public abstract class SecurityContext extends Object implements WorkContext
WorkContext
that allows a Work
instance to propagate security related context information from an EIS
to an application server.
This allows an EIS/resource adapter to flow-in security context information and execute a Work instance, and call methods on a MessageEndpoint interface, to effect message inflow, within that Work instance, in the context of an established identity.
A resource adapter indicates to the WorkManager, that a Work instance needs to be run in a specified security execution context by submitting a Work instance that implements WorkContextProvider interface and ensuring that the List of WorkContexts for that Work instance contains an instance of its subclass of SecurityContext.
It should be noted however that when a resource adapter flows-in an identity to be used by the application server, the propagated identity may or may not belong to the application server's security domain.
There are therefore, two scenarios while a resource adapter propagates a security identity from an EIS to the application server:
WorkContextProvider
,
Serialized FormConstructor and Description |
---|
SecurityContext() |
Modifier and Type | Method and Description |
---|---|
String |
getDescription()
Get the brief description of the role played by the
WorkContext and any other related debugging information. |
String |
getName()
Get the associated name of the
WorkContext . |
abstract void |
setupSecurityContext(CallbackHandler handler,
Subject executionSubject,
Subject serviceSubject)
The container calls this method to set up the security Context for the
Work instance. |
public String getDescription()
WorkContext
and any other related debugging information.
This could be used by the WorkManager and the resource adapter for
debugging purposes.
getDescription
in interface WorkContext
WorkContext
public String getName()
WorkContext
. This could
be used by the WorkManager and the resource adapter for debugging
purposes.
getName
in interface WorkContext
WorkContext
public abstract void setupSecurityContext(CallbackHandler handler, Subject executionSubject, Subject serviceSubject)
Work
instance.
The handler argument must not be null, and the argument handler and the
CallbackHandler
passed to this method must support the
following Callback
s defined in JSR 196: Java Authentication
SPI for Containers specification:
Callback
s may be supported by the container.
A resource adapter might use the CallerPrincipalCallback
“to
set the container's representation of the caller principal. The
CallbackHandler must establish the argument Principal as the caller
principal associated with the invocation being processed by the
container. When the argument Principal is null, the handler will
establish the container's representation of the unauthenticated caller
principal.”
A resource adapter might use the GroupPrincipalCallback
“to
establish the container's representation of the corresponding group
principals within the Subject. When a null value is passed to the groups
argument, the handler will establish the container's representation of no
group principals within the Subject. Otherwise, the handler's processing
of this callback is additive, yielding the union (without duplicates) of
the principals existing within the Subject, and those created with the
names occuring within the argument array. The CallbackHandler will define
the type of the created principals.”
A resource adapter might use the PasswordValidationCallback
“to employ the password validation facilities of its containing runtime.”
The executionSubject argument must be non-null and it must not be read-only. It is expected that this method will populate this executionSubject with principals and credentials that would be flown into the application server.
The serviceSubject argument may be null. If it is not null, it must not be read- only. It represents the application server’s credentials and it may be used by the Work implementation to retrieve Principals and credentials necessary to establish a connection to the EIS (in the cause of mutual-auth like scenarios). The serviceSubject may contain the credentials of the application server or the SecurityContext implementation may collect the service credentials, as necessary, by using the CallbackHandler passed to it.
When this method is called, the method implementation
handler
- A CallbackHandler
provided by the
WorkManager
that supports the
Callback
s described aboveexecutionSubject
- A Subject that represents the security identity that needs to
be established as the context for the Work
instance. It is used by the method implementation to store
Principals and credentials that needs to be used as the
security context of the Work
instance.serviceSubject
- A Subject that represents the application server It may be
used by the method implementation as the source of Principals
or credentials to be used to validate a connection to the EIS.
If the Subject is not null, the method implementation may add
additional Principals or credentials (pertaining to the
recipient of the service request) to the Subject.196: Java Authentication SPI for Containers specification and
related JavaDoc
Copyright © 2019 JBoss by Red Hat. All rights reserved.