[jboss-cvs] JBossAS SVN: r63110 - in projects/security/security-docs/trunk/docs/guide/en: modules and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu May 17 00:20:35 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-05-17 00:20:35 -0400 (Thu, 17 May 2007)
New Revision: 63110
Added:
projects/security/security-docs/trunk/docs/guide/en/modules/impl/
projects/security/security-docs/trunk/docs/guide/en/modules/impl/defaultimpl.xml
projects/security/security-docs/trunk/docs/guide/en/modules/impl/jbossauthenticationmgr.xml
projects/security/security-docs/trunk/docs/guide/en/modules/impl/seccontextassociation.xml
projects/security/security-docs/trunk/docs/guide/en/modules/impl/seccontextfactory.xml
projects/security/security-docs/trunk/docs/guide/en/modules/impl/securityconfiguration.xml
Removed:
projects/security/security-docs/trunk/docs/guide/en/modules/securityconfiguration.xml
Modified:
projects/security/security-docs/trunk/docs/guide/en/master.xml
Log:
SECURITY-53: integration doc
Modified: projects/security/security-docs/trunk/docs/guide/en/master.xml
===================================================================
--- projects/security/security-docs/trunk/docs/guide/en/master.xml 2007-05-17 03:05:15 UTC (rev 63109)
+++ projects/security/security-docs/trunk/docs/guide/en/master.xml 2007-05-17 04:20:35 UTC (rev 63110)
@@ -6,12 +6,21 @@
<!ENTITY authorizationmgr SYSTEM "modules/authorizationmgr.xml">
<!ENTITY mappingmgr SYSTEM "modules/mappingmgr.xml">
<!ENTITY auditmgr SYSTEM "modules/auditmgr.xml">
+<!ENTITY securitycache SYSTEM "modules/securitycache.xml">
+<!ENTITY securityclient SYSTEM "modules/securityclient.xml">
+
+<!ENTITY defaultimpl SYSTEM "modules/impl/defaultimpl.xml">
+<!ENTITY securityconfiguration SYSTEM "modules/impl/securityconfiguration.xml">
+<!ENTITY seccontextfactory SYSTEM "modules/impl/seccontextfactory.xml">
+<!ENTITY seccontextassociation SYSTEM "modules/impl/seccontextassociation.xml">
+<!ENTITY jbossauthenticationmgr SYSTEM "modules/impl/jbossauthenticationmgr.xml">
]>
<book lang="en">
<bookinfo>
<title>JBoss Security Integration Guide</title>
- <subtitle>A guide for System Integrators</subtitle>
+ <subtitle>A guide for JEMS Projects as well as thirdparty
+ integrators</subtitle>
<releaseinfo>2.0</releaseinfo>
</bookinfo>
@@ -29,7 +38,9 @@
<para>This is an Integration Document that will be used by projects that
intend to integrate the JBoss Security SPI and the default
- implementation.</para>
+ implementation(aka JBossSX). The Security SPI as well as the details of
+ the default implementation are subject to change over subsequent
+ releases.</para>
<para>If you have questions, please feel free to contact the JBoss
Security team.</para>
@@ -47,4 +58,17 @@
&mappingmgr;
&auditmgr;
+
+ &securitycache;
+
+ &securityclient;
+
+ &defaultimpl;
+
+ &securityconfiguration;
+
+ &seccontextfactory;
+
+ &seccontextassociation;
+ &jbossauthenticationmgr;
</book>
Added: projects/security/security-docs/trunk/docs/guide/en/modules/impl/defaultimpl.xml
===================================================================
--- projects/security/security-docs/trunk/docs/guide/en/modules/impl/defaultimpl.xml (rev 0)
+++ projects/security/security-docs/trunk/docs/guide/en/modules/impl/defaultimpl.xml 2007-05-17 04:20:35 UTC (rev 63110)
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<chapter id="defaultimpl">
+ <title>JBossSX (Default Implementation)</title>
+
+ <para>The JBoss Security distribution contains JBossSX, a default
+ implementation of the security spi. The following chapters describe it in
+ some detail.</para>
+
+ <para>The jar file that drives the default implementation is the
+ jbosssx.jar</para>
+</chapter>
\ No newline at end of file
Added: projects/security/security-docs/trunk/docs/guide/en/modules/impl/jbossauthenticationmgr.xml
===================================================================
--- projects/security/security-docs/trunk/docs/guide/en/modules/impl/jbossauthenticationmgr.xml (rev 0)
+++ projects/security/security-docs/trunk/docs/guide/en/modules/impl/jbossauthenticationmgr.xml 2007-05-17 04:20:35 UTC (rev 63110)
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<chapter id="jbossauthenticationmgr">
+ <title>JBoss Authentication Manager</title>
+
+ <para>JBossSX includes an implementation of the AuthenticationManager
+ interface called as JBossAuthenticationManager. Currently it is driven by
+ JAAS.</para>
+
+ <para>The outline of the class looks as follows:</para>
+
+ <programlisting>package org.jboss.security.plugins;
+
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.SecurityConstants;
+import org.jboss.security.cache.JBossAuthenticationCache;
+import org.jboss.security.cache.SecurityCache;
+import org.jboss.security.cache.SecurityCacheException;
+
+
+/**
+ * Default Implementation of the AuthenticationManager Interface
+ */
+public class JBossAuthenticationManager implements AuthenticationManager
+{
+ private static Logger log = Logger.getLogger(JBossAuthenticationManager.class);
+
+ protected String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
+
+ protected CallbackHandler callbackHandler = null;
+
+ private ThreadLocal<Subject> subjectLocal = new ThreadLocal<Subject>();
+
+ private SecurityCache<Principal> sCache = null;
+
+ private boolean cacheValidation = false;
+
+ public JBossAuthenticationManager(String sdomain, CallbackHandler cbh)
+ {
+ }
+
+ /**
+ * Create JBossAuthenticationManager
+ * @param sdomain SecurityDomain
+ * @param cbh CallbackHandler
+ * @param initCapacity Initial Capacity for the internal Security Cache
+ * @param loadFactor Load Factor for the internal Security Cache
+ * @param level Concurrency Level for the internal Security Cach
+ */
+ public JBossAuthenticationManager(String sdomain, CallbackHandler cbh,
+ int initCapacity, float loadFactor, int level)
+ {
+ }
+
+ public void setSecurityCache(String className)
+ {
+ }
+
+ /**
+ * @see AuthenticationManager#getActiveSubject()
+ */
+ public Subject getActiveSubject()
+ {
+ }
+
+ /**
+ * @see AuthenticationManager#getSecurityDomain()
+ */
+ public String getSecurityDomain()
+ {
+ }
+
+ /**
+ * @see AuthenticationManager#getTargetPrincipal(Principal, Map)
+ */
+ public Principal getTargetPrincipal(Principal principal, Map<String,Object> map)
+ {
+ }
+
+ /**
+ * @see AuthenticationManager#isValid(Principal, Object)
+ */
+ public boolean isValid(Principal principal, Object credential)
+ {
+ }
+
+ /**
+ * @see AuthenticationManager#isValid(Principal, Object, Subject)
+ */
+ public boolean isValid(Principal principal, Object credential, Subject subject)
+ {
+ }
+}
+</programlisting>
+</chapter>
\ No newline at end of file
Added: projects/security/security-docs/trunk/docs/guide/en/modules/impl/seccontextassociation.xml
===================================================================
--- projects/security/security-docs/trunk/docs/guide/en/modules/impl/seccontextassociation.xml (rev 0)
+++ projects/security/security-docs/trunk/docs/guide/en/modules/impl/seccontextassociation.xml 2007-05-17 04:20:35 UTC (rev 63110)
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<chapter id="seccontextassociation">
+ <title>Security Context Association</title>
+
+ <para>The default implementation of the Security SPI includes a class called
+ as SecurityContextAssociation that has a threadlocal for storing a security
+ context object. It is the responsibility of the system integrators to push
+ and pop the security context from the association in the call request
+ path.</para>
+
+ <para>The SecurityContextAssociation class looks as:</para>
+
+ <programlisting>package org.jboss.security.plugins;
+
+import org.jboss.security.SecurityContext;
+
+/**
+ * Security Context association in a threadlocal
+ */
+public class SecurityContextAssociation
+{
+ private static ThreadLocal<SecurityContext> securityContextLocal
+ = new ThreadLocal<SecurityContext>();
+
+ public static void setSecurityContext(SecurityContext sc)
+ {
+ securityContextLocal.set(sc);
+ }
+
+ public static SecurityContext getSecurityContext()
+ {
+ return securityContextLocal.get();
+ }
+
+ public static void clearSecurityContext()
+ {
+ securityContextLocal.set(null);
+ }
+}</programlisting>
+</chapter>
\ No newline at end of file
Added: projects/security/security-docs/trunk/docs/guide/en/modules/impl/seccontextfactory.xml
===================================================================
--- projects/security/security-docs/trunk/docs/guide/en/modules/impl/seccontextfactory.xml (rev 0)
+++ projects/security/security-docs/trunk/docs/guide/en/modules/impl/seccontextfactory.xml 2007-05-17 04:20:35 UTC (rev 63110)
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<chapter id="seccontextfactory">
+ <title>Security Context Factory</title>
+
+ <para>The default implementation of the Security SPI includes a factory
+ class for the construction of the SecurityContext. The
+ SecurityContextFactory class is the factory class that also creates the
+ SecurityContextUtil class that is tied with a security context.</para>
+
+ <para>The SecurityContextFactory class looks as:</para>
+
+ <programlisting>package org.jboss.security.plugins;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextUtil;
+
+//$Id$
+
+/**
+ * Factory class to create Security Context instances
+ */
+public class SecurityContextFactory
+{
+ /**
+ * Create a security context
+ * @param securityDomain Security Domain driving the context
+ * @return
+ */
+ public static SecurityContext createSecurityContext(String securityDomain)
+ {
+ JBossSecurityContext jsc = new JBossSecurityContext(securityDomain);
+ return jsc;
+ }
+
+ /**
+ * Create a security context
+ * @param p Principal
+ * @param cred Credential
+ * @param s Subject
+ * @param securityDomain SecurityDomain
+ * @return
+ * @see #createSecurityContext(String)
+ */
+ public static SecurityContext createSecurityContext(Principal p,
+ Object cred,Subject s, String securityDomain)
+ {
+ JBossSecurityContext jsc = new JBossSecurityContext(securityDomain);
+ jsc.getUtil().createSubjectInfo(p,cred,s);
+ return jsc;
+ }
+
+
+ /**
+ * Return an instance of the SecurityContextUtil
+ * @return
+ */
+ public static SecurityContextUtil createUtil(SecurityContext sc)
+ {
+ return new JBossSecurityContextUtil(sc);
+ }
+}
+</programlisting>
+</chapter>
\ No newline at end of file
Added: projects/security/security-docs/trunk/docs/guide/en/modules/impl/securityconfiguration.xml
===================================================================
--- projects/security/security-docs/trunk/docs/guide/en/modules/impl/securityconfiguration.xml (rev 0)
+++ projects/security/security-docs/trunk/docs/guide/en/modules/impl/securityconfiguration.xml 2007-05-17 04:20:35 UTC (rev 63110)
@@ -0,0 +1,319 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<chapter id="securityconfiguration">
+ <title>Security Configuration</title>
+
+ <para>The previous chapters defined the Security SPI. In this chapter, we
+ will discuss the security configuration that is the main driver to derive
+ the configuration for the various managers in the security context.</para>
+
+ <para>The SecurityConfiguration is a class with static methods as
+ follows:</para>
+
+ <programlisting>package org.jboss.security.config;
+
+import java.security.Key;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.HashMap;
+
+/**
+ * Class that provides the Configuration for authentication,
+ * authorization, mapping info etc
+ * It also holds the information like JSSE keystores, keytypes and
+ * other crypto configuration
+ */
+public class SecurityConfiguration
+{
+ /**
+ * Map of Application Policies keyed in by name
+ */
+ private static HashMap appPolicies = new HashMap();
+ private static String cipherAlgorithm;
+ private static int iterationCount;
+ private static String salt;
+ private static String keyStoreType;
+ private static String keyStoreURL;
+ private static String keyStorePass;
+ private static String trustStoreType;
+ private static String trustStorePass;
+ private static String trustStoreURL;
+ private static Key cipherKey;
+ private static AlgorithmParameterSpec cipherSpec;
+
+ public static void addApplicationPolicy(ApplicationPolicy aP)
+ {
+ if(aP == null)
+ throw new IllegalArgumentException("application policy is null");
+ appPolicies.put(aP.getName(), aP);
+ }
+
+ public static ApplicationPolicy getApplicationPolicy(String policyName)
+ {
+ return (ApplicationPolicy)appPolicies.get(policyName);
+ }
+
+ public static String getCipherAlgorithm()
+ {
+ return cipherAlgorithm;
+ }
+
+ public static void setCipherAlgorithm(String ca)
+ {
+ cipherAlgorithm = ca;
+ }
+
+ public static Key getCipherKey()
+ {
+ return cipherKey;
+ }
+
+ public static void setCipherKey(Key ca)
+ {
+ cipherKey = ca;
+ }
+
+ public static AlgorithmParameterSpec getCipherSpec()
+ {
+ return cipherSpec;
+ }
+
+ public static void setCipherSpec(AlgorithmParameterSpec aps)
+ {
+ cipherSpec = aps;
+ }
+
+ public static int getIterationCount()
+ {
+ return iterationCount;
+ }
+
+ /** Set the iteration count used with PBE based on the keystore password.
+ * @param count - an iteration count randomization value
+ */
+ public static void setIterationCount(int count)
+ {
+ iterationCount = count;
+ }
+
+
+ public static String getSalt()
+ {
+ return salt;
+ }
+ /** Set the salt used with PBE based on the keystore password.
+ * @param salt - an 8 char randomization string
+ */
+ public static void setSalt(String s)
+ {
+ salt = s;
+ }
+
+
+ /** KeyStore implementation type being used.
+ @return the KeyStore implementation type being used.
+ */
+ public static String getKeyStoreType()
+ {
+ return keyStoreType;
+ }
+ /** Set the type of KeyStore implementation to use. This is
+ passed to the KeyStore.getInstance() factory method.
+ */
+ public static void setKeyStoreType(String type)
+ {
+ keyStoreType = type;
+ }
+ /** Get the KeyStore database URL string.
+ */
+ public static String getKeyStoreURL()
+ {
+ return keyStoreURL;
+ }
+ /** Set the KeyStore database URL string. This is used to obtain
+ an InputStream to initialize the KeyStore.
+ */
+ public static void setKeyStoreURL(String storeURL)
+ {
+ keyStoreURL = storeURL;
+ }
+
+ /** Get the credential string for the KeyStore.
+ */
+ public static String getKeyStorePass()
+ {
+ return keyStorePass ;
+ }
+
+ /** Set the credential string for the KeyStore.
+ */
+ public static void setKeyStorePass(String password)
+ {
+ keyStorePass = password;
+ }
+
+ /** Get the type of the trust store
+ * @return the type of the trust store
+ */
+ public static String getTrustStoreType()
+ {
+ return trustStoreType;
+ }
+
+ /** Set the type of the trust store
+ * @param type - the trust store implementation type
+ */
+ public static void setTrustStoreType(String type)
+ {
+ trustStoreType = type;
+ }
+
+ /** Set the credential string for the trust store.
+ */
+ public static String getTrustStorePass()
+ {
+ return trustStorePass;
+ }
+
+ /** Set the credential string for the trust store.
+ */
+ public static void setTrustStorePass(String password)
+ {
+ trustStorePass = password;
+ }
+
+ /** Get the trust store database URL string.
+ */
+ public static String getTrustStoreURL()
+ {
+ return trustStoreURL;
+ }
+
+ /** Set the trust store database URL string. This is used to obtain
+ an InputStream to initialize the trust store.
+ */
+ public static void setTrustStoreURL(String storeURL)
+ {
+ trustStoreURL = storeURL;
+ }
+}
+</programlisting>
+
+ <para>As you can see the SecurityConfiguration class can hold a map of
+ ApplicationPolicy objects that are keyed in by a name which denote the
+ Security Domain name. The SecurityConfiguration class also provides commonly
+ used JCA/Crypto information necessary. The ApplicationPolicy class is an
+ amalgamation of the AuthenticationInfo, AuthorizationInfo, MappingInfo and
+ AuditInfo which drive the configuration for the individual managers in the
+ security context.</para>
+
+ <programlisting>package org.jboss.security.config;
+
+import org.jboss.security.auth.login.BaseAuthenticationInfo;
+
+/**
+ * Application Policy Information Holder
+ * - Authentication
+ * - Authorization
+ * - Audit
+ * - Mapping
+ */
+public class ApplicationPolicy
+{
+ private String name;
+ private BaseAuthenticationInfo authenticationInfo;
+ private AuthorizationInfo authorizationInfo;
+ private AuditInfo auditInfo;
+ private MappingInfo roleMappingInfo;
+
+ //Parent PolicyConfig
+ private PolicyConfig policyConfig;
+
+ public ApplicationPolicy(String theName)
+ {
+ if(theName == null)
+ throw new IllegalArgumentException("name is null");
+ this.name = theName;
+ }
+
+ public ApplicationPolicy(String theName,BaseAuthenticationInfo info)
+ {
+ this(theName);
+ authenticationInfo = info;
+ }
+
+ public ApplicationPolicy(String theName,AuthorizationInfo info)
+ {
+ this(theName);
+ authorizationInfo = info;
+ }
+
+ public ApplicationPolicy(String theName,
+ BaseAuthenticationInfo info, AuthorizationInfo info2)
+ {
+ this(theName);
+ authenticationInfo = info;
+ authorizationInfo = info2;
+ }
+
+ public BaseAuthenticationInfo getAuthenticationInfo()
+ {
+ return authenticationInfo;
+ }
+
+ public void setAuthenticationInfo(BaseAuthenticationInfo authenticationInfo)
+ {
+ this.authenticationInfo = authenticationInfo;
+ }
+
+ public AuthorizationInfo getAuthorizationInfo()
+ {
+ return authorizationInfo;
+ }
+
+ public void setAuthorizationInfo(AuthorizationInfo authorizationInfo)
+ {
+ this.authorizationInfo = authorizationInfo;
+ }
+
+ public MappingInfo getRoleMappingInfo()
+ {
+ return roleMappingInfo;
+ }
+
+ public void setRoleMappingInfo(MappingInfo roleMappingInfo)
+ {
+ this.roleMappingInfo = roleMappingInfo;
+ }
+
+ public AuditInfo getAuditInfo()
+ {
+ return auditInfo;
+ }
+
+ public void setAuditInfo(AuditInfo auditInfo)
+ {
+ this.auditInfo = auditInfo;
+ }
+
+ public String getName()
+ {
+ return name;
+ }
+
+ public PolicyConfig getPolicyConfig()
+ {
+ return policyConfig;
+ }
+
+ public void setPolicyConfig(PolicyConfig policyConfig)
+ {
+ this.policyConfig = policyConfig;
+ }
+}
+
+</programlisting>
+
+ <para>Generation of the ApplicationPolicy objects and their establishment in
+ the SecurityConfiguration class is the responsibility of the system
+ integrators at this moment. You can use JBossXB or JAXB or whichever
+ mechanism you prefer.</para>
+</chapter>
\ No newline at end of file
Deleted: projects/security/security-docs/trunk/docs/guide/en/modules/securityconfiguration.xml
===================================================================
--- projects/security/security-docs/trunk/docs/guide/en/modules/securityconfiguration.xml 2007-05-17 03:05:15 UTC (rev 63109)
+++ projects/security/security-docs/trunk/docs/guide/en/modules/securityconfiguration.xml 2007-05-17 04:20:35 UTC (rev 63110)
@@ -1,315 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<chapter id="securitycontext">
- <title>Security Context</title>
-
- <para>SecurityContext is an encapsulation of the Authentication,
- Authorization, Mapping and Auditing aspects of a security conscious system.
- The interface looks as follows:</para>
-
- <programlisting>package org.jboss.security;
-
-/**
- * Encapsulation of Authentication, Authorization, Mapping and other
- * security aspects at the level of a security domain
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
- */
-public interface SecurityContext extends Serializable,Cloneable
-{
- /**
- * Authentication Manager for the security domain
- */
- public AuthenticationManager getAuthenticationManager();
- /**
- * Authorization Manager for the security domain
- */
- public AuthorizationManager getAuthorizationManager();
-
- /**
- * Mapping manager configured with providers
- */
- public MappingManager getMappingManager();
-
- /**
- * AuditManager configured for the security domain
- */
- public AuditManager getAuditManager();
-
- /**
- * Context Map
- */
- public Map<String,Object> getData();
-
- /**
- * Return the Security Domain
- */
- public String getSecurityDomain();
-
- /**
- * Subject Info
- *
- * @see SecurityContextUtil#getSubject()
- * @see SecurityContextUtil#createSubjectInfo(Principal, Object, Subject)
- */
- SubjectInfo getSubjectInfo();
-
- /**
- * Subject Info
- *
- * @see SecurityContextUtil#getSubject()
- * @see SecurityContextUtil#createSubjectInfo(Principal, Object, Subject)
- */
- void setSubjectInfo(SubjectInfo si);
-
- /**
- * RunAs Representation
- *
- * @see #setRunAs(RunAs)
- */
- public RunAs getRunAs();
-
- /**
- * Set the current RunAs for the security context that will be
- * propagated out to other security context.
- *
- * RunAs coming into this security context needs to be done
- * from SecurityContextUtil.getCallerRunAs/setCallerRunAs
- *
- * @see SecurityContextUtil#getCallerRunAs()
- * @see SecurityContextUtil#setCallerRunAs(RunAs)
- *
- * @param runAs
- */
- public void setRunAs(RunAs runAs);
-
- /**
- * Return a utility that is a facade to the internal
- * storage mechanism of the Security Context
- *
- * This utility can be used to store information like
- * roles etc in an implementation specific way
- * @return
- */
- public SecurityContextUtil getUtil();
-}</programlisting>
-
- <para>Associated with the SecurityContext is the notion of a SecurityUtil
- that can provide some utility methods to shield from the implementation
- details of any vendor implementation of the SecurityContext. The
- SecurityUtil abstract class looks as follows:</para>
-
- <programlisting>package org.jboss.security;
-
-import java.security.Principal;
-
-import javax.security.auth.Subject;
-
-/**
- * General Utility methods for dealing with the SecurityContext
- */
-public abstract class SecurityContextUtil
-{
- protected SecurityContext securityContext = null;
-
- public void setSecurityContext(SecurityContext sc)
- {
- this.securityContext = sc;
- }
-
- /**
- * Get the username from the security context
- * @return username
- */
- public abstract String getUserName();
-
- /**
- * Get the user principal the security context
- * @return user principal
- */
- public abstract Principal getUserPrincipal();
-
- /**
- * Get the credential
- * @return
- */
- public abstract Object getCredential();
-
- /**
- * Get the subject the security context
- * @return
- */
- public abstract Subject getSubject();
-
- /**
- * Get the RunAs that was passed into the current security context
- * The security context RunAs is the RunAs that will be propagated out of it
- * @return
- */
- public abstract RunAs getCallerRunAs();
-
- /**
- * Set the Caller RunAs in the security context
- * Security Context implementations are free to store
- * the caller runas in any manner
- * @param runAs
- */
- public abstract void setCallerRunAs(RunAs runAs);
-
- /**
- * Get a holder of subject, runAs and caller RunAs
- * @return
- */
- public abstract SecurityIdentity getSecurityIdentity();
-
- /**
- * Inject subject, runAs and callerRunAs into the security context
- * Mainly used by integration code base to cache the security identity
- * and put back to the security context
- * @param si The SecurityIdentity Object
- */
- public abstract void setSecurityIdentity(SecurityIdentity si);
-
- /**
- * Get the Roles associated with the user for the
- * current security context
- * @param <T>
- * @return
- */
- public abstract <T> T getRoles();
-
- /**
- * Set the roles for the user for the current security context
- * @param <T>
- * @param roles
- */
- public abstract <T> void setRoles(T roles);
-
- /**
- * Create SubjectInfo and set it in the current security context
- * @param principal
- * @param credential
- * @param subject
- */
- public void createSubjectInfo(Principal principal, Object credential,Subject subject)
- {
- SubjectInfo si = new SubjectInfo(principal, credential, subject);
- this.securityContext.setSubjectInfo(si);
- }
-
- /**
- * Set an object on the Security Context
- * The context implementation may place the object in its internal
- * data structures (like the Data Map)
- * @param <T> Generic Type
- * @param sc Security Context Object
- * @param key Key representing the object being set
- * @param obj
- */
- public abstract <T> void set(String key, T obj);
-
- /**
- * Return an object from the Security Context
- * @param <T>
- * @param sc Security Context Object
- * @param key key identifies the type of object we are requesting
- * @return
- */
- public abstract <T> T get(String key);
-
- /**
- * Remove an object represented by the key from the security context
- * @param <T>
- * @param sc Security Context Object
- * @param key key identifies the type of object we are requesting
- * @return the removed object
- */
- public abstract <T> T remove(String key);
-}
-</programlisting>
-
- <para>As seen in the abstract class, the SecurityContextUtil provides
- methods to deal with the user principal and credential, RunAs and general
- usage of the SecurityContext as a store of objects via key pair (Refer to
- the set, get and remove methods).</para>
-
- <para>The SecurityContextUtil has the usage of a SecurityIdentity aspect.
- The SecurityIdentity reprents the identity of the agent that is interfacing
- with the security system. It contains the subject and various run-as (RunAs
- and CallerRunAs).</para>
-
- <programlisting>package org.jboss.security;
-
-import java.security.Principal;
-import javax.security.auth.Subject;
-
-//$Id$
-
-/**
- * Represents an Identity of an agent interacting with the
- * security service. It can be an user or a process. It
- * consists of a subject and various run-as
- */
-public class SecurityIdentity
-{
- SubjectInfo theSubject = null;
- RunAs runAs = null;
- RunAs callerRunAs = null;
-
- public SecurityIdentity(SubjectInfo subject, RunAs runAs, RunAs callerRunAs)
- {
- this.theSubject = subject;
- this.runAs = runAs;
- this.callerRunAs = callerRunAs;
- }
-
- public Principal getPrincipal()
- {
- return theSubject != null ? theSubject.getAuthenticationPrincipal() : null;
- }
-
- public Object getCredential()
- {
- return theSubject != null ? theSubject.getAuthenticationCredential(): null;
- }
-
- public Subject getSubject()
- {
- return theSubject != null ? theSubject.getAuthenticatedSubject() : null;
- }
-
- public RunAs getRunAs()
- {
- return runAs;
- }
-
- public RunAs getCallerRunAs()
- {
- return callerRunAs;
- }
-}</programlisting>
-
- <para>The difference between RunAs and CallerRunAs is: The RunAs represents
- the RunAs that is outgoing from the current context. The caller RunAs
- represents the RunAs that enters this security context. The RunAs interface
- is:</para>
-
- <programlisting>package org.jboss.security;
-
-import java.security.Principal;
-/**
- * Represent an entity X with a proof of identity Y
- */
-public interface RunAs extends Principal
-{
- /**
- * Return the identity represented
- * @return
- */
- public <T> T getIdentity();
-
- /**
- * Return the proof of identity
- * @return
- */
- public <T> T getProof();
-}</programlisting>
-</chapter>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list