JaasSecurityDomain

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS (src) NEXT CLASS (src)

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jboss.security.plugins
Class JaasSecurityDomain

java.lang.Object
  org.jboss.mx.util.JBossNotificationBroadcasterSupport (src) 
      org.jboss.system.ServiceMBeanSupport (src) 
          org.jboss.security.plugins.JaasSecurityManager (src) 
              org.jboss.security.plugins.JaasSecurityDomain

All Implemented Interfaces:: AuthenticationManager (src) , JaasSecurityDomainMBean (src) , MBeanRegistration (src) , NotificationBroadcaster (src) , NotificationEmitter (src) , RealmMapping (src) , SecurityDomain (src) , Service (src) , ServiceMBean (src) , SubjectSecurityManager (src)

public class JaasSecurityDomain
extends JaasSecurityManager (src)
implements SecurityDomain (src) , JaasSecurityDomainMBean (src)

The JaasSecurityDomain is an extension of JaasSecurityManager that addes the notion of a KeyStore, and JSSE KeyManagerFactory and TrustManagerFactory for supporting SSL and other cryptographic use cases. Attributes:

KeyStoreType: The implementation type name being used, defaults to 'JKS'.
KeyStoreURL: Set the KeyStore database URL string. This is used to obtain an InputStream to initialize the KeyStore. If the string is not a value URL, its treated as a file.
KeyStorePass: the password used to load the KeyStore. Its format is one of:
- The plaintext password for the KeyStore(or whatever format is used by the KeyStore). The toCharArray() value of the string is used without any manipulation.
- A command to execute to obtain the plaintext password. The format is '{EXT}...' where the '...' is the exact command line that will be passed to the Runtime.exec(String) method to execute a platform command. The first line of the command output is used as the password.
- A class to create to obtain the plaintext password. The format is '{CLASS}classname[:ctorarg]' where the '[:ctorarg]' is an optional string delimited by the ':' from the classname that will be passed to the classname ctor. The password is obtained from classname by invoking a 'char[] toCharArray()' method if found, otherwise, the 'String toString()' method is used.
The KeyStorePass is also used in combination with the Salt and IterationCount attributes to create a PBE secret key used with the encode/decode operations.
ManagerServiceName: The JMX object name string of the security manager service that the domain registers with to function as a security manager for the security domain name passed to the ctor. The makes the JaasSecurityDomain available under the standard JNDI java:/jaas/(domain) binding.
LoadSunJSSEProvider: A flag indicating if the Sun com.sun.net.ssl.internal.ssl.Provider security provider should be loaded on startup. This is needed when using the Sun JSSE jars without them installed as an extension with JDK 1.3. This should be set to false with JDK 1.4 or when using an alternate JSSE provider
Salt:
IterationCount:

Nested Class Summary

Nested classes inherited from class org.jboss.security.plugins.JaasSecurityManager (src)

JaasSecurityManager.DomainInfo (src)

Field Summary

Fields inherited from class org.jboss.security.plugins.JaasSecurityManager (src)

log, trace

Fields inherited from class org.jboss.system.ServiceMBeanSupport (src)

server, SERVICE_CONTROLLER_SIG, serviceName

Fields inherited from interface org.jboss.system.ServiceMBean (src)

CREATE_EVENT, CREATED, DESTROY_EVENT, DESTROYED, FAILED, REGISTERED, START_EVENT, STARTED, STARTING, states, STOP_EVENT, STOPPED, STOPPING, UNREGISTERED

Constructor Summary
`JaasSecurityDomain()` Creates a default JaasSecurityDomain for with a securityDomain name of 'other'.
`JaasSecurityDomain(java.lang.String securityDomain)` Creates a JaasSecurityDomain for with a securityDomain name of that given by the 'securityDomain' argument.
`JaasSecurityDomain(java.lang.String securityDomain, javax.security.auth.callback.CallbackHandler handler)` Creates a JaasSecurityDomain for with a securityDomain name of that given by the 'securityDomain' argument.

Method Summary
`byte[]`	`decode(byte[] secret)` Decrypt the secret using the cipherKey.
`byte[]`	`decode64(java.lang.String secret)` Decrypt the base64 encoded secret using the cipherKey.
`byte[]`	`encode(byte[] secret)` Encrypt the secret using the cipherKey.
`java.lang.String`	`encode64(byte[] secret)` Encrypt the secret using the cipherKey and return a base64 encoding.
`java.lang.String`	`getCipherAlgorithm()`
`javax.net.ssl.KeyManagerFactory`	`getKeyManagerFactory()` Get the KeyManagerFactory associated with the security domain
`java.security.KeyStore`	`getKeyStore()` Get the keystore associated with the security domain
`java.lang.String`	`getKeyStoreType()` KeyStore implementation type being used.
`java.lang.String`	`getKeyStoreURL()` Get the KeyStore database URL string.
`ObjectName (src)`	`getManagerServiceName()` The JMX object name string of the security manager service.
`java.lang.String`	`getName()` Use the short class name as the default for the service name.
`javax.net.ssl.TrustManagerFactory`	`getTrustManagerFactory()` Get the TrustManagerFactory associated with the security domain
`java.security.KeyStore`	`getTrustStore()` Get the truststore associated with the security domain.
`java.lang.String`	`getTrustStoreType()` Get the type of the trust store
`java.lang.String`	`getTrustStoreURL()` Get the trust store database URL string.
`void`	`reloadKeyAndTrustStore()` Reload the key- and truststore
`void`	`setCipherAlgorithm(java.lang.String cipherAlgorithm)`
`void`	`setIterationCount(int iterationCount)` Set the iteration count used with PBE based on the keystore password.
`void`	`setKeyStorePass(java.lang.String password)` Set the credential string for the KeyStore.
`void`	`setKeyStoreType(java.lang.String type)` Set the type of KeyStore implementation to use.
`void`	`setKeyStoreURL(java.lang.String storeURL)` Set the KeyStore database URL string.
`void`	`setManagerServiceName(ObjectName (src) managerServiceName)` Set the JMX object name string of the security manager service.
`void`	`setSalt(java.lang.String salt)` Set the salt used with PBE based on the keystore password.
`void`	`setTrustStorePass(java.lang.String password)` Set the credential string for the trust store.
`void`	`setTrustStoreType(java.lang.String type)` Set the type of the trust store
`void`	`setTrustStoreURL(java.lang.String storeURL)` Set the trust store database URL string.
`protected void`	`startService()` Sub-classes should override this method to provide custum 'start' logic.
`protected void`	`stopService()` Sub-classes should override this method to provide custum 'stop' logic.

Methods inherited from class org.jboss.security.plugins.JaasSecurityManager (src)

doesRoleGroupHaveRole, doesUserHaveRole, doesUserHaveRole, flushCache, getActiveSubject, getPrincipal, getSecurityDomain, getUserRoles, isValid, isValid, setCachePolicy

Methods inherited from class org.jboss.system.ServiceMBeanSupport (src)

create, createService, destroy, destroyService, getLog, getNextNotificationSequenceNumber, getObjectName, getServer, getServiceName, getState, getStateString, jbossInternalCreate, jbossInternalDescription, jbossInternalDestroy, jbossInternalLifecycle, jbossInternalStart, jbossInternalStop, postDeregister, postRegister, preDeregister, preRegister, start, stop

Methods inherited from class org.jboss.mx.util.JBossNotificationBroadcasterSupport (src)

addNotificationListener, getNotificationInfo, handleNotification, removeNotificationListener, removeNotificationListener, sendNotification

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.jboss.security.AuthenticationManager (src)

getActiveSubject, getSecurityDomain, isValid, isValid

Methods inherited from interface org.jboss.security.RealmMapping (src)

doesUserHaveRole, getPrincipal, getUserRoles

Methods inherited from interface org.jboss.system.ServiceMBean (src)

getState, getStateString, jbossInternalLifecycle

Methods inherited from interface org.jboss.system.Service (src)

create, destroy, start, stop

Constructor Detail

JaasSecurityDomain

public JaasSecurityDomain()

Creates a default JaasSecurityDomain for with a securityDomain name of 'other'.

JaasSecurityDomain

public JaasSecurityDomain(java.lang.String securityDomain)

Creates a JaasSecurityDomain for with a securityDomain name of that given by the 'securityDomain' argument.
Parameters:: securityDomain - , the name of the security domain

JaasSecurityDomain

public JaasSecurityDomain(java.lang.String securityDomain,
                          javax.security.auth.callback.CallbackHandler handler)

Creates a JaasSecurityDomain for with a securityDomain name of that given by the 'securityDomain' argument.
Parameters:: securityDomain - , the name of the security domain; handler - , the CallbackHandler to use to obtain login module info

Method Detail

getKeyStore

public java.security.KeyStore getKeyStore()
                                   throws java.lang.SecurityException

Description copied from interface: SecurityDomain (src)

Get the keystore associated with the security domain

Specified by:: getKeyStore in interface SecurityDomain (src)

Throws:: java.lang.SecurityException

getKeyManagerFactory

public javax.net.ssl.KeyManagerFactory getKeyManagerFactory()
                                                     throws java.lang.SecurityException

Description copied from interface: SecurityDomain (src)

Get the KeyManagerFactory associated with the security domain

Specified by:: getKeyManagerFactory in interface SecurityDomain (src)

Throws:: java.lang.SecurityException

getTrustStore

public java.security.KeyStore getTrustStore()
                                     throws java.lang.SecurityException

Description copied from interface: SecurityDomain (src)

Get the truststore associated with the security domain. This may be the same as the keystore.

Specified by:: getTrustStore in interface SecurityDomain (src)

Throws:: java.lang.SecurityException

getTrustManagerFactory

public javax.net.ssl.TrustManagerFactory getTrustManagerFactory()
                                                         throws java.lang.SecurityException

Description copied from interface: SecurityDomain (src)

Get the TrustManagerFactory associated with the security domain

Specified by:: getTrustManagerFactory in interface SecurityDomain (src)

Throws:: java.lang.SecurityException

getManagerServiceName

public ObjectName (src)  getManagerServiceName()

The JMX object name string of the security manager service.

Specified by:: getManagerServiceName in interface JaasSecurityDomainMBean (src)

Returns:: The JMX object name string of the security manager service.

setManagerServiceName

public void setManagerServiceName(ObjectName (src)  managerServiceName)

Set the JMX object name string of the security manager service.

Specified by:: setManagerServiceName in interface JaasSecurityDomainMBean (src)