This class implements the common functionality required for a JAAS
server side LoginModule and implements the JBossSX standard Subject usage
pattern of storing identities and roles.
A hook to allow subclasses to convert a password from the database
into a plain text string or whatever form is used for matching against
the user input.
Use reflection to create a javax.crypto.spec.SecretKeySpec to avoid
an explicit reference to SecretKeySpec so that the JCE is not needed
unless the SRP parameters indicate that encryption is needed.
Returns a server socket which uses only the specified network
interface on the local host, is bound to a the specified port,
and uses the specified connection backlog.
A JAAC Policy provider implementation that delegates any non-JACC permissions
to the java.security.Policy either passed in to the ctor, or the pre existing
Policy.getPolicy value.
An implementation of ServerSocketFactory that creates SSL server sockets
using the JSSE SSLContext and a JBossSX SecurityDomain for the KeyManagerFactory
and TrustManagerFactory objects.
An implementation of SocketFactory that creates SSL sockets using the
JSSE SSLContext and a JBossSX SecurityDomain for the KeyManagerFactory
and TrustManagerFactory objects.
A security config mbean that loads an xml login configuration using the
XMLLoginConfig.loadConfig(URL config) operation on start, and unloads
the contained login module configurations on stop.
Read a password in opaque form to a file for use with the FilePassword
accessor in conjunction with the JaasSecurityDomain
{CLASS}org.jboss.security.plugins.FilePassword:password-file
format of the KeyStorePass attribute.
From Appendix E of the JCE ref guide, the xaximum key size
allowed by the "Strong" jurisdiction policy files allows a maximum Blowfish
cipher size of 128 bits.
This method is called by the container SecurityInterceptor to intialize
the proxy with the EJB home and remote interface classes that the
container is housing.
The isValid method is invoked to see if a user identity and associated
credentials as known in the operational environment are valid proof of the
user identity.
The JaasSecurityDomain is an extension of JaasSecurityManager that addes
the notion of a KeyStore, and JSSE KeyManagerFactory and TrustManagerFactory
for supporting SSL and other cryptographic use cases.
The org.jboss.security.auth.spi.LdapExtLoginModule, added in jboss-4.0.3, is an
alternate ldap login module implementation that uses searches for locating both
the user to bind as for authentication as well as the associated roles.
Looks for javax.security.auth.login.name and javax.security.auth.login.password
values in the sharedState map if the useFirstPass option was true and returns
true if they exist.
Write a password in opaque form to a file for use with the FilePassword
accessor in conjunction with the JaasSecurityDomain
{CLASS}org.jboss.security.plugins.FilePassword:password-file
format of the KeyStorePass attribute.
A subclass of UsersRolesLoginModule that uses a singleton instance and
memory based users/roles Properties maps to manage user/password and
user/role mappings.
A utility program for generating password hashes given the hashAlgorithm,
hashEncoding, and hashCharset options used by the UsernamePasswordLoginModule.
Ecrypt a password using the JaasSecurityDomain password
Usage: PBEUtils salt count domain-password password
salt : the Salt attribute from the JaasSecurityDomain
count : the IterationCount attribute from the JaasSecurityDomain
domain-password : the plaintext password that maps to the KeyStorePass
attribute from the JaasSecurityDomain
password : the plaintext password that should be encrypted with the
JaasSecurityDomain password
An alternate PermissionName comparator that first orders names by
length(longer names before shorter names) to ensure that the most
precise names are seen first.
An MBean interface that unifies the AuthenticationManager and RealmMapping
security interfaces implemented by a security manager for a given domain
and provides access to this functionality across all domains by including
the security domain name as a method argument.
A server side login module that validates a username and
session client challenge response against the cache of authentication
info maintained by the SRPService mbean.
A login module that uses the SRP protocol documented in RFC2945
to authenticate a username & password in a secure fashion without
using an encrypted channel.
A simple test client that looks up the SimpleSRPServer in the RMI
registry and attempts to validate the username and password passed
on the command line.
An abstract subclass of AbstractServerLoginModule that imposes
an identity == String username, credentials == String password view on
the login process.
A simple Properties map based login module that consults two Java Properties
formatted text files for username to password("users.properties") and
username to roles("roles.properties") mapping.