org.jboss.security.authentication

Class JBossCachedAuthenticationManager

java.lang.Object

org.jboss.security.authentication.JBossCachedAuthenticationManager

All Implemented Interfaces:

AuthenticationManager, BaseSecurityManager, CacheableManager<ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>,Principal>

public class JBossCachedAuthenticationManager
extends Object
implements AuthenticationManager, CacheableManager<ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>,Principal>

AuthenticationManager implementation that uses CacheableManager as the cache provider.

Author:

Marcus Moyses, Oleg Nitz, Scott.Stark@jboss.org, Anil.Saldhana@jboss.org

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	JBossCachedAuthenticationManager.DomainInfo A cache value.

Field Summary

Fields

Modifier and Type	Field and Description
protected ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>	domainCache

Constructor Summary

Constructors

Constructor and Description
JBossCachedAuthenticationManager() Create a new JBossCachedAuthenticationManager using the default security domain and CallbackHandler implementation.
JBossCachedAuthenticationManager(String securityDomain, CallbackHandler callbackHandler) Create a new JBossCachedAuthenticationManager.

Method Summary

Modifier and Type	Method and Description
boolean	containsKey(Principal key) Checks if an entry exists in the cache.
void	flushCache() Flushes all entries from the cache.
void	flushCache(Principal key) Flushes one entry from the cache.
Subject	getActiveSubject() Get the currently authenticated subject.
Set<Principal>	getCachedKeys() Returns a set of keys stored in the cache.
String	getSecurityDomain() Get the security domain from which the security manager is from.
Principal	getTargetPrincipal(Principal anotherDomainPrincipal, Map<String,Object> contextMap) Trust related usecases may require translation of a principal from another domain to the current domain An implementation of this interface may need to do a backdoor contact of the external trust provider in deriving the target principal
boolean	isValid(Principal principal, Object credential) The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity.
boolean	isValid(Principal principal, Object credential, Subject activeSubject) The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity.
void	logout(Principal principal, Subject subject) This method must be invoked to perform the logout of the incoming principal.
void	releaseModuleEntries(ClassLoader classLoader) Release cache entries got the specified ClassLoader.
void	setCache(ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo> cache) Sets the cache.
void	setDeepCopySubjectOption(Boolean flag) Flag to specify if deep copy of subject sets needs to be enabled

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

domainCache

protected ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo> domainCache

Constructor Detail

JBossCachedAuthenticationManager

public JBossCachedAuthenticationManager()

Create a new JBossCachedAuthenticationManager using the default security domain and CallbackHandler implementation.

JBossCachedAuthenticationManager

public JBossCachedAuthenticationManager(String securityDomain,
                                        CallbackHandler callbackHandler)

Create a new JBossCachedAuthenticationManager.

Parameters:

securityDomain - name of the security domain

callbackHandler - CallbackHandler implementation

Method Detail

getActiveSubject

public Subject getActiveSubject()

Description copied from interface: AuthenticationManager

Get the currently authenticated subject. Historically implementations of AuthenticationManager isValid methods had the side-effect of setting the active Subject. This caused problems with multi-threaded usecases where the Subject instance was being shared by multiple threads. This is now deprecated in favor of the JACC PolicyContextHandler getContext(key, data) method.

Specified by:

getActiveSubject in interface AuthenticationManager

Returns:

The previously authenticated Subject if isValid succeeded, null if isValid failed or has not been called for the active thread.

See Also:

PolicyContextHandler.getContext(String, Object)

getTargetPrincipal

public Principal getTargetPrincipal(Principal anotherDomainPrincipal,
                                    Map<String,Object> contextMap)

Description copied from interface: AuthenticationManager

Trust related usecases may require translation of a principal from another domain to the current domain An implementation of this interface may need to do a backdoor contact of the external trust provider in deriving the target principal

Specified by:

getTargetPrincipal in interface AuthenticationManager

Parameters:

anotherDomainPrincipal - Principal that is applicable in the other domain (Can be null - in which case the contextMap is used solely to derive the target principal)

contextMap - Any context information (including information on the other domain that may be relevant in deriving the target principal). Any SAML assertions that may be relevant can be passed here.

Returns:

principal from a target security domain

isValid

public boolean isValid(Principal principal,
                       Object credential)

Description copied from interface: AuthenticationManager

The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity. Typically this is implemented as a call to isValid with a null Subject.

Specified by:

isValid in interface AuthenticationManager

Parameters:

principal - - the user identity in the operation environment

credential - - the proof of user identity as known in the operation environment

Returns:

true if the principal, credential pair is valid, false otherwise.

See Also:

AuthenticationManager.isValid(Principal, Object, Subject)

isValid

public boolean isValid(Principal principal,
                       Object credential,
                       Subject activeSubject)

Description copied from interface: AuthenticationManager

The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity. This extends AuthenticationManager version to provide a copy of the resulting authenticated Subject. This allows a caller to authenticate a user and obtain a Subject whose state cannot be modified by other threads associated with the same principal.

Specified by:

isValid in interface AuthenticationManager

Parameters:

principal - - the user identity in the operation environment

credential - - the proof of user identity as known in the operation environment

activeSubject - - the Subject which should be populated with the validated Subject contents. A JAAS based implementation would typically populate the activeSubject with the LoginContext.login result.

Returns:

true if the principal, credential pair is valid, false otherwise.

getSecurityDomain

public String getSecurityDomain()

Description copied from interface: BaseSecurityManager

Get the security domain from which the security manager is from. Every security manager belongs to a named domain. The meaning of the security domain name depends on the implementation. Examples range from as fine grained as the name of EJBs to J2EE application names to DNS domain names.

Specified by:

getSecurityDomain in interface BaseSecurityManager

Returns:

the security domain name. May be null in which case the security manager belongs to the logical default domain.

flushCache

public void flushCache()

Description copied from interface: CacheableManager

Flushes all entries from the cache.

Specified by:

flushCache in interface CacheableManager<ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>,Principal>

flushCache

public void flushCache(Principal key)

Description copied from interface: CacheableManager

Flushes one entry from the cache.

Specified by:

flushCache in interface CacheableManager<ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>,Principal>

Parameters:

key - Entry's key.

setCache

public void setCache(ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo> cache)

Description copied from interface: CacheableManager

Sets the cache.

Specified by:

setCache in interface CacheableManager<ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>,Principal>

Parameters:

cache - New cache to use.

containsKey

public boolean containsKey(Principal key)

Description copied from interface: CacheableManager

Checks if an entry exists in the cache.

Specified by:

containsKey in interface CacheableManager<ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>,Principal>

Parameters:

key - Entry's key

Returns:

true if there is an entry, false otherwise.

getCachedKeys

public Set<Principal> getCachedKeys()

Description copied from interface: CacheableManager

Returns a set of keys stored in the cache.

Specified by:

getCachedKeys in interface CacheableManager<ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>,Principal>

Returns:

keys stored in the cache.

setDeepCopySubjectOption

public void setDeepCopySubjectOption(Boolean flag)

Flag to specify if deep copy of subject sets needs to be enabled

Parameters:

flag -

releaseModuleEntries

public void releaseModuleEntries(ClassLoader classLoader)

Release cache entries got the specified ClassLoader.

Parameters:

classLoader - the ClassLoader.

logout

public void logout(Principal principal,
                   Subject subject)

Description copied from interface: AuthenticationManager

This method must be invoked to perform the logout of the incoming principal. The Subject associated with the principal is also provided, allowing implementations to perform any special cleanup based on the information contained in the Subject.

Specified by:

logout in interface AuthenticationManager

Parameters:

principal - the Principal being logged out.

subject - the Subject associated with the principal being logged out.