Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jboss.security.srp
Class SerialObjectStore

java.lang.Object
  extended by org.jboss.security.srp.SerialObjectStore
All Implemented Interfaces:
SRPVerifierStore
public class SerialObjectStore
extends Object
implements SRPVerifierStore

A simple implementation of the SRPVerifierStore that uses a file store made up of VerifierInfo serialized objects. Users and be added or removed using the addUser and delUser methods. User passwords are never stored in plaintext either in memory or in the serialized file. Note that usernames and passwords are logged when a user is added via the addUser operation. This is a development class and its use in a production environment is not advised.

Version:
$Revision: 57210 $
Author:
Scott.Stark@jboss.org
See Also:
addUser(String, String), delUser(String)

Nested Class Summary
 
Nested classes/interfaces inherited from interface org.jboss.security.srp.SRPVerifierStore
SRPVerifierStore.VerifierInfo
 
Constructor Summary
SerialObjectStore()
          Create an in memory store and load any VerifierInfo found in ./SerialObjectStore.ser if it exists.
SerialObjectStore(File storeFile)
          Create an in memory store and load any VerifierInfo found in the storeFile archive if it exists.
 
Method Summary
 void addUser(String username, String password)
           
 void delUser(String username)
           
 SRPVerifierStore.VerifierInfo getUserVerifier(String username)
          Get the indicated user's password verifier information.
static void main(String[] args)
           
 void save(File storeFile)
          Save the current in memory map of VerifierInfo to the indicated storeFile by simply serializing the map to the file.
 void setUserVerifier(String username, SRPVerifierStore.VerifierInfo info)
          Set the indicated users' password verifier information.
 void verifyUserChallenge(String username, Object auxChallenge)
          Verify an optional auxillary challenge sent from the client to the server.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SerialObjectStore

public SerialObjectStore()
                  throws IOException
Create an in memory store and load any VerifierInfo found in ./SerialObjectStore.ser if it exists.

Throws:
IOException

SerialObjectStore

public SerialObjectStore(File storeFile)
                  throws IOException
Create an in memory store and load any VerifierInfo found in the storeFile archive if it exists.

Throws:
IOException
Method Detail

getUserVerifier

public SRPVerifierStore.VerifierInfo getUserVerifier(String username)
                                              throws KeyException,
                                                     IOException
Description copied from interface: SRPVerifierStore
Get the indicated user's password verifier information.

Specified by:
getUserVerifier in interface SRPVerifierStore
Throws:
KeyException
IOException

setUserVerifier

public void setUserVerifier(String username,
                            SRPVerifierStore.VerifierInfo info)
Description copied from interface: SRPVerifierStore
Set the indicated users' password verifier information. This is equivalent to changing a user's password and should generally invalidate any existing SRP sessions and caches.

Specified by:
setUserVerifier in interface SRPVerifierStore

verifyUserChallenge

public void verifyUserChallenge(String username,
                                Object auxChallenge)
                         throws SecurityException
Description copied from interface: SRPVerifierStore
Verify an optional auxillary challenge sent from the client to the server. The auxChallenge object will have been decrypted if it was sent encrypted from the client. An example of a auxillary challenge would be the validation of a hardware token (SafeWord, SecureID, iButton) that the server validates to further strengthen the SRP password exchange.

Specified by:
verifyUserChallenge in interface SRPVerifierStore
Throws:
SecurityException

save

public void save(File storeFile)
          throws IOException
Save the current in memory map of VerifierInfo to the indicated storeFile by simply serializing the map to the file.

Throws:
IOException

addUser

public void addUser(String username,
                    String password)

delUser

public void delUser(String username)

main

public static void main(String[] args)
                 throws IOException
Throws:
IOException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2002 JBoss Group, LLC. All Rights Reserved.