org.jboss.security
Interface AuthenticationManager

All Known Subinterfaces:

SecurityDomain, SubjectSecurityManager

All Known Implementing Classes:

NoAccessSecurityManager, NullSecurityManager

public interface AuthenticationManager

The AuthenticationManager is responsible for validating credentials associated with principals.

Version:

$Revision: 1.3.4.1 $

Author:

Scott.Stark@jboss.org

Method Summary

Subject	getActiveSubject() Deprecated. Use the JACC PolicyContextHandler using key "javax.security.auth.Subject.container"
String	getSecurityDomain() Get the security domain from which the security manager is from.
boolean	isValid(Principal principal, Object credential) The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity.
boolean	isValid(Principal principal, Object credential, Subject activeSubject) The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity.

Method Detail

getSecurityDomain

String getSecurityDomain()

Get the security domain from which the security manager is from. Every security manager belongs to a named domain. The meaning of the security domain name depends on the implementation. Examples range from as fine grained as the name of EJBs to J2EE application names to DNS domain names.

Returns:

the security domain name. May be null in which case the security manager belongs to the logical default domain.

isValid

boolean isValid(Principal principal,
                Object credential)

The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity. Typically this is implemented as a call to isValid with a null Subject.

Parameters:

principal - - the user identity in the operation environment

credential - - the proof of user identity as known in the operation environment

Returns:

true if the principal, credential pair is valid, false otherwise.

See Also:

isValid(Principal, Object, Subject)

isValid

boolean isValid(Principal principal,
                Object credential,
                Subject activeSubject)

The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity. This extends AuthenticationManager version to provide a copy of the resulting authenticated Subject. This allows a caller to authenticate a user and obtain a Subject whose state cannot be modified by other threads associated with the same principal.

Parameters:

principal - - the user identity in the operation environment

credential - - the proof of user identity as known in the operation environment

activeSubject - - the Subject which should be populated with the validated Subject contents. A JAAS based implementation would typically populate the activeSubject with the LoginContext.login result.

Returns:

true if the principal, credential pair is valid, false otherwise.

getActiveSubject

Subject getActiveSubject()

Deprecated. Use the JACC PolicyContextHandler using key "javax.security.auth.Subject.container"

Get the currently authenticated subject. Historically implementations of AuthenticationManager isValid methods had the side-effect of setting the active Subject. This caused problems with multi-threaded usecases where the Subject instance was being shared by multiple threads. This is now deprecated in favor of the JACC PolicyContextHandler getContext(key, data) method.

Returns:

The previously authenticated Subject if isValid succeeded, null if isValid failed or has not been called for the active thread.

See Also:

PolicyContextHandler.getContext(String, Object)