Package org.jboss.security.authentication

Class JBossCachedAuthenticationManager

    • Constructor Detail

      • JBossCachedAuthenticationManager

        public JBossCachedAuthenticationManager()
        Create a new JBossCachedAuthenticationManager using the default security domain and CallbackHandler implementation.

      • JBossCachedAuthenticationManager

        public JBossCachedAuthenticationManager​(String securityDomain,
                                        CallbackHandler callbackHandler)
        Create a new JBossCachedAuthenticationManager.
        Parameters:
        securityDomain - name of the security domain
        callbackHandler - CallbackHandler implementation

    • Method Detail

      • getActiveSubject

        public Subject getActiveSubject()
        Description copied from interface: AuthenticationManager
        Get the currently authenticated subject. Historically implementations of AuthenticationManager isValid methods had the side-effect of setting the active Subject. This caused problems with multi-threaded usecases where the Subject instance was being shared by multiple threads. This is now deprecated in favor of the JACC PolicyContextHandler getContext(key, data) method.
        Specified by:
        getActiveSubject in interface AuthenticationManager
        Returns:
        The previously authenticated Subject if isValid succeeded, null if isValid failed or has not been called for the active thread.
        See Also:
        PolicyContextHandler.getContext(String, Object)

      • getTargetPrincipal

        public Principal getTargetPrincipal​(Principal anotherDomainPrincipal,
                                    Map<String,​Object> contextMap)
        Description copied from interface: AuthenticationManager
        Trust related usecases may require translation of a principal from another domain to the current domain An implementation of this interface may need to do a backdoor contact of the external trust provider in deriving the target principal
        Specified by:
        getTargetPrincipal in interface AuthenticationManager
        Parameters:
        anotherDomainPrincipal - Principal that is applicable in the other domain (Can be null - in which case the contextMap is used solely to derive the target principal)
        contextMap - Any context information (including information on the other domain that may be relevant in deriving the target principal). Any SAML assertions that may be relevant can be passed here.
        Returns:
        principal from a target security domain

      • isValid

        public boolean isValid​(Principal principal,
                       Object credential)
        Description copied from interface: AuthenticationManager
        The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity. Typically this is implemented as a call to isValid with a null Subject.
        Specified by:
        isValid in interface AuthenticationManager
        Parameters:
        principal - - the user identity in the operation environment
        credential - - the proof of user identity as known in the operation environment
        Returns:
        true if the principal, credential pair is valid, false otherwise.
        See Also:
        AuthenticationManager.isValid(Principal, Object, Subject)

      • isValid

        public boolean isValid​(Principal principal,
                       Object credential,
                       Subject activeSubject)
        Description copied from interface: AuthenticationManager
        The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity. This extends AuthenticationManager version to provide a copy of the resulting authenticated Subject. This allows a caller to authenticate a user and obtain a Subject whose state cannot be modified by other threads associated with the same principal.
        Specified by:
        isValid in interface AuthenticationManager
        Parameters:
        principal - - the user identity in the operation environment
        credential - - the proof of user identity as known in the operation environment
        activeSubject - - the Subject which should be populated with the validated Subject contents. A JAAS based implementation would typically populate the activeSubject with the LoginContext.login result.
        Returns:
        true if the principal, credential pair is valid, false otherwise.

      • getSecurityDomain

        public String getSecurityDomain()
        Description copied from interface: BaseSecurityManager
        Get the security domain from which the security manager is from. Every security manager belongs to a named domain. The meaning of the security domain name depends on the implementation. Examples range from as fine grained as the name of EJBs to J2EE application names to DNS domain names.
        Specified by:
        getSecurityDomain in interface BaseSecurityManager
        Returns:
        the security domain name. May be null in which case the security manager belongs to the logical default domain.

      • setDeepCopySubjectOption

        public void setDeepCopySubjectOption​(Boolean flag)
        Flag to specify if deep copy of subject sets needs to be enabled
        Parameters:
        flag -

      • releaseModuleEntries

        public void releaseModuleEntries​(ClassLoader classLoader)
        Release cache entries got the specified ClassLoader.
        Parameters:
        classLoader - the ClassLoader.

      • logout

        public void logout​(Principal principal,
                   Subject subject)
        Description copied from interface: AuthenticationManager
        This method must be invoked to perform the logout of the incoming principal. The Subject associated with the principal is also provided, allowing implementations to perform any special cleanup based on the information contained in the Subject.
        Specified by:
        logout in interface AuthenticationManager
        Parameters:
        principal - the Principal being logged out.
        subject - the Subject associated with the principal being logged out.