Class JBossCachedAuthenticationManager
- java.lang.Object
-
- org.jboss.security.authentication.JBossCachedAuthenticationManager
-
- All Implemented Interfaces:
AuthenticationManager
,BaseSecurityManager
,CacheableManager<ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>,Principal>
public class JBossCachedAuthenticationManager extends Object implements AuthenticationManager, CacheableManager<ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>,Principal>
AuthenticationManager
implementation that usesCacheableManager
as the cache provider.- Author:
- Marcus Moyses, Oleg Nitz, Scott.Stark@jboss.org, Anil.Saldhana@jboss.org
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
JBossCachedAuthenticationManager.DomainInfo
A cache value.
-
Field Summary
Fields Modifier and Type Field Description protected ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>
domainCache
-
Constructor Summary
Constructors Constructor Description JBossCachedAuthenticationManager()
Create a new JBossCachedAuthenticationManager using the default security domain andCallbackHandler
implementation.JBossCachedAuthenticationManager(String securityDomain, CallbackHandler callbackHandler)
Create a new JBossCachedAuthenticationManager.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
containsKey(Principal key)
Checks if an entry exists in the cache.void
flushCache()
Flushes all entries from the cache.void
flushCache(Principal key)
Flushes one entry from the cache.Subject
getActiveSubject()
Get the currently authenticated subject.Set<Principal>
getCachedKeys()
Returns a set of keys stored in the cache.String
getSecurityDomain()
Get the security domain from which the security manager is from.Principal
getTargetPrincipal(Principal anotherDomainPrincipal, Map<String,Object> contextMap)
Trust related usecases may require translation of a principal from another domain to the current domain An implementation of this interface may need to do a backdoor contact of the external trust provider in deriving the target principalboolean
isValid(Principal principal, Object credential)
The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity.boolean
isValid(Principal principal, Object credential, Subject activeSubject)
The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity.void
logout(Principal principal, Subject subject)
This method must be invoked to perform the logout of the incoming principal.void
releaseModuleEntries(ClassLoader classLoader)
Release cache entries got the specified ClassLoader.void
setCache(ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo> cache)
Sets the cache.void
setDeepCopySubjectOption(Boolean flag)
Flag to specify if deep copy of subject sets needs to be enabled
-
-
-
Field Detail
-
domainCache
protected ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo> domainCache
-
-
Constructor Detail
-
JBossCachedAuthenticationManager
public JBossCachedAuthenticationManager()
Create a new JBossCachedAuthenticationManager using the default security domain andCallbackHandler
implementation.
-
JBossCachedAuthenticationManager
public JBossCachedAuthenticationManager(String securityDomain, CallbackHandler callbackHandler)
Create a new JBossCachedAuthenticationManager.- Parameters:
securityDomain
- name of the security domaincallbackHandler
-CallbackHandler
implementation
-
-
Method Detail
-
getActiveSubject
public Subject getActiveSubject()
Description copied from interface:AuthenticationManager
Get the currently authenticated subject. Historically implementations of AuthenticationManager isValid methods had the side-effect of setting the active Subject. This caused problems with multi-threaded usecases where the Subject instance was being shared by multiple threads. This is now deprecated in favor of the JACC PolicyContextHandler getContext(key, data) method.- Specified by:
getActiveSubject
in interfaceAuthenticationManager
- Returns:
- The previously authenticated Subject if isValid succeeded, null if isValid failed or has not been called for the active thread.
- See Also:
PolicyContextHandler.getContext(String, Object)
-
getTargetPrincipal
public Principal getTargetPrincipal(Principal anotherDomainPrincipal, Map<String,Object> contextMap)
Description copied from interface:AuthenticationManager
Trust related usecases may require translation of a principal from another domain to the current domain An implementation of this interface may need to do a backdoor contact of the external trust provider in deriving the target principal- Specified by:
getTargetPrincipal
in interfaceAuthenticationManager
- Parameters:
anotherDomainPrincipal
- Principal that is applicable in the other domain (Can be null - in which case the contextMap is used solely to derive the target principal)contextMap
- Any context information (including information on the other domain that may be relevant in deriving the target principal). Any SAML assertions that may be relevant can be passed here.- Returns:
- principal from a target security domain
-
isValid
public boolean isValid(Principal principal, Object credential)
Description copied from interface:AuthenticationManager
The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity. Typically this is implemented as a call to isValid with a null Subject.- Specified by:
isValid
in interfaceAuthenticationManager
- Parameters:
principal
- - the user identity in the operation environmentcredential
- - the proof of user identity as known in the operation environment- Returns:
- true if the principal, credential pair is valid, false otherwise.
- See Also:
AuthenticationManager.isValid(Principal, Object, Subject)
-
isValid
public boolean isValid(Principal principal, Object credential, Subject activeSubject)
Description copied from interface:AuthenticationManager
The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity. This extends AuthenticationManager version to provide a copy of the resulting authenticated Subject. This allows a caller to authenticate a user and obtain a Subject whose state cannot be modified by other threads associated with the same principal.- Specified by:
isValid
in interfaceAuthenticationManager
- Parameters:
principal
- - the user identity in the operation environmentcredential
- - the proof of user identity as known in the operation environmentactiveSubject
- - the Subject which should be populated with the validated Subject contents. A JAAS based implementation would typically populate the activeSubject with the LoginContext.login result.- Returns:
- true if the principal, credential pair is valid, false otherwise.
-
getSecurityDomain
public String getSecurityDomain()
Description copied from interface:BaseSecurityManager
Get the security domain from which the security manager is from. Every security manager belongs to a named domain. The meaning of the security domain name depends on the implementation. Examples range from as fine grained as the name of EJBs to J2EE application names to DNS domain names.- Specified by:
getSecurityDomain
in interfaceBaseSecurityManager
- Returns:
- the security domain name. May be null in which case the security manager belongs to the logical default domain.
-
flushCache
public void flushCache()
Description copied from interface:CacheableManager
Flushes all entries from the cache.- Specified by:
flushCache
in interfaceCacheableManager<ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>,Principal>
-
flushCache
public void flushCache(Principal key)
Description copied from interface:CacheableManager
Flushes one entry from the cache.- Specified by:
flushCache
in interfaceCacheableManager<ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>,Principal>
- Parameters:
key
- Entry's key.
-
setCache
public void setCache(ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo> cache)
Description copied from interface:CacheableManager
Sets the cache.- Specified by:
setCache
in interfaceCacheableManager<ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>,Principal>
- Parameters:
cache
- New cache to use.
-
containsKey
public boolean containsKey(Principal key)
Description copied from interface:CacheableManager
Checks if an entry exists in the cache.- Specified by:
containsKey
in interfaceCacheableManager<ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>,Principal>
- Parameters:
key
- Entry's key- Returns:
- true if there is an entry, false otherwise.
-
getCachedKeys
public Set<Principal> getCachedKeys()
Description copied from interface:CacheableManager
Returns a set of keys stored in the cache.- Specified by:
getCachedKeys
in interfaceCacheableManager<ConcurrentMap<Principal,JBossCachedAuthenticationManager.DomainInfo>,Principal>
- Returns:
- keys stored in the cache.
-
setDeepCopySubjectOption
public void setDeepCopySubjectOption(Boolean flag)
Flag to specify if deep copy of subject sets needs to be enabled- Parameters:
flag
-
-
releaseModuleEntries
public void releaseModuleEntries(ClassLoader classLoader)
Release cache entries got the specified ClassLoader.- Parameters:
classLoader
- the ClassLoader.
-
logout
public void logout(Principal principal, Subject subject)
Description copied from interface:AuthenticationManager
This method must be invoked to perform the logout of the incoming principal. TheSubject
associated with the principal is also provided, allowing implementations to perform any special cleanup based on the information contained in theSubject
.- Specified by:
logout
in interfaceAuthenticationManager
- Parameters:
principal
- thePrincipal
being logged out.subject
- theSubject
associated with the principal being logged out.
-
-