[jboss-cvs] JBossAS SVN: r66507 - in projects/security/security-docs/trunk/docs/guide: en and 1 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Oct 26 18:06:05 EDT 2007
Author: anil.saldhana at jboss.com
Date: 2007-10-26 18:06:05 -0400 (Fri, 26 Oct 2007)
New Revision: 66507
Added:
projects/security/security-docs/trunk/docs/guide/en/modules/identitytrustcontext.xml
projects/security/security-docs/trunk/docs/guide/en/modules/identitytrustmgr.xml
Modified:
projects/security/security-docs/trunk/docs/guide/en/jbosssecurity.xml
projects/security/security-docs/trunk/docs/guide/en/modules/authenticationmgr.xml
projects/security/security-docs/trunk/docs/guide/en/modules/authorizationmgr.xml
projects/security/security-docs/trunk/docs/guide/pom.xml
Log:
2.0.1.GA updates
Modified: projects/security/security-docs/trunk/docs/guide/en/jbosssecurity.xml
===================================================================
--- projects/security/security-docs/trunk/docs/guide/en/jbosssecurity.xml 2007-10-26 20:25:36 UTC (rev 66506)
+++ projects/security/security-docs/trunk/docs/guide/en/jbosssecurity.xml 2007-10-26 22:06:05 UTC (rev 66507)
@@ -8,6 +8,8 @@
<!ENTITY auditmgr SYSTEM "modules/auditmgr.xml">
<!ENTITY securitycache SYSTEM "modules/securitycache.xml">
<!ENTITY securityclient SYSTEM "modules/securityclient.xml">
+<!ENTITY identitytrustmgr SYSTEM "modules/identitytrustmgr.xml">
+<!ENTITY identitytrustcontext SYSTEM "modules/identitytrustcontext.xml">
<!ENTITY defaultimpl SYSTEM "modules/impl/defaultimpl.xml">
<!ENTITY securityconfiguration SYSTEM "modules/impl/securityconfiguration.xml">
@@ -27,7 +29,7 @@
<subtitle>A guide for JEMS Projects as well as thirdparty
integrators</subtitle>
- <releaseinfo>2.0</releaseinfo>
+ <releaseinfo>2.0.1.GA</releaseinfo>
</bookinfo>
<toc></toc>
@@ -64,7 +66,13 @@
&auditmgr;
+ &identitytrustmgr;
+
+ &identitytrustcontext;
+
+<!--
&securitycache;
+-->
&securityclient;
Modified: projects/security/security-docs/trunk/docs/guide/en/modules/authenticationmgr.xml
===================================================================
--- projects/security/security-docs/trunk/docs/guide/en/modules/authenticationmgr.xml 2007-10-26 20:25:36 UTC (rev 66506)
+++ projects/security/security-docs/trunk/docs/guide/en/modules/authenticationmgr.xml 2007-10-26 22:06:05 UTC (rev 66507)
@@ -11,6 +11,7 @@
import java.security.Principal;
import java.util.Map;
import javax.security.auth.Subject;
+import javax.security.auth.message.MessageInfo;
/** The AuthenticationManager is responsible for validating credentials
* associated with principals.
@@ -57,6 +58,15 @@
boolean isValid(Principal principal, Object credential,
Subject activeSubject);
+ /**
+ * Authenticate a Subject given the request response JSR-196(JASPI) messages
+ * @param requestMessage
+ * @param clientSubject Pre-created or null subject
+ * @param layer Message Layer for the JASPI (Optional): Default: HTTP
+ * @return true if client subject is valid, false otherwise
+ */
+ boolean isValid(MessageInfo requestMessage, Subject clientSubject, String layer);
+
/** Get the currently authenticated subject. Historically implementations of
AuthenticationManager isValid methods had the side-effect of setting the
active Subject. This caused problems with multi-threaded usecases where the
@@ -89,4 +99,7 @@
<para>The getActiveSubject is a deprecated api to determine the
subject.</para>
+
+ <para>There is a method to validate based on JSR-196 specification. The
+ isValid method take a MessageInfo object.</para>
</chapter>
\ No newline at end of file
Modified: projects/security/security-docs/trunk/docs/guide/en/modules/authorizationmgr.xml
===================================================================
--- projects/security/security-docs/trunk/docs/guide/en/modules/authorizationmgr.xml 2007-10-26 20:25:36 UTC (rev 66506)
+++ projects/security/security-docs/trunk/docs/guide/en/modules/authorizationmgr.xml 2007-10-26 22:06:05 UTC (rev 66507)
@@ -174,4 +174,49 @@
*/
Object getPolicy(String contextID, Map contextMap);
}</programlisting>
+
+ <para>There is a Resource interface identifying resources that need
+ authorization.</para>
+
+ <programlisting> * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.authorization;
+
+import java.util.Map;
+
+/**
+ * Resource that is subject to Authorization Decisions
+ * @author <a href="mailto:Anil.Saldhana at jboss.org">Anil Saldhana</a>
+ * @version $Revision$
+ */
+public interface Resource
+{
+ //Get the Layer (Web/EJB etc)
+ public ResourceType getLayer();
+
+ //Return the contextual map
+ public Map getMap();
+}</programlisting>
+
+ <para>For example, the EJB Container authorization makes use of a resource
+ called as EJBResource and the Web Container will make use of
+ WebResource.</para>
</chapter>
\ No newline at end of file
Added: projects/security/security-docs/trunk/docs/guide/en/modules/identitytrustcontext.xml
===================================================================
--- projects/security/security-docs/trunk/docs/guide/en/modules/identitytrustcontext.xml (rev 0)
+++ projects/security/security-docs/trunk/docs/guide/en/modules/identitytrustcontext.xml 2007-10-26 22:06:05 UTC (rev 66507)
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<chapter id="identitytrustcontext">
+ <title>Identity Trust Context</title>
+
+ <para>IdentityTrust Context is an encapsulation of the IdentityTrust
+ modules.</para>
+
+ <programlisting>package org.jboss.security.identitytrust;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.jboss.security.SecurityContext;
+import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
+
+//$Id$
+
+/**
+ * Identity Trust Context that encloses multiple
+ * IdentityTrustModules making trust decisions
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 2, 2007
+ * @version $Revision$
+ */
+public abstract class IdentityTrustContext
+{
+ protected TrustDecision DENY = TrustDecision.Deny;
+ protected TrustDecision PERMIT = TrustDecision.Permit;
+ protected TrustDecision NOTAPPLICABLE = TrustDecision.NotApplicable;
+
+ /**
+ * Security Context On which the Trust Context needs
+ * to make a decision on. The security domain driving this
+ * security context need not be the same as the one for this Trust Context
+ */
+ protected SecurityContext securityContext;
+
+ /**
+ * Any Callback Handler
+ */
+ protected CallbackHandler callbackHandler;
+
+ /**
+ * Shared State between trust modules
+ */
+ protected Map sharedState = new HashMap();
+
+ /**
+ * Security Domain of the Identity Trust Context
+ */
+ protected String securityDomain;
+
+ /**
+ * List of Identity Trust Modules
+ */
+ protected List<IdentityTrustModule> modules = new ArrayList<IdentityTrustModule>();
+
+ /**
+ * Control Flags for the individual modules
+ */
+ protected ArrayList controlFlags = new ArrayList();
+
+ /**
+ * Make a trust decision
+ * @return {@link TrustDecision#Deny},{@link TrustDecision#NotApplicable},
+ * {@link TrustDecision#Permit}
+ * @throws IdentityTrustException
+ */
+ public abstract TrustDecision isTrusted() throws IdentityTrustException;
+}</programlisting>
+
+ <para>The context contains a list of modules that perform the trust
+ decision.</para>
+</chapter>
\ No newline at end of file
Added: projects/security/security-docs/trunk/docs/guide/en/modules/identitytrustmgr.xml
===================================================================
--- projects/security/security-docs/trunk/docs/guide/en/modules/identitytrustmgr.xml (rev 0)
+++ projects/security/security-docs/trunk/docs/guide/en/modules/identitytrustmgr.xml 2007-10-26 22:06:05 UTC (rev 66507)
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<chapter id="identitytrustmgr">
+ <title>Identity Trust Manager</title>
+
+ <para>IdentityTrust Manager is an interface that provides the capability to
+ do pluggable identity trust validation. It is obtainable from the
+ SecurityContext.</para>
+
+ <programlisting>/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.identitytrust;
+
+import org.jboss.security.BaseSecurityManager;
+import org.jboss.security.SecurityContext;
+
+//$Id$
+
+/**
+ * Interface representing the trust manager
+ * for determining Identity
+ * @author Anil.Saldhana at redhat.com
+ * @version $Revision$
+ */
+public interface IdentityTrustManager extends BaseSecurityManager
+{
+ public enum TrustDecision{Permit,Deny,NotApplicable};
+
+ /**
+ * Make a Trust Decision on a security context
+ * @param securityContext Security Context on which to act on
+ * @return
+ */
+ TrustDecision isTrusted(SecurityContext securityContext);
+}</programlisting>
+
+ <para>The IdentityTrustManager interface can take in a security context and
+ make trust based decisions. The trust decision is either PERMIT (which means
+ the framework has trusted the identity completely and can bypass
+ authentication), DENY (which acts as a virtual firewall) and
+ NOTAPPLICABLE(which basically means that the framework is unable to process
+ the security context for trust and the process needs to be passed further,
+ primarily to the authentication phase).</para>
+
+ <para>The implementations are free to utlize IdentityTrustModules to make
+ the trust decision.</para>
+</chapter>
\ No newline at end of file
Modified: projects/security/security-docs/trunk/docs/guide/pom.xml
===================================================================
--- projects/security/security-docs/trunk/docs/guide/pom.xml 2007-10-26 20:25:36 UTC (rev 66506)
+++ projects/security/security-docs/trunk/docs/guide/pom.xml 2007-10-26 22:06:05 UTC (rev 66507)
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>jboss</groupId>
<artifactId>security-docs</artifactId>
- <version>2.0.1-BETA2</version>
+ <version>2.0.1.GA</version>
<packaging>pom</packaging>
<name>JBoss Security User Guide</name>
<description>The JBoss Security User Guide</description>
@@ -56,7 +56,7 @@
<includes>jbosssecurity.xml</includes>
<!-- use separate pages per chapter for HTML -->
- <chunkedOutput>true</chunkedOutput>
+ <chunkedOutput>false</chunkedOutput>
<entities>
<entity>
More information about the jboss-cvs-commits
mailing list