Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS (src)    NEXT CLASS (src) FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jboss.security
Class SecurityAssociation

java.lang.Object
  extended byorg.jboss.security.SecurityAssociation
public final class SecurityAssociation
extends java.lang.Object

The SecurityAssociation class maintains the security principal and credentials. This can be done on either a singleton basis or a thread local basis depending on the server property. When the server property has been set to true, the security information is maintained in thread local storage. The type of thread local storage depends on the org.jboss.security.SecurityAssociation.ThreadLocal property. If this property is true, then the thread local storage object is of type java.lang.ThreadLocal which results in the current thread's security information NOT being propagated to child threads. When the property is false or does not exist, the thread local storage object is of type java.lang.InheritableThreadLocal, and any threads spawned by the current thread will inherit the security information of the current thread. Subseqent changes to the current thread's security information are NOT propagated to any previously spawned child threads. When the server property is false, security information is maintained in class variables which makes the information available to all threads within the current VM. Note that this is not a public API class. Its an implementation detail that is subject to change without notice.

Nested Class Summary
static class SecurityAssociation.SubjectContext (src)
          The encapsulation of the authenticated subject
 
Constructor Summary
SecurityAssociation()
           
 
Method Summary
static void clear()
          Clear all principal information.
static java.security.Principal getCallerPrincipal()
          Get the caller's principal information.
static java.lang.Object getContextInfo(java.lang.Object key)
          Get the current thread context info.
static java.lang.Object getCredential()
          Get the current principal credential information.
static java.security.Principal getPrincipal()
          Get the current principal information.
static javax.security.auth.Subject getSubject()
          Get the current Subject information.
static RunAsIdentity (src) peekRunAsIdentity()
          Look at the current thread of control's run-as identity on the top of the stack.
static RunAsIdentity (src) peekRunAsIdentity(int depth)
          Look at the current thread of control's run-as identity at the indicated depth.
static RunAsIdentity (src) popRunAsIdentity()
          Pop the current thread of control's run-as identity.
static SecurityAssociation.SubjectContext (src) popSubjectContext()
          Pop the current SubjectContext from the previous pushSubjectContext call and return the pushed SubjectContext ig there was one.
static void pushRunAsIdentity(RunAsIdentity (src)  runAs)
          Push the current thread of control's run-as identity.
static void pushSubjectContext(javax.security.auth.Subject subject, java.security.Principal principal, java.lang.Object credential)
          Push the current authenticated context.
static java.lang.Object setContextInfo(java.lang.Object key, java.lang.Object value)
          Set the current thread context info.
static void setCredential(java.lang.Object credential)
          Set the current principal credential information.
static void setPrincipal(java.security.Principal principal)
          Set the current principal information.
static void setServer()
          Set the server mode of operation.
static void setSubject(javax.security.auth.Subject subject)
          Set the current Subject information.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SecurityAssociation

public SecurityAssociation()
Method Detail

getPrincipal

public static java.security.Principal getPrincipal()
Get the current principal information. If a security manager is present, then this method calls the security manager's checkPermission method with a RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo") permission to ensure it's ok to access principal information. If not, a SecurityException will be thrown.

Returns:
Principal, the current principal identity.

getCallerPrincipal

public static java.security.Principal getCallerPrincipal()
Get the caller's principal information. If a security manager is present, then this method calls the security manager's checkPermission method with a RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo") permission to ensure it's ok to access principal information. If not, a SecurityException will be thrown.

Returns:
Principal, the current principal identity.

getCredential

public static java.lang.Object getCredential()
Get the current principal credential information. This can be of any type including: a String password, a char[] password, an X509 cert, etc. If a security manager is present, then this method calls the security manager's checkPermission method with a RuntimePermission("org.jboss.security.SecurityAssociation.getPrincipalInfo") permission to ensure it's ok to access principal information. If not, a SecurityException will be thrown.

Returns:
Object, the credential that proves the principal identity.

getSubject

public static javax.security.auth.Subject getSubject()
Get the current Subject information. If a security manager is present, then this method calls the security manager's checkPermission method with a RuntimePermission("org.jboss.security.SecurityAssociation.getSubject") permission to ensure it's ok to access principal information. If not, a SecurityException will be thrown. Note that this method does not consider whether or not a run-as identity exists. For access to this information see the JACC PolicyContextHandler registered under the key "javax.security.auth.Subject.container"

Returns:
Subject, the current Subject identity.
See Also:
PolicyContext.getContext(String)

setPrincipal

public static void setPrincipal(java.security.Principal principal)
Set the current principal information. If a security manager is present, then this method calls the security manager's checkPermission method with a RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo") permission to ensure it's ok to access principal information. If not, a SecurityException will be thrown.

Parameters:
principal - - the current principal identity.

setCredential

public static void setCredential(java.lang.Object credential)
Set the current principal credential information. This can be of any type including: a String password, a char[] password, an X509 cert, etc. If a security manager is present, then this method calls the security manager's checkPermission method with a RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo") permission to ensure it's ok to access principal information. If not, a SecurityException will be thrown.

Parameters:
credential - - the credential that proves the principal identity.

setSubject

public static void setSubject(javax.security.auth.Subject subject)
Set the current Subject information. If a security manager is present, then this method calls the security manager's checkPermission method with a RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo") permission to ensure it's ok to access principal information. If not, a SecurityException will be thrown.

Parameters:
subject - - the current identity.

getContextInfo

public static java.lang.Object getContextInfo(java.lang.Object key)
Get the current thread context info. If a security manager is present, then this method calls the security manager's checkPermission method with a RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo", "get") permission to ensure it's ok to access context information. If not, a SecurityException will be thrown.

Parameters:
key - - the context key
Returns:
the mapping for the key in the current thread context

setContextInfo

public static java.lang.Object setContextInfo(java.lang.Object key,
                                              java.lang.Object value)
Set the current thread context info. If a security manager is present, then this method calls the security manager's checkPermission method with a RuntimePermission("org.jboss.security.SecurityAssociation.accessContextInfo", "set") permission to ensure it's ok to access context information. If not, a SecurityException will be thrown.

Parameters:
key - - the context key
value - - the context value to associate under key
Returns:
the previous mapping for the key if one exists

pushSubjectContext

public static void pushSubjectContext(javax.security.auth.Subject subject,
                                      java.security.Principal principal,
                                      java.lang.Object credential)
Push the current authenticated context. This sets the authenticated subject along with the principal and proof of identity that was used to validate the subject. This context is used for authorization checks. Typically just the subject as seen by getSubject() is input into the authorization. When run under a security manager this requires the RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo") permission.

Parameters:
subject - - the authenticated subject
principal - - the principal that was input into the authentication
credential - - the credential that was input into the authentication

popSubjectContext

public static SecurityAssociation.SubjectContext (src)  popSubjectContext()
Pop the current SubjectContext from the previous pushSubjectContext call and return the pushed SubjectContext ig there was one. When run under a security manager this requires the RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo") permission.

Returns:
the SubjectContext pushed previously by a pushSubjectContext call

clear

public static void clear()
Clear all principal information. If a security manager is present, then this method calls the security manager's checkPermission method with a RuntimePermission("org.jboss.security.SecurityAssociation.setPrincipalInfo") permission to ensure it's ok to access principal information. If not, a SecurityException will be thrown.

pushRunAsIdentity

public static void pushRunAsIdentity(RunAsIdentity (src)  runAs)
Push the current thread of control's run-as identity.

popRunAsIdentity

public static RunAsIdentity (src)  popRunAsIdentity()
Pop the current thread of control's run-as identity.

peekRunAsIdentity

public static RunAsIdentity (src)  peekRunAsIdentity()
Look at the current thread of control's run-as identity on the top of the stack.

peekRunAsIdentity

public static RunAsIdentity (src)  peekRunAsIdentity(int depth)
Look at the current thread of control's run-as identity at the indicated depth. Typically depth is either 0 for the identity the current caller run-as that will be assumed, or 1 for the active run-as the previous caller has assumed.

Returns:
RunAsIdentity depth frames up.

setServer

public static void setServer()
Set the server mode of operation. When the server property has been set to true, the security information is maintained in thread local storage. This should be called to enable property security semantics in any multi-threaded environment where more than one thread requires that security information be restricted to the thread's flow of control. If a security manager is present, then this method calls the security manager's checkPermission method with a RuntimePermission("org.jboss.security.SecurityAssociation.setServer") permission to ensure it's ok to access principal information. If not, a SecurityException will be thrown.

Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS (src)    NEXT CLASS (src) FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD