Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS (src)    NEXT CLASS (src) FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jboss.security.plugins
Class JaasSecurityManagerService

java.lang.Object
  extended byorg.jboss.mx.util.JBossNotificationBroadcasterSupport (src) 
      extended byorg.jboss.system.ServiceMBeanSupport (src) 
          extended byorg.jboss.security.plugins.JaasSecurityManagerService
All Implemented Interfaces:
JaasSecurityManagerServiceMBean (src) , MBeanRegistration (src) , NotificationBroadcaster (src) , NotificationEmitter (src) , SecurityManagerMBean (src) , Service (src) , ServiceMBean (src)
public class JaasSecurityManagerService
extends ServiceMBeanSupport (src)
implements JaasSecurityManagerServiceMBean (src)

This is a JMX service which manages JAAS based SecurityManagers. JAAS SecurityManagers are responsible for validating credentials associated with principals. The service defaults to the org.jboss.security.plugins.JaasSecurityManager implementation but this can be changed via the securityManagerClass property.

See Also:
JaasSecurityManager (src) , SubjectSecurityManager (src)

Nested Class Summary
static class JaasSecurityManagerService.DefaultCacheObjectFactory (src)
          java:/timedCacheFactory ObjectFactory implementation
static class JaasSecurityManagerService.SecurityDomainObjectFactory (src)
           
 
Field Summary
 
Fields inherited from class org.jboss.system.ServiceMBeanSupport (src)
SERVICE_CONTROLLER_SIG, serviceName
 
Fields inherited from interface org.jboss.security.plugins.JaasSecurityManagerServiceMBean (src)
OBJECT_NAME
 
Fields inherited from interface org.jboss.system.ServiceMBean (src)
CREATE_EVENT, CREATED, DESTROY_EVENT, DESTROYED, FAILED, REGISTERED, START_EVENT, STARTED, STARTING, states, STOP_EVENT, STOPPED, STOPPING, UNREGISTERED
 
Constructor Summary
JaasSecurityManagerService()
          The constructor does nothing as the security manager is created on each lookup into java:/jaas/xxx.
 
Method Summary
 boolean doesUserHaveRole(java.lang.String securityDomain, java.security.Principal principal, java.lang.Object credential, java.util.Set roles)
          Validates the application domain roles to which the operational environment Principal belongs.
 void flushAuthenticationCache(java.lang.String securityDomain)
          flush the cache policy for the indicated security domain if one exists.
 void flushAuthenticationCache(java.lang.String securityDomain, java.security.Principal user)
          Flush a principal's authentication cache entry associated with the given securityDomain.
 java.lang.String getAuthenticationCacheJndiName()
          Get the jndi name under which the authentication cache policy is found
 java.util.List getAuthenticationCachePrincipals(java.lang.String securityDomain)
          Return the active principals in the indicated security domain auth cache.
 java.lang.String getCallbackHandlerClassName()
          Get the default CallbackHandler implementation class name
 int getDefaultCacheResolution()
          Get the default timed cache policy resolution.
 int getDefaultCacheTimeout()
          Get the default timed cache policy timeout.
 java.lang.String getDefaultUnauthenticatedPrincipal()
          Get the default unauthenticated principal.
 java.security.Principal getPrincipal(java.lang.String securityDomain, java.security.Principal principal)
          Map from the operational environment Principal to the application domain principal.
 java.lang.String getSecurityManagerClassName()
          Get the name of the class that provides the security manager implementation.
 java.lang.String getSecurityProxyFactoryClassName()
          Get the name of the class that provides the SecurityProxyFactory implementation.
 java.util.Set getUserRoles(java.lang.String securityDomain, java.security.Principal principal, java.lang.Object credential)
          Return the set of domain roles the principal has been assigned.
 boolean isValid(java.lang.String securityDomain, java.security.Principal principal, java.lang.Object credential)
          The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity.
 void registerSecurityDomain(java.lang.String securityDomain, SecurityDomain (src)  instance)
          Register a SecurityDomain implmentation
 void setAuthenticationCacheJndiName(java.lang.String jndiName)
          Set the jndi name under which the authentication cache policy is found
 void setCacheTimeout(java.lang.String securityDomain, int timeoutInSecs, int resInSecs)
          Set the indicated security domain cache timeout.
 void setCallbackHandlerClassName(java.lang.String className)
          Set the default CallbackHandler implementation class name
 void setDefaultCacheResolution(int resInSecs)
          Set the default timed cache policy resolution.
 void setDefaultCacheTimeout(int timeoutInSecs)
          Set the default timed cache policy timeout.
 void setDefaultUnauthenticatedPrincipal(java.lang.String principal)
          Set the default unauthenticated principal.
 void setSecurityManagerClassName(java.lang.String className)
          Set the name of the class that provides the security manager implementation.
 void setSecurityProxyFactoryClassName(java.lang.String className)
          Set the name of the class that provides the SecurityProxyFactory implementation.
protected  void startService()
          Sub-classes should override this method to provide custum 'start' logic.
protected  void stopService()
          Sub-classes should override this method to provide custum 'stop' logic.
 
Methods inherited from class org.jboss.system.ServiceMBeanSupport (src)
create, createService, destroy, destroyService, getLog, getName, getNextNotificationSequenceNumber, getObjectName, getServer, getServiceName, getState, getStateString, jbossInternalCreate, jbossInternalDescription, jbossInternalDestroy, jbossInternalLifecycle, jbossInternalStart, jbossInternalStop, postDeregister, postRegister, preDeregister, preRegister, start, stop
 
Methods inherited from class org.jboss.mx.util.JBossNotificationBroadcasterSupport (src)
addNotificationListener, getNotificationInfo, handleNotification, removeNotificationListener, removeNotificationListener, sendNotification
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.jboss.system.ServiceMBean (src)
getName, getState, getStateString, jbossInternalLifecycle
 
Methods inherited from interface org.jboss.system.Service (src)
create, destroy, start, stop
 

Constructor Detail

JaasSecurityManagerService

public JaasSecurityManagerService()
The constructor does nothing as the security manager is created on each lookup into java:/jaas/xxx. This is also why all variables in this class are static.

Method Detail

getSecurityManagerClassName

public java.lang.String getSecurityManagerClassName()
Description copied from interface: JaasSecurityManagerServiceMBean (src)
Get the name of the class that provides the security manager implementation.

Specified by:
getSecurityManagerClassName in interface JaasSecurityManagerServiceMBean (src)

setSecurityManagerClassName

public void setSecurityManagerClassName(java.lang.String className)
                                 throws java.lang.ClassNotFoundException,
                                        java.lang.ClassCastException
Description copied from interface: JaasSecurityManagerServiceMBean (src)
Set the name of the class that provides the security manager implementation.

Specified by:
setSecurityManagerClassName in interface JaasSecurityManagerServiceMBean (src)
Throws:
java.lang.ClassNotFoundException - thrown if the className cannot be found using the thread context class loader.
java.lang.ClassCastException - thrown if the className does not implement the org.jboss.security.AuthenticationManager interface.

getSecurityProxyFactoryClassName

public java.lang.String getSecurityProxyFactoryClassName()
Description copied from interface: JaasSecurityManagerServiceMBean (src)
Get the name of the class that provides the SecurityProxyFactory implementation.

Specified by:
getSecurityProxyFactoryClassName in interface JaasSecurityManagerServiceMBean (src)

setSecurityProxyFactoryClassName

public void setSecurityProxyFactoryClassName(java.lang.String className)
                                      throws java.lang.ClassNotFoundException
Description copied from interface: JaasSecurityManagerServiceMBean (src)
Set the name of the class that provides the SecurityProxyFactory implementation.

Specified by:
setSecurityProxyFactoryClassName in interface JaasSecurityManagerServiceMBean (src)
Throws:
java.lang.ClassNotFoundException

getCallbackHandlerClassName

public java.lang.String getCallbackHandlerClassName()
Get the default CallbackHandler implementation class name

Specified by:
getCallbackHandlerClassName in interface JaasSecurityManagerServiceMBean (src)
Returns:
The fully qualified classname of the

setCallbackHandlerClassName

public void setCallbackHandlerClassName(java.lang.String className)
                                 throws java.lang.ClassNotFoundException
Set the default CallbackHandler implementation class name

Specified by:
setCallbackHandlerClassName in interface JaasSecurityManagerServiceMBean (src)
Throws:
java.lang.ClassNotFoundException
See Also:
CallbackHandler

getAuthenticationCacheJndiName

public java.lang.String getAuthenticationCacheJndiName()
Get the jndi name under which the authentication cache policy is found

Specified by:
getAuthenticationCacheJndiName in interface JaasSecurityManagerServiceMBean (src)

setAuthenticationCacheJndiName

public void setAuthenticationCacheJndiName(java.lang.String jndiName)
Set the jndi name under which the authentication cache policy is found

Specified by:
setAuthenticationCacheJndiName in interface JaasSecurityManagerServiceMBean (src)
Parameters:
jndiName - the name to the ObjectFactory or CachePolicy binding.

getDefaultCacheTimeout

public int getDefaultCacheTimeout()
Get the default timed cache policy timeout.

Specified by:
getDefaultCacheTimeout in interface JaasSecurityManagerServiceMBean (src)
Returns:
the default cache timeout in seconds.

setDefaultCacheTimeout

public void setDefaultCacheTimeout(int timeoutInSecs)
Set the default timed cache policy timeout. This has no affect if the AuthenticationCacheJndiName has been changed from the default value.

Specified by:
setDefaultCacheTimeout in interface JaasSecurityManagerServiceMBean (src)
Parameters:
timeoutInSecs - - the cache timeout in seconds.

getDefaultCacheResolution

public int getDefaultCacheResolution()
Get the default timed cache policy resolution.

Specified by:
getDefaultCacheResolution in interface JaasSecurityManagerServiceMBean (src)

setDefaultCacheResolution

public void setDefaultCacheResolution(int resInSecs)
Set the default timed cache policy resolution. This has no affect if the AuthenticationCacheJndiName has been changed from the default value.

Specified by:
setDefaultCacheResolution in interface JaasSecurityManagerServiceMBean (src)
Parameters:
resInSecs - - resolution of timeouts in seconds.

setCacheTimeout

public void setCacheTimeout(java.lang.String securityDomain,
                            int timeoutInSecs,
                            int resInSecs)
Set the indicated security domain cache timeout. This only has an effect if the security domain is using the default jboss TimedCachePolicy implementation.

Specified by:
setCacheTimeout in interface JaasSecurityManagerServiceMBean (src)
Parameters:
securityDomain - the name of the security domain cache
timeoutInSecs - - the cache timeout in seconds.
resInSecs - - resolution of timeouts in seconds.

flushAuthenticationCache

public void flushAuthenticationCache(java.lang.String securityDomain)
flush the cache policy for the indicated security domain if one exists.

Specified by:
flushAuthenticationCache in interface JaasSecurityManagerServiceMBean (src)
Parameters:
securityDomain - the name of the security domain cache

flushAuthenticationCache

public void flushAuthenticationCache(java.lang.String securityDomain,
                                     java.security.Principal user)
Flush a principal's authentication cache entry associated with the given securityDomain.

Specified by:
flushAuthenticationCache in interface JaasSecurityManagerServiceMBean (src)
Parameters:
securityDomain - the name of the security domain cache
user - the principal of the user to flush

getAuthenticationCachePrincipals

public java.util.List getAuthenticationCachePrincipals(java.lang.String securityDomain)
Return the active principals in the indicated security domain auth cache.

Specified by:
getAuthenticationCachePrincipals in interface JaasSecurityManagerServiceMBean (src)
Parameters:
securityDomain - the name of the security to lookup the cache for
Returns:
List of active keys found in the auth cache if the cache exists and is accessible, null otherwise.

isValid

public boolean isValid(java.lang.String securityDomain,
                       java.security.Principal principal,
                       java.lang.Object credential)
Description copied from interface: SecurityManagerMBean (src)
The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity.

Specified by:
isValid in interface SecurityManagerMBean (src)
Parameters:
securityDomain - - the name of the security to use
principal - - the user identity in the operation environment
credential - - the proof of user identity as known in the operation environment
Returns:
true if the principal, credential pair is valid, false otherwise.

getPrincipal

public java.security.Principal getPrincipal(java.lang.String securityDomain,
                                            java.security.Principal principal)
Description copied from interface: SecurityManagerMBean (src)
Map from the operational environment Principal to the application domain principal. This is used by the EJBContext.getCallerPrincipal implentation to map from the authenticated principal to a principal in the application domain.

Specified by:
getPrincipal in interface SecurityManagerMBean (src)
Parameters:
principal - - the caller principal as known in the operation environment.
Returns:
the principal

doesUserHaveRole

public boolean doesUserHaveRole(java.lang.String securityDomain,
                                java.security.Principal principal,
                                java.lang.Object credential,
                                java.util.Set roles)
Description copied from interface: SecurityManagerMBean (src)
Validates the application domain roles to which the operational environment Principal belongs. This may first authenticate the principal as some security manager impls require a preceeding isValid call.

Specified by:
doesUserHaveRole in interface SecurityManagerMBean (src)
Parameters:
securityDomain - - the name of the security to use
principal - - the user identity in the operation environment
credential - - the proof of user identity as known in the
roles - - Set for the application domain roles that the principal is to be validated against.
Returns:
true if the principal has at least one of the roles in the roles set, false otherwise.

getUserRoles

public java.util.Set getUserRoles(java.lang.String securityDomain,
                                  java.security.Principal principal,
                                  java.lang.Object credential)
Description copied from interface: SecurityManagerMBean (src)
Return the set of domain roles the principal has been assigned. This may first authenticate the principal as some security manager impls require a preceeding isValid call.

Specified by:
getUserRoles in interface SecurityManagerMBean (src)
Parameters:
securityDomain - - the name of the security to use
principal - - the user identity in the operation environment
credential - - the proof of user identity as known in the
Returns:
The Set for the application domain roles that the principal has been assigned.

startService

protected void startService()
                     throws java.lang.Exception
Description copied from class: ServiceMBeanSupport (src)
Sub-classes should override this method to provide custum 'start' logic.

This method is empty, and is provided for convenience when concrete service classes do not need to perform anything specific for this state change.

Overrides:
startService in class ServiceMBeanSupport (src)
Throws:
java.lang.Exception

stopService

protected void stopService()
                    throws java.lang.Exception
Description copied from class: ServiceMBeanSupport (src)
Sub-classes should override this method to provide custum 'stop' logic.

This method is empty, and is provided for convenience when concrete service classes do not need to perform anything specific for this state change.

Overrides:
stopService in class ServiceMBeanSupport (src)
Throws:
java.lang.Exception

registerSecurityDomain

public void registerSecurityDomain(java.lang.String securityDomain,
                                   SecurityDomain (src)  instance)
Register a SecurityDomain implmentation

Specified by:
registerSecurityDomain in interface JaasSecurityManagerServiceMBean (src)

getDefaultUnauthenticatedPrincipal

public java.lang.String getDefaultUnauthenticatedPrincipal()
Get the default unauthenticated principal.

Specified by:
getDefaultUnauthenticatedPrincipal in interface JaasSecurityManagerServiceMBean (src)
Returns:
The principal name

setDefaultUnauthenticatedPrincipal

public void setDefaultUnauthenticatedPrincipal(java.lang.String principal)
Set the default unauthenticated principal.

Specified by:
setDefaultUnauthenticatedPrincipal in interface JaasSecurityManagerServiceMBean (src)
Parameters:
principal - The principal name
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS (src)    NEXT CLASS (src) FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD