Package org.wildfly.security.auth.jaspi

Class ElytronAuthConfigFactory

java.lang.Object
jakarta.security.auth.message.config.AuthConfigFactory
org.wildfly.security.auth.jaspi.ElytronAuthConfigFactory
public class ElytronAuthConfigFactory extends AuthConfigFactory
The WildFly Elytron implementation of AuthConfigFactory.
Author:
Darran Lofthouse

  • Constructor Details

    • ElytronAuthConfigFactory

      public ElytronAuthConfigFactory()

  • Method Details

    • getConfigProvider

      public AuthConfigProvider getConfigProvider(String layer, String appContext, RegistrationListener listener)
      Description copied from class: AuthConfigFactory
      Get a registered AuthConfigProvider from the factory. Get the provider of ServerAuthConfig and ClientAuthConfig objects registered for the identified message layer and application context.

      All factories shall employ the following precedence rules to select the registered AuthConfigProvider that matches the layer and appContext arguments:

      • The provider specifically registered for the values passed as the layer and appContext arguments shall be selected.
      • If no provider is selected according to the preceding rule, the provider specifically registered for the value passed as the appContext argument and for all (that is, null) layers shall be selected.
      • If no provider is selected according to the preceding rules, the provider specifically registered for the value passed as the layer argument and for all (that is, null) appContexts shall be selected.
      • If no provider is selected according to the preceding rules, the provider registered for all (that is, null) layers and for all (that is, null) appContexts shall be selected.
      • If no provider is selected according to the preceding rules, the factory shall terminate its search for a registered provider.

      The above precedence rules apply equivalently to registrations created with a null or non-null className argument.

      Specified by:
      getConfigProvider in class AuthConfigFactory
      Parameters:
      layer - A String identifying the message layer for which the registered AuthConfigProvider is to be returned. The value of this argument may be null.
      appContext - A String that identifies the application messaging context for which the registered AuthConfigProvider is to be returned. The value of this argument may be null.
      listener - The RegistrationListener whose notify method is to be invoked if the corresponding registration is unregistered or replaced. The value of this argument may be null.
      Returns:
      The implementation of the AuthConfigProvider interface registered at the factory for the layer and appContext, or null if no AuthConfigProvider is selected. An argument listener is attached even if the return value is null.
      See Also:

    • registerConfigProvider

      public String registerConfigProvider(AuthConfigProvider provider, String layer, String appContext, String description)
      Description copied from class: AuthConfigFactory
      Registers within the (in-memory) factory, a provider of ServerAuthConfig and/or ClientAuthConfig objects for a message layer and application context identifier. This method does NOT effect the factory's persistent declarative representation of provider registrations, and is intended to be used by providers to perform self-Registration.

      At most one registration may exist within the factory for a given combination of message layer and appContext. Any pre-existing registration with identical values for layer and appContext is replaced by a subsequent registration. When replacement occurs, the registration identifier, layer, and appContext identifier remain unchanged, and the AuthConfigProvider (with initialization properties) and description are replaced.

      Within the lifetime of its Java process, a factory must assign unique registration identifiers to registrations, and must never assign a previously used registration identifier to a registration whose message layer and or appContext identifier differ from the previous use.

      When a SecurityManager is enabled, and before making any changes to the factory, this method must confirm that the calling access control context has been granted the AuthConfigFactory.providerRegistrationSecurityPermission

      Specified by:
      registerConfigProvider in class AuthConfigFactory
      Parameters:
      provider - The AuthConfigProvider to be registered at the factory (or null). Calling this method with a null value for this parameter shall cause getConfigProvider to return null when it is called with layer and appContext values for which the resulting registration is the best match.
      layer - A String identifying the message layer for which the provider will be registered at the factory. A null value may be passed as an argument for this parameter, in which case the provider is registered at all layers.
      appContext - A String value that may be used by a runtime to request a configuration object from this provider. A null value may be passed as an argument for this parameter, in which case the provider is registered for all configuration ids (at the indicated layers).
      description - A text String describing the provider. This value may be null.
      Returns:
      A String identifier assigned by the factory to the provider registration, and that may be used to remove the registration from the factory.
      See Also:

    • registerConfigProvider

      public String registerConfigProvider(String className, Map<String,String> properties, String layer, String appContext, String description)
      Description copied from class: AuthConfigFactory
      Registers within the factory and records within the factory's persistent declarative representation of provider registrations a provider of ServerAuthConfig and/or ClientAuthConfig objects for a message layer and application context identifier. This method typically constructs an instance of the provider before registering it with the factory. Factories may extend or modify the persisted registrations of existing provider instances, if those instances were registered with ClassName and properties arguments equivalent to those passed in the current call.

      This method employs the two argument constructor required to be supported by every implementation of the AuthConfigProvider interface, and this method must pass a null value for the factory argument of the constructor. AuthConfigProviderImpl AuthConfigProviderImpl(Map properties, AuthConfigFactory factory).

      At most one registration may exist within the factory for a given combination of message layer and appContext. Any pre-existing registration with identical values for layer and appContext is replaced by a subsequent registration. When replacement occurs, the registration identifier, layer, and appContext identifier remain unchanged, and the AuthConfigProvider (with initialization properties) and description are replaced.

      Within the lifetime of its Java process, a factory must assign unique registration identifiers to registrations, and must never assign a previously used registration identifier to a registration whose message layer and or appContext identifier differ from the previous use.

      Programmatic registrations performed by using this method must update (according to the replacement rules described above) the persistent declarative representation of provider registrations employed by the factory constructor.

      When a SecurityManager is enabled, before loading the argument provider, and before making any changes to the factory, this method must confirm that the calling access control context has been granted the AuthConfigFactory.providerRegistrationSecurityPermission

      Specified by:
      registerConfigProvider in class AuthConfigFactory
      Parameters:
      className - The fully qualified name of an AuthConfigProvider implementation class (or null). Calling this method with a null value for this parameter shall cause getConfigProvider to return null when it is called with layer and appContext values for which the resulting registration is the best match.
      properties - A Map object containing the initialization properties to be passed to the properties argument of the provider constructor. This argument may be null.
      layer - A String identifying the message layer for which the provider will be registered at the factory. A null value may be passed as an argument for this parameter, in which case the provider is registered at all layers.
      appContext - A String value that may be used by a runtime to request a configuration object from this provider. A null value may be passed as an argument for this parameter, in which case the provider is registered for all configuration ids (at the indicated layers).
      description - A text String describing the provider. This value may be null.
      Returns:
      A String identifier assigned by the factory to the provider registration, and that may be used to remove the registration from the factory.
      See Also:

    • registerServerAuthModule

      public String registerServerAuthModule(ServerAuthModule module, Object context)
      Description copied from class: AuthConfigFactory
      Registers within the (in-memory) factory, an instance of a ServerAuthModule for a message layer and application context identifier as identified by a profile specific context object.

      This will override any other modules that have already been registered, either via proprietary means or using the standard API. The ServerAuthModule is removed, via a call to removeServerAuthModule when the context associated with the profile specific context object ends.

      Note that this method is a convenience method that can be used instead of registerConfigProvider, but should ultimately have the same effect. That is, the layer and appContext parameters are generated from the context object, and the ServerAuthModule is wrapped by an implementation specific AuthConfigProvider, which are then used to call registerConfigProvider or an internal method with the same effect. The returned registration ID is then associated with the profile specific context object, and also returned from this method.

      A "profile specific context object" is for example the ServletContext in the Servlet Container Profile. The context associated with this ServletContext ends when for example the application corresponding to it is undeployed. Association of the registration ID with the ServletContext simply means calling the setAttribute method on the ServletContext, with the registration ID as value. (The name attribute has not been standardised in this version of the specification)

      Specified by:
      registerServerAuthModule in class AuthConfigFactory
      Parameters:
      module - the ServerAuthModule instance to be registered
      context - the profile specific context of the application for which the module is registered
      Returns:
      A String identifier assigned by the factory to the provider registration, and that may be used to remove the registration from the factory.

    • removeServerAuthModule

      public void removeServerAuthModule(Object context)
      Description copied from class: AuthConfigFactory
      Remove the ServerAuthModule (and potentially encompassing wrappers/factories) that was previously registered via a call to registerServerAuthModule.

      Note that this method is a convenience method that can be used instead of removeRegistration, but should ultimately have the same effect. That is calling removeRegistration with the return value from registerServerAuthModule must have the same effect in that the ServerAuthModule is removed.

      Specified by:
      removeServerAuthModule in class AuthConfigFactory
      Parameters:
      context - the profile specific context of the application for which the module is removed.

    • removeRegistration

      public boolean removeRegistration(String registrationId)
      Description copied from class: AuthConfigFactory
      Remove the identified provider registration from the factory (and from the persistent declarative representation of provider registrations, if appropriate) and invoke any listeners associated with the removed registration.

      When a SecurityManager is enabled, and before making any changes to the factory, this method must confirm that the calling access control context has been granted the AuthConfigFactory.providerRegistrationSecurityPermission

      Specified by:
      removeRegistration in class AuthConfigFactory
      Parameters:
      registrationId - A String that identifies a provider registration at the factory
      Returns:
      True if there was a registration with the specified identifier and it was removed. Return false if the registrationID was invalid.
      See Also:

    • detachListener

      public String[] detachListener(RegistrationListener listener, String layer, String appContext)
      Description copied from class: AuthConfigFactory
      Disassociate the listener from all the provider registrations whose layer and appContext values are matched by the corresponding arguments to this method.

      Factories should periodically notify Listeners to effectively detach listeners that are no longer in use.

      When a SecurityManager is enabled, and before making any changes to the factory, this method must confirm that the calling access control context has been granted the AuthConfigFactory.providerRegistrationSecurityPermission

      Specified by:
      detachListener in class AuthConfigFactory
      Parameters:
      listener - The RegistrationListener to be detached.
      layer - A String identifying the message layer or null.
      appContext - A String value identifying the application context or null.
      Returns:
      An array of String values where each value identifies a provider registration from which the listener was removed. This method never returns null; it returns an empty array if the listener was not removed from any registrations.
      See Also:

    • getRegistrationContext

      public AuthConfigFactory.RegistrationContext getRegistrationContext(String registrationID)
      Description copied from class: AuthConfigFactory
      Get the registration context for the identified registration.
      Specified by:
      getRegistrationContext in class AuthConfigFactory
      Parameters:
      registrationID - A String that identifies a provider registration at the factory
      Returns:
      A RegistrationContext or null. When a Non-null value is returned, it is a copy of the registration context corresponding to the registration. Null is returned when the registration identifier does not correspond to an active registration
      See Also:

    • getRegistrationIDs

      public String[] getRegistrationIDs(AuthConfigProvider provider)
      Description copied from class: AuthConfigFactory
      Get the registration identifiers for all registrations of the provider instance at the factory.
      Specified by:
      getRegistrationIDs in class AuthConfigFactory
      Parameters:
      provider - The AuthConfigurationProvider whose registration identifiers are to be returned. This argument may be null, in which case it indicates that the IDs of all active registrations within the factory are to be returned.
      Returns:
      An array of String values where each value identifies a provider registration at the factory. This method never returns null; it returns an empty array when there are no registrations at the factory for the identified provider.
      See Also:

    • refresh

      public void refresh()
      Description copied from class: AuthConfigFactory
      Cause the factory to reprocess its persistent declarative representation of provider registrations.

      A factory should only replace an existing registration when a change of provider implementation class or initialization properties has occurred.

      When a SecurityManager is enabled, and before the point where this method could have caused any changes to the factory, this method must confirm that the calling access control context has been granted the AuthConfigFactory.providerRegistrationSecurityPermission

      Specified by:
      refresh in class AuthConfigFactory
      See Also: