principal to map (must not be null
)null
, may be non-existent)IllegalArgumentException
- if the principal could not be successfully decoded to a nameRealmUnavailableException
- if the realm is not able to perform the mappingSecurityException
- if the caller is not authorized to perform the operationpublic org.wildfly.common.function.ExceptionFunction<Principal,RealmIdentity,RealmUnavailableException> getIdentityLookupFunction()
null
)SecurityException
- if the caller is not authorized to perform the operationpublic org.wildfly.common.function.ExceptionFunction<Principal,ModifiableRealmIdentity,RealmUnavailableException> getIdentityLookupForUpdateFunction()
null
)SecurityException
- if the caller is not authorized to perform the operationpublic SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)
credentialType
- the exact credential type (must not be null
)algorithmName
- the algorithm name, or null
if any algorithm is acceptable or the credential type does
not support algorithm namesparameterSpec
- the algorithm parameters to match, or null
if any parameters are acceptable or the credential type
does not support algorithm parameterspublic SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName)
credentialType
- the exact credential type (must not be null
)algorithmName
- the algorithm name, or null
if any algorithm is acceptable or the credential type does
not support algorithm namespublic SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType)
credentialType
- the exact credential type (must not be null
)public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)
evidenceType
- the type of evidence to be verified (must not be null
)algorithmName
- the algorithm name, or null
if any algorithm is acceptable or the evidence type does
not support algorithm namespublic SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType)
evidenceType
- the type of evidence to be verified (must not be null
)public SecurityIdentity getCurrentSecurityIdentity()
null
)public SecurityIdentity getAnonymousSecurityIdentity()
null
)public SecurityIdentity createAdHocIdentity(String name)
name
- the identity name (must not be null
)public SecurityIdentity createAdHocIdentity(Principal principal)
principal
- the identity principal (must not be null
)public static ScheduledExecutorService getScheduledExecutorService()
Copyright © 2017 JBoss by Red Hat. All rights reserved.