public interface AuthenticationManager extends BaseSecurityManager
Modifier and Type | Method and Description |
---|---|
Subject |
getActiveSubject()
Deprecated.
Use the JACC PolicyContextHandler using key "javax.security.auth.Subject.container"
|
Principal |
getTargetPrincipal(Principal anotherDomainPrincipal,
Map<String,Object> contextMap)
Trust related usecases may require translation of a principal from another domain
to the current domain
An implementation of this interface may need to do a backdoor contact of the external
trust provider in deriving the target principal
|
boolean |
isValid(Principal principal,
Object credential)
The isValid method is invoked to see if a user identity and associated
credentials as known in the operational environment are valid proof of the
user identity.
|
boolean |
isValid(Principal principal,
Object credential,
Subject activeSubject)
The isValid method is invoked to see if a user identity and associated
credentials as known in the operational environment are valid proof of the
user identity.
|
void |
logout(Principal principal,
Subject subject)
This method must be invoked to perform the logout of the incoming principal.
|
getSecurityDomain
boolean isValid(Principal principal, Object credential)
principal
- - the user identity in the operation environmentcredential
- - the proof of user identity as known in the
operation environmentisValid(Principal, Object, Subject)
boolean isValid(Principal principal, Object credential, Subject activeSubject)
principal
- - the user identity in the operation environmentcredential
- - the proof of user identity as known in the
operation environmentactiveSubject
- - the Subject which should be populated with the
validated Subject contents. A JAAS based implementation would typically
populate the activeSubject with the LoginContext.login result.Subject getActiveSubject()
PolicyContextHandler.getContext(String, Object)
Principal getTargetPrincipal(Principal anotherDomainPrincipal, Map<String,Object> contextMap)
anotherDomainPrincipal
- Principal that is applicable in the other domain
(Can be null - in which case the contextMap is used
solely to derive the target principal)contextMap
- Any context information (including information on the other domain
that may be relevant in deriving the target principal). Any SAML
assertions that may be relevant can be passed here.void logout(Principal principal, Subject subject)
Subject
associated with
the principal is also provided, allowing implementations to perform any special cleanup based on the information
contained in the Subject
.principal
- the Principal
being logged out.subject
- the Subject
associated with the principal being logged out.Copyright © 2019 JBoss by Red Hat. All rights reserved.