Package org.wildfly.security.auth.realm
Class JaasSecurityRealm
- java.lang.Object
-
- org.wildfly.security.auth.realm.JaasSecurityRealm
-
- All Implemented Interfaces:
SecurityRealm
public class JaasSecurityRealm extends Object implements SecurityRealm
A JAAS basedSecurityRealm
implementation.- Author:
- Stefan Guilhen
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static class
JaasSecurityRealm.JaasAuthorizationIdentity
A JAAS realm's authorization identity.private class
JaasSecurityRealm.JaasRealmIdentity
private static class
JaasSecurityRealm.JaasSecurityRealmDefaultCallbackHandler
Default CallbackHandler passed to the LoginContext when none is provided to JAAS security realm and none is configured in the "auth.login.defaultCallbackHandler" security property.
-
Field Summary
Fields Modifier and Type Field Description private ClassLoader
classLoader
private static String
DEFAULT_CONFIGURATION_POLICY_TYPE
private String
entry
private CallbackHandler
handler
private URI
jaasConfigFilePath
-
Fields inherited from interface org.wildfly.security.auth.server.SecurityRealm
EMPTY_REALM
-
-
Constructor Summary
Constructors Constructor Description JaasSecurityRealm(String entry)
Construct a new instance.JaasSecurityRealm(String entry, ClassLoader classLoader)
Construct a new instance.JaasSecurityRealm(String entry, String jaasConfigFilePath)
Construct a new instance.JaasSecurityRealm(String entry, String jaasConfigFilePath, ClassLoader classLoader)
Construct a new instance.JaasSecurityRealm(String entry, String jaasConfigFilePath, ClassLoader classLoader, CallbackHandler callbackHandler)
Construct a new instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private CallbackHandler
createCallbackHandler(Principal principal, Evidence evidence)
private LoginContext
createLoginContext(String entry, Subject subject, CallbackHandler callbackHandler)
SupportLevel
getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)
Determine whether a credential of the given type and algorithm is definitely obtainable, possibly obtainable (for] some identities), or definitely not obtainable.SupportLevel
getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)
Determine whether a given type of evidence is definitely verifiable, possibly verifiable (for some identities), or definitely not verifiable.RealmIdentity
getRealmIdentity(Principal principal)
Get a handle for to the identity for the given principal in the context of this security realm.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.wildfly.security.auth.server.SecurityRealm
getCredentialAcquireSupport, getRealmIdentity, getRealmIdentity, handleRealmEvent
-
-
-
-
Field Detail
-
DEFAULT_CONFIGURATION_POLICY_TYPE
private static final String DEFAULT_CONFIGURATION_POLICY_TYPE
- See Also:
- Constant Field Values
-
jaasConfigFilePath
private final URI jaasConfigFilePath
-
entry
private final String entry
-
handler
private final CallbackHandler handler
-
classLoader
private final ClassLoader classLoader
-
-
Constructor Detail
-
JaasSecurityRealm
public JaasSecurityRealm(String entry)
Construct a new instance.- Parameters:
entry
- JAAS configuration file entry (must not benull
)
-
JaasSecurityRealm
public JaasSecurityRealm(String entry, ClassLoader classLoader)
Construct a new instance.- Parameters:
entry
- JAAS configuration file entry (must not benull
)classLoader
- classLoader to use with LoginContext, this class loader must contain LoginModule CallbackHandler classes
-
JaasSecurityRealm
public JaasSecurityRealm(String entry, String jaasConfigFilePath)
Construct a new instance.- Parameters:
entry
- JAAS configuration file entry (must not benull
)jaasConfigFilePath
- path to JAAS configuration file
-
JaasSecurityRealm
public JaasSecurityRealm(String entry, String jaasConfigFilePath, ClassLoader classLoader)
Construct a new instance.- Parameters:
entry
- JAAS configuration file entry (must not benull
)jaasConfigFilePath
- path to JAAS configuration fileclassLoader
- classLoader to use with LoginContext, this class loader must contain LoginModule CallbackHandler classes
-
JaasSecurityRealm
public JaasSecurityRealm(String entry, String jaasConfigFilePath, ClassLoader classLoader, CallbackHandler callbackHandler)
Construct a new instance.- Parameters:
entry
- JAAS configuration file entry (must not benull
)jaasConfigFilePath
- path to JAAS configuration filecallbackHandler
- callbackHandler to pass to LoginContextclassLoader
- classLoader to use with LoginContext, this class loader must contain LoginModule CallbackHandler classes
-
-
Method Detail
-
getRealmIdentity
public RealmIdentity getRealmIdentity(Principal principal)
Description copied from interface:SecurityRealm
Get a handle for to the identity for the given principal in the context of this security realm. Any validation / name mapping is an implementation detail for the realm. The identity may or may not exist. The returned handle must be cleaned up by a call toRealmIdentity.dispose()
.- Specified by:
getRealmIdentity
in interfaceSecurityRealm
- Parameters:
principal
- the principal which identifies the identity within the realm (must not benull
)- Returns:
- the
RealmIdentity
for the provided principal (notnull
)
-
getCredentialAcquireSupport
public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException
Description copied from interface:SecurityRealm
Determine whether a credential of the given type and algorithm is definitely obtainable, possibly obtainable (for] some identities), or definitely not obtainable.- Specified by:
getCredentialAcquireSupport
in interfaceSecurityRealm
- Parameters:
credentialType
- the exact credential type (must not benull
)algorithmName
- the algorithm name, ornull
if any algorithm is acceptable or the credential type does not support algorithm namesparameterSpec
- the algorithm parameters to match, ornull
if any parameters are acceptable or the credential type does not support algorithm parameters- Returns:
- the level of support for this credential
- Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
getEvidenceVerifySupport
public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) throws RealmUnavailableException
Description copied from interface:SecurityRealm
Determine whether a given type of evidence is definitely verifiable, possibly verifiable (for some identities), or definitely not verifiable.- Specified by:
getEvidenceVerifySupport
in interfaceSecurityRealm
- Parameters:
evidenceType
- the type of evidence to be verified (must not benull
)algorithmName
- the algorithm name, ornull
if any algorithm is acceptable or the evidence type does not support algorithm names- Returns:
- the level of support for this evidence type
- Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
createLoginContext
private LoginContext createLoginContext(String entry, Subject subject, CallbackHandler callbackHandler) throws RealmUnavailableException
- Parameters:
entry
- login configuration file entrysubject
- classLoader to use with LoginContext, this class loader must contain LoginModule CallbackHandler classescallbackHandler
- callbackHandler to pass to LoginContext- Returns:
- the instance of LoginContext
- Throws:
RealmUnavailableException
-
createCallbackHandler
private CallbackHandler createCallbackHandler(Principal principal, Evidence evidence)
-
-