org.jboss.security.plugins
Interface SecurityManagerMBean

All Known Subinterfaces:

JaasSecurityManagerServiceMBean (src)

All Known Implementing Classes:

JaasSecurityManagerService (src)

public interface SecurityManagerMBean

An MBean interface that unifies the AuthenticationManager and RealmMapping security interfaces implemented by a security manager for a given domain and provides access to this functionality across all domains by including the security domain name as a method argument.

isValid

public boolean isValid(java.lang.String securityDomain,
                       java.security.Principal principal,
                       java.lang.Object credential)

The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity.

Parameters:

securityDomain - - the name of the security to use

principal - - the user identity in the operation environment

credential - - the proof of user identity as known in the operation environment

Returns:

true if the principal, credential pair is valid, false otherwise.

getPrincipal

public java.security.Principal getPrincipal(java.lang.String securityDomain,
                                            java.security.Principal principal)

Map from the operational environment Principal to the application domain principal. This is used by the EJBContext.getCallerPrincipal implentation to map from the authenticated principal to a principal in the application domain.

Parameters:

principal - - the caller principal as known in the operation environment.

Returns:

the principal

doesUserHaveRole

public boolean doesUserHaveRole(java.lang.String securityDomain,
                                java.security.Principal principal,
                                java.lang.Object credential,
                                java.util.Set roles)

Validates the application domain roles to which the operational environment Principal belongs. This may first authenticate the principal as some security manager impls require a preceeding isValid call.

Parameters:

securityDomain - - the name of the security to use

principal - - the user identity in the operation environment

credential - - the proof of user identity as known in the

roles - - Set for the application domain roles that the principal is to be validated against.

Returns:

true if the principal has at least one of the roles in the roles set, false otherwise.

getUserRoles

public java.util.Set getUserRoles(java.lang.String securityDomain,
                                  java.security.Principal principal,
                                  java.lang.Object credential)

Return the set of domain roles the principal has been assigned. This may first authenticate the principal as some security manager impls require a preceeding isValid call.

Parameters:

securityDomain - - the name of the security to use

principal - - the user identity in the operation environment

credential - - the proof of user identity as known in the

Returns:

The Set for the application domain roles that the principal has been assigned.