org.jboss.security

Interface JSSESecurityDomain

All Superinterfaces:

BaseSecurityManager

All Known Implementing Classes:

JBossJSSESecurityDomain

public interface JSSESecurityDomain
extends BaseSecurityManager

Security domain used for configuring SSL.

Author:

Marcus Moyses

Method Summary

Modifier and Type	Method and Description
Properties	getAdditionalProperties() Returns the additional properties map
Certificate	getCertificate(String alias) Returns the certificate with the given alias or null if no such certificate exists, from the trust store this security domain delegates to.
String[]	getCipherSuites() Returns the cipher suites that should be enabled on SSLSockets
String	getClientAlias() Get the preferred client alias name
Key	getKey(String alias, String serviceAuthToken) Returns the key with the given alias from the key store this security domain delegates to.
KeyManager[]	getKeyManagers() Get the KeyManagers created by the configured KeyManagerFactory
KeyStore	getKeyStore() Get the keystore associated with the security domain
String[]	getProtocols() Returns the protocols that should be enabled on SSLSockets
String	getServerAlias() Get the preferred server alias name
TrustManager[]	getTrustManagers() Get the TrustManagers created by the configured TrustManagerFactory
KeyStore	getTrustStore() Get the truststore associated with the security domain.
boolean	isClientAuth() Get the client auth flag
void	reloadKeyAndTrustStore() Reload/initialize keystore and truststore using the attributes set in the security domain

Methods inherited from interface org.jboss.security.BaseSecurityManager

getSecurityDomain

Method Detail

getKeyStore

KeyStore getKeyStore()
              throws SecurityException

Get the keystore associated with the security domain

Returns:

the keystore

Throws:

SecurityException

getKeyManagers

KeyManager[] getKeyManagers()
                     throws SecurityException

Get the KeyManagers created by the configured KeyManagerFactory

Returns:

the initialized KeyManagers

Throws:

SecurityException

getTrustStore

KeyStore getTrustStore()
                throws SecurityException

Get the truststore associated with the security domain. This may be the same as the keystore

Returns:

the truststore

Throws:

SecurityException

getTrustManagers

TrustManager[] getTrustManagers()
                         throws SecurityException

Get the TrustManagers created by the configured TrustManagerFactory

Returns:

the initialized TrustManagers

Throws:

SecurityException

reloadKeyAndTrustStore

void reloadKeyAndTrustStore()
                     throws Exception

Reload/initialize keystore and truststore using the attributes set in the security domain

Throws:

Exception - if an error occurs

getServerAlias

String getServerAlias()

Get the preferred server alias name

Returns:

the preferred server alias, in case the underlying keystore contains multiple server aliases that can be used, and we wish to have more control over picking a specific one. Will return null if no preferred server alias is configured.

getClientAlias

String getClientAlias()

Get the preferred client alias name

Returns:

the preferred client alias, in case the underlying keystore contains multiple client aliases that can be used, and we wish to have more control over picking a specific one. Will return null if no preferred client alias is configured.

isClientAuth

boolean isClientAuth()

Get the client auth flag

Returns:

true to instruct callers into the implementations of this interface to require client authentication during the SSL handshake. If this flag is "true", the SSL handshake is supposed to fail if a client does not provide a valid certificate.

getKey

Key getKey(String alias,
           String serviceAuthToken)
    throws Exception

Returns the key with the given alias from the key store this security domain delegates to. All keys except public keys require a service authentication token. In case of a public key the authentication token will be ignored, and it can be safely null.

Parameters:

alias - - the alias corresponding to the key to be retrieved.

serviceAuthToken - - the authentication token that establishes whether the calling service has the permission to retrieve the key. If no authentication token provided, or invalid authentication token is provided, the method will throw SecurityException

Returns:

the requested key, or null if the given alias does not exist or does not identify a key-related entry.

Throws:

SecurityException - for missing or invalid serviceAuthToken.

IllegalStateException - if sensitive information is requested, but no service authorization token is configured on security domain.

Exception

See Also:

KeyStore.getKey(String, char[])

getCertificate

Certificate getCertificate(String alias)
                    throws Exception

Returns the certificate with the given alias or null if no such certificate exists, from the trust store this security domain delegates to.

Parameters:

alias - - the alias corresponding to the certificate to be retrieved.

Returns:

the requested certificate, or null if the given alias does not exist or does not identify a certificate-related entry.

Throws:

Exception

See Also:

KeyStore.getKey(String, char[])

getCipherSuites

String[] getCipherSuites()

Returns the cipher suites that should be enabled on SSLSockets

Returns:

array of cipher suite names

getProtocols

String[] getProtocols()

Returns the protocols that should be enabled on SSLSockets

Returns:

array of protocol names

getAdditionalProperties

Properties getAdditionalProperties()

Returns the additional properties map

Returns:

map with additional properties