org.jboss.soa.esb.services.security
Class SecurityContext

java.lang.Object
  extended by org.jboss.soa.esb.services.security.SecurityContext
All Implemented Interfaces:
java.io.Serializable

public final class SecurityContext
extends java.lang.Object
implements java.io.Serializable

Security Context contains security related information.

Note that even though a Subject object instance is serialiable, its private and public credentials are not(they are transient).

Also not that the Principal interface is not serializable but all implemenations should be.

When created a SecurityContext will be given a timeout argument which is the time in milliseconds after which the context is considered invalid.

Since:
4.4
Author:
Daniel Bevenius
See Also:
Serialized Form

Constructor Summary
SecurityContext()
          Creates a SecurityContext with a default Subject.
SecurityContext(javax.security.auth.Subject subject)
          Creates a SecurityContext associating the passed in Subject with it.
SecurityContext(javax.security.auth.Subject subject, long timeout)
          Creates a SecurityContext associating the passed in Subject with it.
 
Method Summary
 boolean compareTo(AuthenticationRequest authrequest)
          Will check if the passed in AuthenticationRequest contains the same security information (Principal and credentials) as the this context.
static SecurityContext decryptContext(javax.crypto.SealedObject sealedObject)
           
static javax.crypto.SealedObject encryptContext(SecurityContext context)
           
static long getConfigurationTimeout()
          Get the globally configured security context timeout.
static javax.crypto.SealedObject getSecurityContext()
           
 javax.security.auth.Subject getSubject()
           
 long getTimeOfCreation()
           
 long getTimeout()
          Timeout if milliseconds.
 boolean isCallerInRole(java.lang.String roleName)
           
 boolean isValid()
           
static void setSecurityContext(javax.crypto.SealedObject sealedObject)
           
 java.lang.String toString()
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

SecurityContext

public SecurityContext()
Creates a SecurityContext with a default Subject.


SecurityContext

public SecurityContext(javax.security.auth.Subject subject)
Creates a SecurityContext associating the passed in Subject with it.

Parameters:
subject - The Subject that is to be associated with this security context.

SecurityContext

public SecurityContext(javax.security.auth.Subject subject,
                       long timeout)
Creates a SecurityContext associating the passed in Subject with it.

Parameters:
subject - The Subject that is to be associated with this security context.
timeout - A timeout which specifies how long this Security Context is valid for. Must be a positiv value.
Method Detail

isCallerInRole

public boolean isCallerInRole(java.lang.String roleName)

compareTo

public boolean compareTo(AuthenticationRequest authrequest)
Will check if the passed in AuthenticationRequest contains the same security information (Principal and credentials) as the this context.

Parameters:
authrequest - - the authentication request to compare
Returns:
true - if this security context has the same principal and credentials as the passed in authentication request.

getTimeOfCreation

public long getTimeOfCreation()

getTimeout

public long getTimeout()
Timeout if milliseconds.

Returns:
long The timeout (ms) for this security context.

isValid

public boolean isValid()

getSubject

public javax.security.auth.Subject getSubject()

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object

decryptContext

public static SecurityContext decryptContext(javax.crypto.SealedObject sealedObject)
                                      throws SecurityServiceException
Throws:
SecurityServiceException

encryptContext

public static javax.crypto.SealedObject encryptContext(SecurityContext context)
                                                throws SecurityServiceException
Throws:
SecurityServiceException

getConfigurationTimeout

public static long getConfigurationTimeout()
                                    throws SecurityServiceException
Get the globally configured security context timeout.

Returns:
the configuration context timeout
Throws:
SecurityServiceException

setSecurityContext

public static void setSecurityContext(javax.crypto.SealedObject sealedObject)

getSecurityContext

public static javax.crypto.SealedObject getSecurityContext()