[jboss-cvs] JBossAS SVN: r64016 - in projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message: callback and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Jul 12 17:12:53 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-07-12 17:12:52 -0400 (Thu, 12 Jul 2007)
New Revision: 64016
Added:
projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/MessageInfo.java
projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/callback/CallerPrincipalCallback.java
projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/callback/GroupPrincipalCallback.java
projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/RegistrationListener.java
Removed:
projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/AuthParam.java
Modified:
projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/ClientAuth.java
projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/MessagePolicy.java
projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/ServerAuth.java
projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/callback/PasswordValidationCallback.java
projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/AuthConfig.java
projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/AuthConfigFactory.java
projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/ClientAuthConfig.java
projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/ServerAuthConfig.java
projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/module/ClientAuthModule.java
Log:
JASPI pfd2 changes
Deleted: projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/AuthParam.java
===================================================================
--- projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/AuthParam.java 2007-07-12 21:11:28 UTC (rev 64015)
+++ projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/AuthParam.java 2007-07-12 21:12:52 UTC (rev 64016)
@@ -1,76 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2005, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package javax.security.auth.message;
-
-import java.util.Map;
-
-/**
- * <p>A message processing uses this interface to pass messages to authentication
- * contexts for processing by authentication modules.</p>
- *
- * <p>This interface encapsulates a request message object and a response message
- * object for a message exchange. This interface may also be used to associate
- * additional context in the form of key/value pairs, with the encapsulated messages.</p>
- *
- * <p>Every implementation of this interface should provide a zero argument
- * constructor, and a constructor which takes a single Map argument according to the
- * recommendations in the Map interface. Additional constructors may also be provided.</p>
- *
- * <p>An implementation of this interface need not make the request and response
- * message values available or setable via the methods of its Map interface.</p>
- *
- * <p>Implementations of this interface may vary in their support for key and value
- * types, fail-fast behavior, orderinvariance, and synchronization.</p>
- *
- * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana at jboss.org</a>
- * @author Charlie Lai, Ron Monzillo (Javadoc for JSR-196)
- * @since May 11, 2006
- * @version $Revision$
- */
-public interface AuthParam extends Map
-{
- /**
- * Get the request message object from this AuthParam.
- * @return an object representing the request message, or null if no request message
- * is set within the AuthParam.
- */
- public Object getRequestMessage();
-
- /**
- * Get the response message object from this AuthParam.
- * @return an object representing the response message, or null if no response
- * message is set within the AuthParam.
- */
- public Object getResponseMessage();
-
- /**
- * Set the request message object in this AuthParam.
- * @param request an object representing the request message.
- */
- public void setRequestMessage(Object request);
-
- /**
- * Set the response message object in this AuthParam.
- * @param response an object representing the response message.
- */
- public void setResponseMessage(Object response);
-}
Modified: projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/ClientAuth.java
===================================================================
--- projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/ClientAuth.java 2007-07-12 21:11:28 UTC (rev 64015)
+++ projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/ClientAuth.java 2007-07-12 21:12:52 UTC (rev 64016)
@@ -21,8 +21,6 @@
*/
package javax.security.auth.message;
-import java.util.Map;
-
import javax.security.auth.Subject;
//$Id$
@@ -38,16 +36,17 @@
public interface ClientAuth
{
/**
- * Remove module specific principals and credentials from the subject.
- * @param subject the Subject instance from which the Principals and
- * credentials are to be removed.
- * @param sharedState a Map for modules to save state across a sequence
- * of calls from secureRequest to validateResponse
- * returning AuthStatus.PROCEED
- * @return
+ * Remove implementation specific principals and credentials from the subject.
+ * @param messageInfo - A contextual object that encapsulates the client request
+ * and server response objects, and that may be used to save
+ * state across a sequence of calls made to the methods of
+ * this interface for the purpose of completing a secure
+ * message exchange.
+ * @param subject - The Subject instance from which the Principals and credentials
+ * are to be removed.
* @throws AuthException if an error occurs during the Subject processing.
*/
- public AuthStatus cleanSubject( Subject subject, Map sharedState)
+ public void cleanSubject( MessageInfo messageInfo, Subject subject)
throws AuthException;
/**
@@ -55,16 +54,17 @@
*
* <p>Sign and encrpt the service request, for example.</p>
*
- * @param authParam an authentication parameter that encapsulates the
- * client request and server response objects.
- * @param client a Subject that represents the source of the service request,
- * or null. It may be used by modules to retrieve Principals
- * and credentials necessary to secure the request. The module
- * may use a CallbackHandler to obtain any additional information
- * necessary to secure the request. Newly obtained or validated
- * credentials may be stored back into the Subject object.
- * @param sharedState a Map for modules to save state across a sequence of calls
- * from secureRequest to validateResponse returning AuthStatus.PROCEED
+ * @param messageInfo - A contextual object that encapsulates the client request
+ * and server response objects, and that may be used to save
+ * state across a sequence of calls made to the methods of
+ * this interface for the purpose of completing a secure
+ * message exchange.
+ * @param clientSubject - A Subject that represents the source of the service request,
+ * or null. It may be used by the method implementation as the
+ * source of Principals or credentials to be used to secure
+ * the request. If the Subject is not null, the method
+ * implementation may add additional Principals or credentials
+ * (pertaining to the source of the service request) to the Subject.
* @return an AuthStatus object representing the completion status of the processing
* performed by the module.
* <ul>
@@ -88,27 +88,37 @@
* message. The runtime must discontinue its processing of the message
* exchange.
*/
- public AuthStatus secureRequest(AuthParam authParam,Subject client, Map sharedState)
+ public AuthStatus secureRequest(MessageInfo messageInfo, Subject clientSubject)
throws AuthException;
/**
* <p>Validate a received service response.</p>
*
- * <p>Decrypt and verify a signature on the response, for example.</p>
+ * <p>This method is called to transform the mechanism-specific response message
+ * acquired by calling getResponseMessage (on messageInfo) into the validated
+ * application message to be returned to the message processing runtime. If
+ * the response message is a (mechanism-specific) meta-message, the method
+ * implementation must attempt to transform the meta-message into the next
+ * mechanism-specific request message to be sent by the runtime.</p>
*
- * @param authParam an authentication parameter that encapsulates the client
- * request and server response objects.
- * @param client a Subject that represents the recipient of the service response,
- * or null. It may be used by modules to retrieve Principals and
- * credentials necessary to validate the response. The module may use
- * a CallbackHandler to obtain any additional information necessary
- * to validate the response. Newly obtained information may be stored
- * back into the Subject object.
- * @param service a Subject that represents the source of the service response,
- * or null. It may be used by modules to store Principals and credentials
- * validated in the response.
- * @param sharedState a Map for modules to save state across a sequence of calls from
- * secureRequest to validateResponse returning AuthStatus.PROCEED
+ * @param messageInfo - A contextual object that encapsulates the client
+ * request and server response objects, and that may be
+ * used to save state across a sequence of calls made to
+ * the methods of this interface for the purpose of
+ * completing a secure message exchange.
+ *
+ * @param clientSubject - A Subject that represents the recipient of the
+ * service response, or null. It may be used by the method
+ * implementation as the source of Principals or credentials
+ * to be used to validate the response. If the Subject is
+ * not null, the method implementation may add additional
+ * Principals or credentials (pertaining to the recipient
+ * of the service request) to the Subject.
+ *
+ * @param serviceSubject - A Subject that represents the source of the service
+ * response, or null. If the Subject is not null, the method
+ * implementation may add additional Principals or credentials
+ * (pertaining to the source of the service response) to the Subject.
* @return an AuthStatus object representing the completion status of the processing
* performed by the module.
* <ul>
@@ -130,7 +140,7 @@
* </ul>
* @throws AuthException
*/
- public AuthStatus validateResponse(AuthParam authParam, Subject client,
- Subject service, Map sharedState)
+ public AuthStatus validateResponse(MessageInfo messageInfo, Subject clientSubject,
+ Subject serviceSubject)
throws AuthException;
}
Added: projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/MessageInfo.java
===================================================================
--- projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/MessageInfo.java (rev 0)
+++ projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/MessageInfo.java 2007-07-12 21:12:52 UTC (rev 64016)
@@ -0,0 +1,81 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package javax.security.auth.message;
+
+import java.util.Map;
+
+//$Id$
+
+/**
+ * A message processing runtime uses this interface to pass messages and
+ * message processing state to authentication contexts for processing by
+ * authentication modules.
+ *
+ * This interface encapsulates a request message object and a response
+ * message object for a message exchange.
+ *
+ * This interface may also be used to associate additional context in the
+ * form of key/value pairs, with the encapsulated messages. Every implementation
+ * of this interface should provide a zero argument constructor, and a constructor
+ * which takes a single Map argument. Additional constructors may also be provided.
+ * @author Anil.Saldhana at redhat.com
+ * @author Charlie Lai, Ron Monzillo (Javadoc for JSR-196)
+ * @since Jul 10, 2007
+ * @version $Revision$
+ */
+public interface MessageInfo
+{
+ /**
+ * Get (a reference to) the Map object of this MessageInfo. Operations performed
+ * on the acquired Map must effect the Map within the MessageInfo.
+ * @return the Map object of this MessageInfo. This method never returns null.
+ * If a Map has not been associated with the MessageInfo, this method instantiates
+ * a Map, associates it with this MessageInfo, and then returns it.
+ */
+ Map getMap();
+
+ /**
+ * Get the request message object from this MessageInfo.
+ * @return An object representing the request message, or null if no request message
+ * is set within the MessageInfo.
+ */
+ Object getRequestMessage();
+
+ /**
+ * Get the response message object from this MessageInfo.
+ * @return an object representing the response message, or null if no response message
+ * is set within the MessageInfo.
+ */
+ Object getResponseMessage();
+
+ /**
+ * Set the request message object in this MessageInfo.
+ * @param request An object representing the request message.
+ */
+ void setRequestMessage(Object request);
+
+ /**
+ * Set the response message object in this MessageInfo.
+ * @param response An object representing the response message.
+ */
+ void setResponseMessage(Object response);
+}
Modified: projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/MessagePolicy.java
===================================================================
--- projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/MessagePolicy.java 2007-07-12 21:11:28 UTC (rev 64015)
+++ projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/MessagePolicy.java 2007-07-12 21:12:52 UTC (rev 64016)
@@ -22,6 +22,12 @@
package javax.security.auth.message;
/**
+ * This class defines a message authentication policy.
+ A ClientAuthContext uses this class to communicate (
+ at module initialization time) request and response
+ message protection policies to its ClientAuthModule objects.
+ A ServerAuthContext uses this class to communicate request
+ and response message protection policies to its ServerAuthModule objects.
* @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana at jboss.org</a>
* @author Charlie Lai, Ron Monzillo (Javadoc for JSR-196)</a>
* @since May 11, 2006
@@ -30,19 +36,23 @@
public class MessagePolicy
{
protected TargetPolicy[] targetPolicies = null;
+ private boolean mandatory;
/**
* Create a MessagePolicy instance with an array of target policies.
*
* @param targetPolicies an array of target policies.
+ * @param mandatory - A boolean value indicating whether the MessagePolicy
+ * is mandatory or optional.
* @throws IllegalArgumentException if the specified targetPolicies is null.
*/
- public MessagePolicy(TargetPolicy[] targetPolicies)
+ public MessagePolicy(TargetPolicy[] targetPolicies, boolean mandatory)
{
if( targetPolicies == null)
throw new IllegalArgumentException("specified targetPolicies is null");
- this.targetPolicies = targetPolicies;
+ this.targetPolicies = targetPolicies;
+ this.mandatory = mandatory;
}
/**
@@ -64,6 +74,11 @@
return this.targetPolicies;
}
+ public boolean isMandatory()
+ {
+ return this.mandatory;
+ }
+
/**
* This interface is implemented by objects that represent and perform message targeting
* on behalf of authentication modules.</p>
@@ -81,7 +96,7 @@
* @return an Object representing the target, or null when the target could not be found
* in the AuthParam.
*/
- public Object get(AuthParam authParam);
+ public Object get(MessageInfo messageInfo);
/**
* Put the Object into the AuthParam at the location identified by the target.
@@ -89,7 +104,7 @@
* into which the object is to be put.
* @param data
*/
- public void put(AuthParam authParam, Object data);
+ public void put(MessageInfo messageInfo, Object data);
/**
* Remove the Object identified by the Target from the AuthParam.
@@ -97,7 +112,7 @@
* @param authParam the AuthParam containing the request or response message from
* which the target is to be removed.
*/
- public void remove(AuthParam authParam);
+ public void remove(MessageInfo messageInfo);
}
public static class TargetPolicy
@@ -155,18 +170,27 @@
/**
* A URI fragment that represents a recipient entity authentication policy AUTHENTICATE_RECIPIENT_CONTENT
*/
- public static final String AUTHENTICATE_RECIPIENT = "http://jboss.org/security/auth/container/auth_recipient";
+ public static final String AUTHENTICATE_SENDER = "http://jboss.org/security/auth/container/auth_sender";
/**
* A URI fragment that represents a source entity authentication policy AUTHENTICATE_SOURCE_CONTENT
*/
- public static final String AUTHENTICATE_SOURCE = "http://jboss.org/security/auth/container/auth_source";
+ public static final String AUTHENTICATE_RECIPIENT = "http://jboss.org/security/auth/container/auth_recipient";
/**
* A URI fragment that represents a data origin authentication policy
*/
- public static final String AUTHENTICATE_SOURCE_CONTENT = "http://jboss.org/security/auth/container/auth_source_content";
+ public static final String AUTHENTICATE_CONTENT = "http://jboss.org/security/auth/container/auth_content";
+ /**
+ * Get the ProtectionPolicy identifier. An identifier may represent a
+ * conceptual protection policy (as is the case with the static identifiers
+ * defined within this interface) or it may identify a procedural policy expression
+ * or plan that may be more difficult to categorize in terms of a conceptual identifier.
+ * @return A String containing a policy identifier. This interface defines some
+ * policy identifier constants. Configuration systems may define and employ
+ * other policy identifiers values.
+ */
public String getID();
}
Modified: projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/ServerAuth.java
===================================================================
--- projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/ServerAuth.java 2007-07-12 21:11:28 UTC (rev 64015)
+++ projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/ServerAuth.java 2007-07-12 21:12:52 UTC (rev 64016)
@@ -21,8 +21,6 @@
*/
package javax.security.auth.message;
-import java.util.Map;
-
import javax.security.auth.Subject;
//$Id$
@@ -37,93 +35,113 @@
*/
public interface ServerAuth
{
+
/**
- * Remove module specific principals and credentials from the subject.
- * @param subject the Subject instance from which the Principals and credentials
- * are to be removed.
- * @param sharedState a Map for modules to save state across a sequence of calls from
- * validateRequest to secureResponse returning AuthStatus.PROCEED.
+ * Remove implementation specific principals and credentials from the subject.
+ * @param messageInfo - A contextual object that encapsulates the client request
+ * and server response objects, and that may be used to save
+ * state across a sequence of calls made to the methods of
+ * this interface for the purpose of completing a secure
+ * message exchange.
+ * @param subject - The Subject instance from which the Principals and credentials
+ * are to be removed.
* @throws AuthException if an error occurs during the Subject processing.
*/
- public void cleanSubject(Subject subject, Map sharedState)
+ public void cleanSubject( MessageInfo messageInfo, Subject subject)
throws AuthException;
/**
- * <p>Secure a service response before sending it to the client.</p>
- * <p>Sign and encrypt the response, for example.</p>
+ * <p>Secure a service request message before sending it to the service.</p>
*
- * @param authParam an authentication parameter that encapsulates the client
- * request and server response objects.
- * @param service a Subject that represents the source of the service response,
- * or null. It may be used by modules to retrieve Principals and
- * credentials necessary to secure the response. The module may
- * use a CallbackHandler to obtain any additional information
- * necessary to secure the response. Newly obtained information
- * may be stored back into the Subject object.
- * @param sharedState a Map for modules to save state across a sequence of calls
- * from validateRequest to secureResponse returning AuthStatus.PROCEED.
+ * <p>Sign and encrpt the service request, for example.</p>
+ *
+ * @param messageInfo - A contextual object that encapsulates the client request
+ * and server response objects, and that may be used to save
+ * state across a sequence of calls made to the methods of
+ * this interface for the purpose of completing a secure
+ * message exchange.
+ * @param serviceSubject - A Subject that represents the source of the service request,
+ * or null. It may be used by the method implementation as the
+ * source of Principals or credentials to be used to secure
+ * the request. If the Subject is not null, the method
+ * implementation may add additional Principals or credentials
+ * (pertaining to the source of the service request) to the Subject.
* @return an AuthStatus object representing the completion status of the processing
- * performed by the module.
- * <ul>
- * <li>AuthStatus.PROCEED returned when the application response
- * message was successfully secured. The runtime may proceed to
- * send the response message. returned in AuthParam.</li>
- * <li>AuthStatus.RETRY returned when the module replaces the
- * application response message with an mechanism specific message
- * to be sent in advance of the application message. The runtime
- * should send the response message returned in AuthParam.</li>
- * <li>AuthStatus.ERROR returned when the processing by the module
- * failed and indicates that the module has defined an appropriate
- * error response message in the AuthParam. The runtime may send
- * the response message returned in AuthParam.</li>
- * </ul>
- * @throws AuthException
+ * performed by the module.
+ * <ul>
+ * <li>AuthStatus.PROCEED returned when the application request message
+ * was successfully secured. The runtime may proceed to send the
+ * request message. returned in AuthParam.</li>
+ * <li>AuthStatus.RETRY returned when the module replaces the application
+ * request message with an mechanism specific message to be sent in
+ * advance of the application message. The runtime should throw an
+ * exception if it is unable to process the rety. Otherwise, the
+ * runtime should send the request message returned in AuthParam
+ * (and without calling secureRequest).</li>
+ * <li>AuthStatus.ERROR returned when the processing by the module failed
+ * and indicates that the module has defined an appropriate error request
+ * message in the AuthParam. The runtime may send the request message
+ * returned in AuthParam (without calling SecureRequest), and must
+ * discontinue its processing of the application request.</li>
+ * </ul>
+ * @throws AuthException when the module wishes to signal a failure in securing
+ * the request and without establishing a corresponding error request
+ * message. The runtime must discontinue its processing of the message
+ * exchange.
*/
- public AuthStatus secureResponse(AuthParam authParam, Subject service, Map sharedState)
+ public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject)
throws AuthException;
/**
- * <p>Authenticate a received service request.</p>
- * <p>Decrypt content and verify a signature on a request, for example.</p>
+ * <p>Validate a received service response.</p>
*
- * @param authParam an authentication parameter that encapsulates the client
- * request and server response objects.
- * @param client a Subject that represents the source of the service request.
- * It is used by modules to store Principals and credentials
- * validated in the request.
- * @param service a Subject that represents the recipient of the service request,
- * or null. It may be used by modules to retrieve Principals and
- * credentials necessary to validate the request. The module may
- * use a CallbackHandler to obtain any additional information
- * necessary to validate the response. Newly obtained information
- * may be stored back into the Subject object.
- * @param sharedState a Map for modules to save state across a sequence of calls from
- * <i>validateRequest</i> to <i>secureResponse</i>
- * returning AuthStatus.PROCEED.
+ * <p>This method is called to transform the mechanism-specific response message
+ * acquired by calling getResponseMessage (on messageInfo) into the validated
+ * application message to be returned to the message processing runtime. If
+ * the response message is a (mechanism-specific) meta-message, the method
+ * implementation must attempt to transform the meta-message into the next
+ * mechanism-specific request message to be sent by the runtime.</p>
+ *
+ * @param messageInfo - A contextual object that encapsulates the client
+ * request and server response objects, and that may be
+ * used to save state across a sequence of calls made to
+ * the methods of this interface for the purpose of
+ * completing a secure message exchange.
+ *
+ * @param clientSubject - A Subject that represents the recipient of the
+ * service response, or null. It may be used by the method
+ * implementation as the source of Principals or credentials
+ * to be used to validate the response. If the Subject is
+ * not null, the method implementation may add additional
+ * Principals or credentials (pertaining to the recipient
+ * of the service request) to the Subject.
+ *
+ * @param serviceSubject - A Subject that represents the source of the service
+ * response, or null. If the Subject is not null, the method
+ * implementation may add additional Principals or credentials
+ * (pertaining to the source of the service response) to the Subject.
* @return an AuthStatus object representing the completion status of the processing
- * performed by the module.
- * <ul>
- * <li>AuthStatus.PROCEED returned when the validation of the
- * application message succeded. The runtime may proceed to process
- * the request message in the AuthParam.</li>
- * <li>AuthStatus.RETRY returned when the message validation
- * succeded, but when the validated message was sent in advance of
- * either the application message or the security credentials.
- * This return value indicates that the message authentication was
- * not completed. If the runtimes request processing policy
- * requires that the authentication be completed, the runtime must
- * not proceed to process the request message in the AuthParam, and
- * should send the response message returned in the AuthParam (and
- * without calling secureResponse).</li>
- * <li>AuthStatus.ERROR returned when the validation failed and
- * indicates that the module has defined an appropriate error
- * response message in the AuthParam. The runtime must not proceed
- * to process the request message in the AuthParam, and may send
- * the response message returned in AuthParam (and without calling
- * secureResponse).</li>
- * </ul>
+ * performed by the module.
+ * <ul>
+ * <li>AuthStatus.PROCEED returned when the validation of the application
+ * response message succeded. The runtime may proceed to return the
+ * response message in the AuthParam to the application.</li>
+ * <li>AuthStatus.RETRY returned when the message validation succeded, but
+ * when the validated message is a mechanism specific message sent in
+ * advance of the application message. The runtime must not proceed to
+ * process the response message in the AuthParam. The runtime should
+ * throw an exception if it is unable to process the retry. Otherwise,
+ * it should send the request message returned in AuthParam (and without
+ * calling secureRequest).</li>
+ * <li>AuthStatus.ERROR returned when the validation failed and indicates
+ * that the module has defined an appropriate error request message in
+ * the AuthParam. The runtime must not proceed to process the response
+ * message in the AuthParam, and may send the request message returned in
+ * AuthParam (and without calling secureRequest).</li>
+ * </ul>
* @throws AuthException
*/
- public AuthStatus validateRequest(AuthParam authParam, Subject client,
- Subject service, Map sharedState) throws AuthException;
+ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject,
+ Subject serviceSubject)
+ throws AuthException;
}
Added: projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/callback/CallerPrincipalCallback.java
===================================================================
--- projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/callback/CallerPrincipalCallback.java (rev 0)
+++ projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/callback/CallerPrincipalCallback.java 2007-07-12 21:12:52 UTC (rev 64016)
@@ -0,0 +1,69 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package javax.security.auth.message.callback;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+
+//$Id$
+
+/**
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 11, 2007
+ * @version $Revision$
+ */
+public class CallerPrincipalCallback implements Callback
+{
+ private Subject subject;
+ private Principal principal;
+ private String name;
+
+ public CallerPrincipalCallback(javax.security.auth.Subject s, java.security.Principal p)
+ {
+ this.subject = s;
+ this.principal = p;
+ }
+
+ public CallerPrincipalCallback(javax.security.auth.Subject s, java.lang.String n)
+ {
+ this.subject = s;
+ this.name = n;
+ }
+
+ public String getName()
+ {
+ return this.name;
+ }
+
+ public Principal getPrincipal()
+ {
+ return this.principal;
+ }
+
+ public Subject getSubject()
+ {
+ return this.subject;
+ }
+}
Added: projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/callback/GroupPrincipalCallback.java
===================================================================
--- projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/callback/GroupPrincipalCallback.java (rev 0)
+++ projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/callback/GroupPrincipalCallback.java 2007-07-12 21:12:52 UTC (rev 64016)
@@ -0,0 +1,55 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package javax.security.auth.message.callback;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+
+//$Id$
+
+/**
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 11, 2007
+ * @version $Revision$
+ */
+public class GroupPrincipalCallback implements Callback
+{
+ private Subject subject;
+ private String[] groups;
+
+ public GroupPrincipalCallback(javax.security.auth.Subject s, java.lang.String[] g)
+ {
+ this.subject = s;
+ this.groups = g;
+ }
+
+ public String[] getGroups()
+ {
+ return this.groups;
+ }
+
+ public Subject getSubject()
+ {
+ return this.subject;
+ }
+}
Modified: projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/callback/PasswordValidationCallback.java
===================================================================
--- projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/callback/PasswordValidationCallback.java 2007-07-12 21:11:28 UTC (rev 64015)
+++ projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/callback/PasswordValidationCallback.java 2007-07-12 21:12:52 UTC (rev 64016)
@@ -21,6 +21,7 @@
*/
package javax.security.auth.message.callback;
+import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
//$Id$
@@ -38,6 +39,7 @@
private char[] password;
private boolean resultOfAuthentication = false;
+ private Subject subject;
/**
* Create a new PasswordValidationCallback.
@@ -45,8 +47,9 @@
* @param username the username to authenticate
* @param password the users password, which may be null.
*/
- public PasswordValidationCallback(String username, char[] password)
+ public PasswordValidationCallback(Subject subject, String username, char[] password)
{
+ this.subject = subject;
this.username = username;
this.password = password;
}
@@ -72,6 +75,11 @@
return this.password;
}
+ public Subject getSubject()
+ {
+ return this.subject;
+ }
+
/**
* Get the authentication result.
* @return true if authentication succeeded, false otherwise
Modified: projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/AuthConfig.java
===================================================================
--- projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/AuthConfig.java 2007-07-12 21:11:28 UTC (rev 64015)
+++ projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/AuthConfig.java 2007-07-12 21:12:52 UTC (rev 64016)
@@ -22,7 +22,7 @@
package javax.security.auth.message.config;
import javax.security.auth.message.AuthException;
-import javax.security.auth.message.AuthParam;
+import javax.security.auth.message.MessageInfo;
//$Id$
@@ -44,8 +44,10 @@
* object or null if the configuration object pertains to an unspecified
* application context.
*/
- String getContextID();
+ String getAppContext();
+ String getAuthContextID(MessageInfo messageInfo);
+
/**
* Get the message layer name of this authentication context configuration object.
* @return the message layer name of this configuration object, or null if the
@@ -53,19 +55,7 @@
*/
String getMessageLayer();
- /**
- * Get the operation identifier corresponding to the request and response objects
- * encapsulated in authParam.
- *
- * @param authParam an AuthParam containing the messages for which the corresponding
- * operation is to be determined.
- * @return the operation identifier related to the encapsulated request and response
- * objects, or null.
- * @throws java.lang.IllegalArgumentException - if the type of the message objects
- * incorporated in authParam are not compatible with the message types
- * supported by this authentication context configuration object.
- */
- String getOperation(AuthParam authParam);
+ boolean isProtected();
/**
* Causes a dynamic anthentication context configuration object to update its internal
Modified: projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/AuthConfigFactory.java
===================================================================
--- projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/AuthConfigFactory.java 2007-07-12 21:11:28 UTC (rev 64015)
+++ projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/AuthConfigFactory.java 2007-07-12 21:12:52 UTC (rev 64016)
@@ -86,7 +86,7 @@
private static final String FACTORY_PROP = "authconfigprovider.factory";
/** The default AuthConfigFactory implementation */
- private static final String DEFAULT_FACTORY_NAME =
+ static final String DEFAULT_FACTORY_SECURITY_PROPERTY =
"org.jboss.security.auth.message.config.JBossAuthConfigFactory";
public AuthConfigFactory()
@@ -236,6 +236,9 @@
public abstract String registerConfigProvider( String className, Map properties,String layer,
String appContext, String description) throws AuthException, SecurityException;
+ public abstract java.lang.String registerConfigProvider(AuthConfigProvider provider,
+ String layer, String appContext, String description);
+
public abstract boolean removeRegistration( String registrationID);
public static void setFactory(AuthConfigFactory factory)
@@ -271,33 +274,12 @@
* was registered. the returned value may be null.
*/
String getMessageLayer();
+
+ public boolean isPersistent();
}
- /**
- * <p>A Listener that may associated with a provider registration by a user
- * of the registration. The Listener will be notified if the corresponding
- * provider is unregistered or replaced.</p>
- */
- public static interface RegistrationListener
- {
- /**
- * Notify the listener that a registration with which it was associated, was
- * replaced or unregistered. When a RegistrationListener is associated with a
- * provider registration within the factory, the factory must call its notify
- * method when the corresponding registration is unregistered or replaced.
- *
- * @param layer a String identifying the message layer(s) corresponding to
- * registration for which the listerner is being notified.
- * @param appContext a String value identifying the application context(s)
- * corresponding to registration for which the listerner is being
- * notified. The factory detaches the listener from the
- * corresponding registration once the listener has been notified
- * for the registration. The detachListerner method must be called
- * to detach listeners that are no longer in use.
- */
- public void notify( String layer, String appContext);
- }
+
/** A PrivilegedExceptionAction that looks up the class name identified
* by the authcontextfactory.provider system property and loads the class
* using the thread context class loader.
@@ -316,7 +298,7 @@
if( name == null )
{
// Use the default factory impl
- name = DEFAULT_FACTORY_NAME;
+ name = DEFAULT_FACTORY_SECURITY_PROPERTY;
}
ClassLoader loader = Thread.currentThread().getContextClassLoader();
Class factoryClass = loader.loadClass(name);
Modified: projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/ClientAuthConfig.java
===================================================================
--- projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/ClientAuthConfig.java 2007-07-12 21:11:28 UTC (rev 64015)
+++ projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/ClientAuthConfig.java 2007-07-12 21:12:52 UTC (rev 64016)
@@ -23,6 +23,7 @@
import java.util.Map;
+import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
//$Id$
@@ -73,6 +74,7 @@
* operation, or null (indicating that no modules are configured).
* @throws AuthException if this operation fails.
*/
- public ClientAuthContext getAuthContext( String operation, Map properties)
- throws AuthException;
+ public ClientAuthContext getAuthContext(String authContextID,
+ Subject clientSubject, Map properties)
+ throws AuthException;
}
Added: projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/RegistrationListener.java
===================================================================
--- projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/RegistrationListener.java (rev 0)
+++ projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/RegistrationListener.java 2007-07-12 21:12:52 UTC (rev 64016)
@@ -0,0 +1,50 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package javax.security.auth.message.config;
+
+/**
+ * <p>A Listener that may associated with a provider registration by a user
+ * of the registration. The Listener will be notified if the corresponding
+ * provider is unregistered or replaced.</p>
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 10, 2007
+ * @version $Revision$
+ */
+public interface RegistrationListener
+{
+ /**
+ * Notify the listener that a registration with which it was associated, was
+ * replaced or unregistered. When a RegistrationListener is associated with a
+ * provider registration within the factory, the factory must call its notify
+ * method when the corresponding registration is unregistered or replaced.
+ *
+ * @param layer a String identifying the message layer(s) corresponding to
+ * registration for which the listerner is being notified.
+ * @param appContext a String value identifying the application context(s)
+ * corresponding to registration for which the listerner is being
+ * notified. The factory detaches the listener from the
+ * corresponding registration once the listener has been notified
+ * for the registration. The detachListerner method must be called
+ * to detach listeners that are no longer in use.
+ */
+ public void notify( String layer, String appContext);
+}
Modified: projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/ServerAuthConfig.java
===================================================================
--- projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/ServerAuthConfig.java 2007-07-12 21:11:28 UTC (rev 64015)
+++ projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/config/ServerAuthConfig.java 2007-07-12 21:12:52 UTC (rev 64016)
@@ -23,6 +23,7 @@
import java.util.Map;
+import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
/**
@@ -72,6 +73,6 @@
* given operation, or null (indicating that no modules are configured).
* @throws AuthException if this operation fails.
*/
- public ServerAuthContext getAuthContext(String operation, Map properties)
- throws AuthException;
+ public ServerAuthContext getAuthContext(String authContextID,
+ Subject serviceSubject, Map properties) throws AuthException;
}
Modified: projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/module/ClientAuthModule.java
===================================================================
--- projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/module/ClientAuthModule.java 2007-07-12 21:11:28 UTC (rev 64015)
+++ projects/javaee/trunk/jboss-jaspi-api/src/main/javax/security/auth/message/module/ClientAuthModule.java 2007-07-12 21:12:52 UTC (rev 64016)
@@ -57,7 +57,7 @@
* module will attempt to support any message type. This method never
* returns null.
*/
- public java.lang.Class[] getSupportedMessageTypes();
+ public Class[] getSupportedMessageTypes();
/**
* <p>Initialize this module with request and response message policies to
More information about the jboss-cvs-commits
mailing list