org.jboss.security.plugins

Class NoAccessSecurityManager

java.lang.Object

org.jboss.security.plugins.NoAccessSecurityManager

All Implemented Interfaces:

Serializable, AuthenticationManager, BaseSecurityManager, RealmMapping, SubjectSecurityManager

public class NoAccessSecurityManager
extends Object
implements SubjectSecurityManager, RealmMapping, Serializable

An implementation of SubjectSecurityManager, RealmMapping does not allow any authentication and every check for a role fails.

Version:

$Revision$

Author:

Scott.Stark@jboss.org

See Also:

isValid(java.security.Principal, Object, Subject), getPrincipal(java.security.Principal), doesUserHaveRole(java.security.Principal, java.util.Set), Serialized Form

Constructor Summary

Constructors

Constructor and Description
NoAccessSecurityManager(String securityDomain) Creates a default JaasSecurityManager for with the given securityDomain name.

Method Summary

Modifier and Type	Method and Description
boolean	doesUserHaveRole(Principal principal, Set<Principal> roleNames) Does the current Subject have a role(a Principal) that equates to one of the role names.
Subject	getActiveSubject() Get the currently authenticated Subject.
Principal	getPrincipal(Principal principal) Always returns the argument principal.
String	getSecurityDomain() Get the name of the security domain associated with this security mgr.
Principal	getTargetPrincipal(Principal anotherDomainPrincipal, Map<String,Object> contextMap) Trust related usecases may require translation of a principal from another domain to the current domain An implementation of this interface may need to do a backdoor contact of the external trust provider in deriving the target principal
Set<Principal>	getUserRoles(Principal principal) Return the set of domain roles the principal has been assigned.
boolean	isValid(MessageInfo requestMessage, Subject clientSubject, String layer)
boolean	isValid(MessageInfo requestMessage, Subject clientSubject, String layer, CallbackHandler handler)
boolean	isValid(Principal principal, Object credential) Validate that the given credential is correct for principal.
boolean	isValid(Principal principal, Object credential, Subject activeSubject) Validate that the given credential is correct for principal.
void	logout(Principal principal, Subject subject) No-op implementation: no user was previously authenticated by this manager so there's no state left to cleanup.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

NoAccessSecurityManager

public NoAccessSecurityManager(String securityDomain)

Creates a default JaasSecurityManager for with the given securityDomain name.

Method Detail

getSecurityDomain

public String getSecurityDomain()

Get the name of the security domain associated with this security mgr.

Specified by:

getSecurityDomain in interface BaseSecurityManager

Returns:

Name of the security manager security domain.

getActiveSubject

public Subject getActiveSubject()

Get the currently authenticated Subject.

Specified by:

getActiveSubject in interface AuthenticationManager

Returns:

Always returns null.

See Also:

PolicyContextHandler.getContext(String, Object)

isValid

public boolean isValid(Principal principal,
                       Object credential)

Validate that the given credential is correct for principal.

Specified by:

isValid in interface AuthenticationManager

Parameters:

principal - - the user identity in the operation environment

credential - - the proof of user identity as known in the operation environment

Returns:

always returns true.

See Also:

AuthenticationManager.isValid(Principal, Object, Subject)

isValid

public boolean isValid(Principal principal,
                       Object credential,
                       Subject activeSubject)

Validate that the given credential is correct for principal. This does not populate the activeSubject with any state since no authentication is performed.

Specified by:

isValid in interface AuthenticationManager

Parameters:

principal - - the user identity in the operation environment

credential - - the proof of user identity as known in the operation environment

activeSubject - - the Subject which should be populated with the validated Subject contents. A JAAS based implementation would typically populate the activeSubject with the LoginContext.login result.

Returns:

always returns true.

isValid

public boolean isValid(MessageInfo requestMessage,
                       Subject clientSubject,
                       String layer)

isValid

public boolean isValid(MessageInfo requestMessage,
                       Subject clientSubject,
                       String layer,
                       CallbackHandler handler)

getTargetPrincipal

public Principal getTargetPrincipal(Principal anotherDomainPrincipal,
                                    Map<String,Object> contextMap)

Description copied from interface: AuthenticationManager

Trust related usecases may require translation of a principal from another domain to the current domain An implementation of this interface may need to do a backdoor contact of the external trust provider in deriving the target principal

Specified by:

getTargetPrincipal in interface AuthenticationManager

Parameters:

anotherDomainPrincipal - Principal that is applicable in the other domain (Can be null - in which case the contextMap is used solely to derive the target principal)

contextMap - Any context information (including information on the other domain that may be relevant in deriving the target principal). Any SAML assertions that may be relevant can be passed here.

Returns:

principal from a target security domain

getPrincipal

public Principal getPrincipal(Principal principal)

Always returns the argument principal.

Specified by:

getPrincipal in interface RealmMapping

Parameters:

principal - the caller principal as known in the operation environment.

Returns:

The argument principal

doesUserHaveRole

public boolean doesUserHaveRole(Principal principal,
                                Set<Principal> roleNames)

Does the current Subject have a role(a Principal) that equates to one of the role names. This method always returns true.

Specified by:

doesUserHaveRole in interface RealmMapping

Parameters:

principal - - ignored.

roleNames - - ignored.

Returns:

Always returns true.

getUserRoles

public Set<Principal> getUserRoles(Principal principal)

Return the set of domain roles the principal has been assigned.

Specified by:

getUserRoles in interface RealmMapping

Returns:

The Set with the NobodyPrincipal as the sole role.

logout

public void logout(Principal principal,
                   Subject subject)

No-op implementation: no user was previously authenticated by this manager so there's no state left to cleanup.

Specified by:

logout in interface AuthenticationManager

Parameters:

principal - the Principal being logged out.

subject - the Subject associated with the principal being logged out.