/* * JBoss, Home of Professional Open Source * Copyright 2005, JBoss Inc., and individual contributors as indicated * by the @authors tag. See the copyright.txt in the distribution for a * full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */ package org.jboss.security.plugins; import java.security.Principal; import java.util.Set; /** An MBean interface that unifies the AuthenticationManager and RealmMapping * security interfaces implemented by a security manager for a given domain * and provides access to this functionality across all domains by including * the security domain name as a method argument. * * @author Scott.Stark@jboss.org * @version $Revision: 37459 $ */ public interface SecurityManagerMBean { /** The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity. @param securityDomain - the name of the security to use @param principal - the user identity in the operation environment @param credential - the proof of user identity as known in the operation environment @return true if the principal, credential pair is valid, false otherwise. */ public boolean isValid(String securityDomain, Principal principal, Object credential); /** Map from the operational environment Principal to the application domain principal. This is used by the EJBContext.getCallerPrincipal implentation to map from the authenticated principal to a principal in the application domain. @param principal - the caller principal as known in the operation environment. @return the principal */ public Principal getPrincipal(String securityDomain, Principal principal); /** Validates the application domain roles to which the operational environment Principal belongs. This may first authenticate the principal as some security manager impls require a preceeding isValid call. @param securityDomain - the name of the security to use @param principal - the user identity in the operation environment @param credential - the proof of user identity as known in the @param roles - Set for the application domain roles that the principal is to be validated against. @return true if the principal has at least one of the roles in the roles set, false otherwise. */ public boolean doesUserHaveRole(String securityDomain, Principal principal, Object credential, Set roles); /** Return the set of domain roles the principal has been assigned. This may first authenticate the principal as some security manager impls require a preceeding isValid call. @param securityDomain - the name of the security to use @param principal - the user identity in the operation environment @param credential - the proof of user identity as known in the @return The Set for the application domain roles that the principal has been assigned. */ public Set getUserRoles(String securityDomain, Principal principal, Object credential); }