This class implements the common functionality required for a JAAS
server side LoginModule and implements the JBossSX standard Subject usage
pattern of storing identities and roles.
JBAS-3109:AppCallbackHandler as the default CallbackHandler in the
security module
An implementation of the JAAS CallbackHandler interface that
handles NameCallbacks, PasswordCallback, TextInputCallback
and the JBoss ByteArrayCallback.
This MUST be specified if a qop directive is sent (see above), and MUST NOT
be specified if the server did not send a qop directive in the
WWW-Authenticate header field.
A hook to allow subclasses to convert a password from the database
into a plain text string or whatever form is used for matching against
the user input.
Use reflection to create a javax.crypto.spec.SecretKeySpec to avoid
an explicit reference to SecretKeySpec so that the JCE is not needed
unless the SRP parameters indicate that encryption is needed.
Returns a server socket which uses only the specified network
interface on the local host, is bound to a the specified port,
and uses the specified connection backlog.
A JAAC Policy provider implementation that delegates any non-JACC permissions
to the java.security.Policy either passed in to the ctor, or the pre existing
Policy.getPolicy value.
An implementation of ServerSocketFactory that creates SSL server sockets
using the JSSE SSLContext and a JBossSX SecurityDomain for the KeyManagerFactory
and TrustManagerFactory objects.
An implementation of SocketFactory that creates SSL sockets using the
JSSE SSLContext and a JBossSX SecurityDomain for the KeyManagerFactory
and TrustManagerFactory objects.
A security config mbean that loads an xml login configuration using the
XMLLoginConfig.loadConfig(URL config) operation on start, and unloads
the contained login module configurations on stop.
Read a password in opaque form to a file for use with the FilePassword
accessor in conjunction with the JaasSecurityDomain
{CLASS}org.jboss.security.plugins.FilePassword:password-file
format of the KeyStorePass attribute.
From Appendix E of the JCE ref guide, the xaximum key size
allowed by the "Strong" jurisdiction policy files allows a maximum Blowfish
cipher size of 128 bits.
This method is called by the container SecurityInterceptor to intialize
the proxy with the EJB home and remote interface classes that the
container is housing.
The isValid method is invoked to see if a user identity and associated
credentials as known in the operational environment are valid proof of the
user identity.
The isValid method is invoked to see if a user identity and associated
credentials as known in the operational environment are valid proof of the
user identity.
The isValid method is invoked to see if a user identity and associated
credentials as known in the operational environment are valid proof of the
user identity.
The JaasSecurityDomain is an extension of JaasSecurityManager that addes
the notion of a KeyStore, and JSSE KeyManagerFactory and TrustManagerFactory
for supporting SSL and other cryptographic use cases.
The org.jboss.security.auth.spi.LdapExtLoginModule, added in jboss-4.0.3, is an
alternate ldap login module implementation that uses searches for locating both
the user to bind as for authentication as well as the associated roles.
Looks for javax.security.auth.login.name and javax.security.auth.login.password
values in the sharedState map if the useFirstPass option was true and returns
true if they exist.
Write a password in opaque form to a file for use with the FilePassword
accessor in conjunction with the JaasSecurityDomain
{CLASS}org.jboss.security.plugins.FilePassword:password-file
format of the KeyStorePass attribute.
A subclass of UsersRolesLoginModule that uses a singleton instance and
memory based users/roles Properties maps to manage user/password and
user/role mappings.
This MUST be specified if a qop directive is sent (see above), and MUST NOT
be specified if the server did not send a qop directive in the
WWW-Authenticate header field.
A utility program for generating password hashes given the hashAlgorithm,
hashEncoding, and hashCharset options used by the UsernamePasswordLoginModule.
Ecrypt a password using the JaasSecurityDomain password
Usage: PBEUtils salt count domain-password password
salt : the Salt attribute from the JaasSecurityDomain
count : the IterationCount attribute from the JaasSecurityDomain
domain-password : the plaintext password that maps to the KeyStorePass
attribute from the JaasSecurityDomain
password : the plaintext password that should be encrypted with the
JaasSecurityDomain password
An alternate PermissionName comparator that first orders names by
length(longer names before shorter names) to ensure that the most
precise names are seen first.
The SecurityDomain interface combines the SubjectSecurityManager and
RealmMapping interfaces and adds a keyStore and trustStore as well as
JSSE KeyManagerFactory and TrustManagerFactory accessors for use with SSL/JSSE.
An MBean interface that unifies the AuthenticationManager and RealmMapping
security interfaces implemented by a security manager for a given domain
and provides access to this functionality across all domains by including
the security domain name as a method argument.
An abstract subclass of AbstractServerLoginModule that imposes
an identity == String username, credentials == String password view on
the login process.
A simple Properties map based login module that consults two Java Properties
formatted text files for username to password("users.properties") and
username to roles("roles.properties") mapping.