Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS (src) FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jboss.security.srp
Class SerialObjectStore

java.lang.Object
  extended byorg.jboss.security.srp.SerialObjectStore
All Implemented Interfaces:
SRPVerifierStore (src)
public class SerialObjectStore
extends java.lang.Object
implements SRPVerifierStore (src)

A simple implementation of the SRPVerifierStore that uses a file store made up of VerifierInfo serialized objects. Users and be added or removed using the addUser and delUser methods. User passwords are never stored in plaintext either in memory or in the serialized file. Note that usernames and passwords are logged when a user is added via the addUser operation. This is a development class and its use in a production environment is not advised.

See Also:
addUser(String, String), delUser(String)

Nested Class Summary
 
Nested classes inherited from class org.jboss.security.srp.SRPVerifierStore (src)
SRPVerifierStore.VerifierInfo (src)
 
Constructor Summary
SerialObjectStore()
          Create an in memory store and load any VerifierInfo found in ./SerialObjectStore.ser if it exists.
SerialObjectStore(java.io.File storeFile)
          Create an in memory store and load any VerifierInfo found in the storeFile archive if it exists.
 
Method Summary
 void addUser(java.lang.String username, java.lang.String password)
           
 void delUser(java.lang.String username)
           
 SRPVerifierStore.VerifierInfo (src) getUserVerifier(java.lang.String username)
          Get the indicated user's password verifier information.
static void main(java.lang.String[] args)
           
 void save(java.io.File storeFile)
          Save the current in memory map of VerifierInfo to the indicated storeFile by simply serializing the map to the file.
 void setUserVerifier(java.lang.String username, SRPVerifierStore.VerifierInfo (src)  info)
          Set the indicated users' password verifier information.
 void verifyUserChallenge(java.lang.String username, java.lang.Object auxChallenge)
          Verify an optional auxillary challenge sent from the client to the server.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SerialObjectStore

public SerialObjectStore()
                  throws java.io.IOException
Create an in memory store and load any VerifierInfo found in ./SerialObjectStore.ser if it exists.

SerialObjectStore

public SerialObjectStore(java.io.File storeFile)
                  throws java.io.IOException
Create an in memory store and load any VerifierInfo found in the storeFile archive if it exists.

Method Detail

getUserVerifier

public SRPVerifierStore.VerifierInfo (src)  getUserVerifier(java.lang.String username)
                                              throws java.security.KeyException,
                                                     java.io.IOException
Description copied from interface: SRPVerifierStore (src)
Get the indicated user's password verifier information.

Specified by:
getUserVerifier in interface SRPVerifierStore (src)
Throws:
java.security.KeyException
java.io.IOException

setUserVerifier

public void setUserVerifier(java.lang.String username,
                            SRPVerifierStore.VerifierInfo (src)  info)
Description copied from interface: SRPVerifierStore (src)
Set the indicated users' password verifier information. This is equivalent to changing a user's password and should generally invalidate any existing SRP sessions and caches.

Specified by:
setUserVerifier in interface SRPVerifierStore (src)

verifyUserChallenge

public void verifyUserChallenge(java.lang.String username,
                                java.lang.Object auxChallenge)
                         throws java.lang.SecurityException
Description copied from interface: SRPVerifierStore (src)
Verify an optional auxillary challenge sent from the client to the server. The auxChallenge object will have been decrypted if it was sent encrypted from the client. An example of a auxillary challenge would be the validation of a hardware token (SafeWord, SecureID, iButton) that the server validates to further strengthen the SRP password exchange.

Specified by:
verifyUserChallenge in interface SRPVerifierStore (src)
Throws:
java.lang.SecurityException

save

public void save(java.io.File storeFile)
          throws java.io.IOException
Save the current in memory map of VerifierInfo to the indicated storeFile by simply serializing the map to the file.

Throws:
java.io.IOException

addUser

public void addUser(java.lang.String username,
                    java.lang.String password)

delUser

public void delUser(java.lang.String username)

main

public static void main(java.lang.String[] args)
                 throws java.io.IOException
Throws:
java.io.IOException
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS (src) FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD