org.jboss.jms.server.security
Class SecurityMetadataStore

java.lang.Object
  org.jboss.jms.server.security.SecurityMetadataStore

All Implemented Interfaces:

SecurityMetadataStoreMBean, SecurityStore

public class SecurityMetadataStore
extends java.lang.Object
implements SecurityStore, SecurityMetadataStoreMBean

A security metadate store for JMS. Stores security information for destinations and delegates authentication and authorization to a JaasSecurityManager.

Version:

$Revision: 4986 $ $Id: SecurityMetadataStore.java 4986 2008-09-18 22:11:43Z clebert.suconic@jboss.com $

Author:

Peter Antman, Scott Stark, Tim Fox, Ovidiu Feodorov

Field Summary

static java.lang.String

DEFAULT_SUCKER_USER_PASSWORD

Fields inherited from interface org.jboss.jms.server.SecurityStore

SUCKER_USER

Constructor Summary

SecurityMetadataStore()

Method Summary

javax.security.auth.Subject	authenticate(java.lang.String user, java.lang.String password) Authenticate the specified user with the given password.
boolean	authorize(java.lang.String user, java.util.Set rolePrincipals, CheckType checkType) Authorize that the subject has at least one of the specified roles.
void	clearSecurityConfig(boolean isQueue, java.lang.String name)
org.w3c.dom.Element	getDefaultSecurityConfig()
java.lang.String	getSecurityDomain()
SecurityMetadata	getSecurityMetadata(boolean isQueue, java.lang.String destName)
void	setDefaultSecurityConfig(org.w3c.dom.Element conf)
void	setSecurityConfig(boolean isQueue, java.lang.String destName, org.w3c.dom.Element conf)
void	setSecurityDomain(java.lang.String securityDomain)
void	setSuckerPassword(java.lang.String password)
void	start()
void	stop()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_SUCKER_USER_PASSWORD

public static final java.lang.String DEFAULT_SUCKER_USER_PASSWORD

See Also:

Constant Field Values

Constructor Detail

SecurityMetadataStore

public SecurityMetadataStore()

Method Detail

getSecurityMetadata

public SecurityMetadata getSecurityMetadata(boolean isQueue,
                                            java.lang.String destName)

Specified by:

getSecurityMetadata in interface SecurityMetadataStoreMBean

Specified by:

getSecurityMetadata in interface SecurityStore

Returns:

the security meta-data for the given destination.

setSecurityConfig

public void setSecurityConfig(boolean isQueue,
                              java.lang.String destName,
                              org.w3c.dom.Element conf)
                       throws java.lang.Exception

Specified by:

setSecurityConfig in interface SecurityMetadataStoreMBean

Specified by:

setSecurityConfig in interface SecurityStore

Throws:

java.lang.Exception

clearSecurityConfig

public void clearSecurityConfig(boolean isQueue,
                                java.lang.String name)
                         throws java.lang.Exception

Specified by:

clearSecurityConfig in interface SecurityMetadataStoreMBean

Specified by:

clearSecurityConfig in interface SecurityStore

Throws:

java.lang.Exception

authenticate

public javax.security.auth.Subject authenticate(java.lang.String user,
                                                java.lang.String password)
                                         throws JMSSecurityException

Description copied from interface: SecurityMetadataStoreMBean

Authenticate the specified user with the given password. Implementations are most likely to delegates to a JBoss AuthenticationManager. Successful authentication will place a new SubjectContext on thread local, which will be used in the authorization process. However, we need to make sure we clean up thread local immediately after we used the information, otherwise some other people security my be screwed up, on account of thread local security stack being corrupted.

Specified by:

authenticate in interface SecurityMetadataStoreMBean

Specified by:

authenticate in interface SecurityStore

Throws:

JMSSecurityException - if the user is not authenticated

authorize

public boolean authorize(java.lang.String user,
                         java.util.Set rolePrincipals,
                         CheckType checkType)

Description copied from interface: SecurityMetadataStoreMBean

Authorize that the subject has at least one of the specified roles. Implementations are most likely to delegates to a JBoss AuthenticationManager.

Specified by:

authorize in interface SecurityMetadataStoreMBean

Specified by:

authorize in interface SecurityStore

rolePrincipals - - The set of roles allowed to read/write/create the destination.

Returns:

true if the subject is authorized, or false if not.

setSuckerPassword

public void setSuckerPassword(java.lang.String password)

Specified by:

setSuckerPassword in interface SecurityMetadataStoreMBean

start

public void start()
           throws javax.naming.NamingException

Specified by:

start in interface SecurityMetadataStoreMBean

Throws:

javax.naming.NamingException

stop

public void stop()
          throws java.lang.Exception

Specified by:

stop in interface SecurityMetadataStoreMBean

Throws:

java.lang.Exception

getSecurityDomain

public java.lang.String getSecurityDomain()

Specified by:

getSecurityDomain in interface SecurityMetadataStoreMBean

setSecurityDomain

public void setSecurityDomain(java.lang.String securityDomain)

Specified by:

setSecurityDomain in interface SecurityMetadataStoreMBean

getDefaultSecurityConfig

public org.w3c.dom.Element getDefaultSecurityConfig()

Specified by:

getDefaultSecurityConfig in interface SecurityMetadataStoreMBean

setDefaultSecurityConfig

public void setDefaultSecurityConfig(org.w3c.dom.Element conf)
                              throws java.lang.Exception

Specified by:

setDefaultSecurityConfig in interface SecurityMetadataStoreMBean

Throws:

java.lang.Exception