Package org.jboss.security

Interface ServerAuthenticationManager

    • Method Detail

      • isValid

        boolean isValid​(javax.security.auth.message.MessageInfo requestMessage,
                Subject clientSubject,
                String layer,
                CallbackHandler callbackHandler)

        Authenticate a Subject given the request response JSR-196(JASPI) messages.

        If any AuthException is thrown during the processing it will be available through SecurityContext context data with a key javax.security.auth.message.AuthException.

        Parameters:
        requestMessage -
        clientSubject - Pre-created or null subject
        layer - Message Layer for the JASPI (Optional): Default: HTTP
        callbackHandler - CallbackHandler
        Returns:
        true if client subject is valid, false otherwise

      • isValid

        boolean isValid​(javax.security.auth.message.MessageInfo messageInfo,
                Subject clientSubject,
                String layer,
                String appContext,
                CallbackHandler callbackHandler)

        Authenticate a Subject given the request response JSR-196(JASPI) messages.

        If any AuthException is thrown during the processing it will be available through SecurityContext context data with a key javax.security.auth.message.AuthException.

        Parameters:
        messageInfo - the object that contains the request and response messages.
        clientSubject - the client subject.
        layer - the message layer for JASPI.
        appContext - the JASPI application context.
        callbackHandler - the callback handler instance.
        Returns:
        true if the client subject is valid; false otherwise.

      • secureResponse

        void secureResponse​(javax.security.auth.message.MessageInfo messageInfo,
                    Subject serviceSubject,
                    String layer,
                    String appContext,
                    CallbackHandler callbackHandler)

        Secures the response encapsulated in the specified MessageInfo object.

        If any AuthException is thrown during the processing it will be available through SecurityContext context data with a key javax.security.auth.message.AuthException.

        Parameters:
        messageInfo - the object that contains the request and response messages.
        serviceSubject - an optional server Subject instance.
        layer - the JASPI message layer.
        appContext - the JASPI application context.
        callbackHandler - the CallbackHandler instance that can be used to obtain further information (such as keys) to secure the response message.

      • cleanSubject

        void cleanSubject​(javax.security.auth.message.MessageInfo messageInfo,
                  Subject subject,
                  String layer,
                  String appContext,
                  CallbackHandler handler)

        Remove method specific principals and credentials from the subject.

        Parameters:
        messageInfo - the object that contains the request and response messages.
        subject - the subject to be cleaned.
        layer - the message layer for JASPI.
        appContext - the JASPI application context.
        handler - the callback handler instance.