org.jboss.security.plugins: public class: JaasSecurityManager

org.jboss.security.plugins
public class: JaasSecurityManager [javadoc | source]

java.lang.Object
   org.jboss.mx.util.JBossNotificationBroadcasterSupport
      org.jboss.system.ServiceMBeanSupport
         org.jboss.security.plugins.JaasSecurityManager

All Implemented Interfaces:
RealmMapping, SubjectSecurityManager, org.jboss.kernel.spi.dependency.KernelControllerContextAware, ServiceMBean, MBeanRegistration, NotificationEmitter

Direct Known Subclasses:
JaasSecurityDomain

The JaasSecurityManager is responsible both for authenticating credentials associated with principals and for role mapping. This implementation relies on the JAAS LoginContext/LoginModules associated with the security domain name associated with the class for authentication, and the context JAAS Subject object for role mapping.

Also see:

isValid(Principal, Object, Subject)

getPrincipal(Principal)

doesUserHaveRole(Principal, Set)

author: < - a href="on@ibis.odessa.ua">Oleg Nitz

author: Scott.Stark - @jboss.org

author: Anil.Saldhana - @jboss.org

version: $ - Revision: 62860 $

Fields inherited from org.jboss.system.ServiceMBeanSupport:
SERVICE_CONTROLLER_SIG, log, server, serviceName

Constructor:

Constructor:
public JaasSecurityManager() { this("other", new SecurityAssociationHandler()); } Creates a default JaasSecurityManager for with a securityDomain name of 'other'.
public JaasSecurityManager(String securityDomain, CallbackHandler handler) { delegate = new JaasSecurityManagerBase(securityDomain,handler); } Creates a JaasSecurityManager for with a securityDomain name of that given by the 'securityDomain' argument. Parameters: `securityDomain` - the name of the security domain `handler` - the JAAS callback handler instance to use Throws: `UndeclaredThrowableException` - thrown if handler does not implement a setSecurityInfo(Princpal, Object) method exception: `UndeclaredThrowableException` - thrown if handler does not implement a setSecurityInfo(Princpal, Object) method

 public JaasSecurityManager() {
      
      this("other", new SecurityAssociationHandler());
}

Creates a default JaasSecurityManager for with a securityDomain name of 'other'.

 public JaasSecurityManager(String securityDomain,
    CallbackHandler handler) {
      delegate = new JaasSecurityManagerBase(securityDomain,handler);
}

Creates a JaasSecurityManager for with a securityDomain name of that given by the 'securityDomain' argument.

Parameters:

securityDomain - the name of the security domain

handler - the JAAS callback handler instance to use

Throws:

UndeclaredThrowableException - thrown if handler does not implement a setSecurityInfo(Princpal, Object) method

exception: UndeclaredThrowableException - thrown if handler does not implement a setSecurityInfo(Princpal, Object) method

Method from org.jboss.security.plugins.JaasSecurityManager Summary:
doesUserHaveRole, flushCache, getActiveSubject, getPrincipal, getSecurityDomain, getTargetPrincipal, getUserRoles, isValid, isValid, setCachePolicy, setDeepCopySubjectOption

Methods from org.jboss.system.ServiceMBeanSupport:
create, createService, destroy, destroyService, getDeploymentInfo, getLog, getName, getNextNotificationSequenceNumber, getObjectName, getServer, getServiceName, getState, getStateString, jbossInternalCreate, jbossInternalDescription, jbossInternalDestroy, jbossInternalLifecycle, jbossInternalStart, jbossInternalStop, pojoChange, pojoCreate, pojoDestroy, pojoStart, pojoStop, postDeregister, postRegister, preDeregister, preRegister, setKernelControllerContext, start, startService, stop, stopService, unsetKernelControllerContext

Methods from org.jboss.system.ServiceMBeanSupport:

create, createService, destroy, destroyService, getDeploymentInfo, getLog, getName, getNextNotificationSequenceNumber, getObjectName, getServer, getServiceName, getState, getStateString, jbossInternalCreate, jbossInternalDescription, jbossInternalDestroy, jbossInternalLifecycle, jbossInternalStart, jbossInternalStop, pojoChange, pojoCreate, pojoDestroy, pojoStart, pojoStop, postDeregister, postRegister, preDeregister, preRegister, setKernelControllerContext, start, startService, stop, stopService, unsetKernelControllerContext

Methods from org.jboss.mx.util.JBossNotificationBroadcasterSupport:
addNotificationListener, getNotificationInfo, handleNotification, nextNotificationSequenceNumber, removeNotificationListener, removeNotificationListener, sendNotification

Methods from java.lang.Object:
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from org.jboss.security.plugins.JaasSecurityManager Detail:
public boolean doesUserHaveRole(Principal principal, Set rolePrincipals) { return delegate.doesUserHaveRole(principal, rolePrincipals); } Does the current Subject have a role(a Principal) that equates to one of the role names. This method obtains the Group named 'Roles' from the principal set of the currently authenticated Subject as determined by the SecurityAssociation.getSubject() method and then creates a SimplePrincipal for each name in roleNames. If the role is a member of the Roles group, then the user has the role. This requires that the caller establish the correct SecurityAssociation subject prior to calling this method. In the past this was done as a side-effect of an isValid() call, but this is no longer the case.
public void flushCache() { delegate.flushCache(); } Not really used anymore as the security manager service manages the security domain authentication caches.
public Subject getActiveSubject() { return delegate.getActiveSubject(); } Get the currently authenticated Subject. This is a thread local property shared across all JaasSecurityManager instances.
public Principal getPrincipal(Principal principal) { return delegate.getPrincipal(principal); } Map the argument principal from the deployment environment principal to the developer environment. This is called by the EJB context getCallerPrincipal() to return the Principal as described by the EJB developer domain.
public String getSecurityDomain() { return delegate.getSecurityDomain(); } Get the name of the security domain associated with this security mgr.
public Principal getTargetPrincipal(Principal anotherDomainPrincipal, Map contextMap) { return delegate.getTargetPrincipal(anotherDomainPrincipal, contextMap); }
public Set getUserRoles(Principal principal) { return delegate.getUserRoles(principal); } Return the set of domain roles the current active Subject 'Roles' group found in the subject Principals set.
public boolean isValid(Principal principal, Object credential) { return delegate.isValid(principal, credential, null); } Validate that the given credential is correct for principal. This returns the value from invoking isValid(principal, credential, null).
public boolean isValid(Principal principal, Object credential, Subject activeSubject) { return delegate.isValid(principal, credential, activeSubject); } Validate that the given credential is correct for principal. This first will check the current CachePolicy object if one exists to see if the user's cached credentials match the given credential. If there is no credential cache or the cache information is invalid or does not match, the user is authenticated against the JAAS login modules configured for the security domain.
public void setCachePolicy(CachePolicy domainCache) { delegate.setCachePolicy(domainCache); } The domainCache is typically a shared object that is populated by the login code(LoginModule, etc.) and read by this class in the isValid() method.
public void setDeepCopySubjectOption(Boolean flag) { delegate.setDeepCopySubjectOption(flag); } Flag to specify if deep copy of subject sets needs to be enabled

Method from org.jboss.security.plugins.JaasSecurityManager Detail:

 public boolean doesUserHaveRole(Principal principal,
    Set rolePrincipals) {
      return delegate.doesUserHaveRole(principal, rolePrincipals);
}

Does the current Subject have a role(a Principal) that equates to one of the role names. This method obtains the Group named 'Roles' from the principal set of the currently authenticated Subject as determined by the SecurityAssociation.getSubject() method and then creates a SimplePrincipal for each name in roleNames. If the role is a member of the Roles group, then the user has the role. This requires that the caller establish the correct SecurityAssociation subject prior to calling this method. In the past this was done as a side-effect of an isValid() call, but this is no longer the case.

 public  void flushCache() {
      delegate.flushCache();
}

Not really used anymore as the security manager service manages the security domain authentication caches.

 public Subject getActiveSubject() {
      return delegate.getActiveSubject();
}

Get the currently authenticated Subject. This is a thread local property shared across all JaasSecurityManager instances.

 public Principal getPrincipal(Principal principal) {
      return delegate.getPrincipal(principal);
}

Map the argument principal from the deployment environment principal to the developer environment. This is called by the EJB context getCallerPrincipal() to return the Principal as described by the EJB developer domain.

 public String getSecurityDomain() {
      return delegate.getSecurityDomain();
}

Get the name of the security domain associated with this security mgr.

 public Principal getTargetPrincipal(Principal anotherDomainPrincipal,
    Map contextMap) {
      return delegate.getTargetPrincipal(anotherDomainPrincipal, contextMap);
}

 public Set getUserRoles(Principal principal) {
      return delegate.getUserRoles(principal);
}

Return the set of domain roles the current active Subject 'Roles' group found in the subject Principals set.

 public boolean isValid(Principal principal,
    Object credential) {
      return delegate.isValid(principal, credential, null);
}

Validate that the given credential is correct for principal. This returns the value from invoking isValid(principal, credential, null).

 public boolean isValid(Principal principal,
    Object credential,
    Subject activeSubject) {
      return delegate.isValid(principal, credential, activeSubject);
}

Validate that the given credential is correct for principal. This first will check the current CachePolicy object if one exists to see if the user's cached credentials match the given credential. If there is no credential cache or the cache information is invalid or does not match, the user is authenticated against the JAAS login modules configured for the security domain.

 public  void setCachePolicy(CachePolicy domainCache) {
      delegate.setCachePolicy(domainCache);
}

The domainCache is typically a shared object that is populated by the login code(LoginModule, etc.) and read by this class in the isValid() method.

 public  void setDeepCopySubjectOption(Boolean flag) {
      delegate.setDeepCopySubjectOption(flag);
}

Flag to specify if deep copy of subject sets needs to be enabled