Package org.wildfly.security.auth.server
Interface RealmIdentity
-
- All Known Subinterfaces:
ModifiableRealmIdentity
public interface RealmIdentity
A representation of a pre-authentication identity. The life of aRealmIdentity
is short and is for a specific authentication attempt. ASecurityRealm
creating aRealmIdentity
does not confirm the existence of the identity. Theexists()
method must be used for that purpose.- Author:
- Darran Lofthouse
-
-
Field Summary
Fields Modifier and Type Field Description static RealmIdentity
ANONYMOUS
The anonymous realm identity.static RealmIdentity
NON_EXISTENT
An identity for a non-existent user.
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Deprecated Methods Modifier and Type Method Description default <C extends Credential,R>
RapplyToCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec, Function<C,R> function)
Apply the given function to the acquired credential, if it is set and of the given type, algorithm, and parameters.default <C extends Credential,R>
RapplyToCredential(Class<C> credentialType, String algorithmName, Function<C,R> function)
Apply the given function to the acquired credential, if it is set and of the given type and algorithm.default <C extends Credential,R>
RapplyToCredential(Class<C> credentialType, Function<C,R> function)
Apply the given function to the acquired credential, if it is set and of the given type.default void
dispose()
Dispose this realm identity after a completed authentication attempt.boolean
exists()
Determine if the identity exists in lieu of verifying or acquiring a credential.default Attributes
getAttributes()
Get the attributes for the realm identity.default AuthorizationIdentity
getAuthorizationIdentity()
Get an authorization identity for this pre-authenticated identity.<C extends Credential>
CgetCredential(Class<C> credentialType)
Acquire a credential of the given type.default <C extends Credential>
CgetCredential(Class<C> credentialType, String algorithmName)
Acquire a credential of the given type and algorithm name.default <C extends Credential>
CgetCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)
Acquire a credential of the given type and algorithm name.default SupportLevel
getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName)
Deprecated.Transition method; remove before GA.SupportLevel
getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)
Determine whether a given credential type is definitely obtainable, possibly obtainable, or definitely not obtainable for this identity.SupportLevel
getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)
Determine whether a given type of evidence is definitely verifiable, possibly verifiable, or definitely not verifiable.Principal
getRealmIdentityPrincipal()
Get the principal that canonically identifies the identity within the realm.default void
updateCredential(Credential credential)
Update a credential of this realm identity.boolean
verifyEvidence(Evidence evidence)
Verify the given evidence against a credential of this identity.
-
-
-
Field Detail
-
ANONYMOUS
static final RealmIdentity ANONYMOUS
The anonymous realm identity.
-
NON_EXISTENT
static final RealmIdentity NON_EXISTENT
An identity for a non-existent user.
-
-
Method Detail
-
getRealmIdentityPrincipal
Principal getRealmIdentityPrincipal()
Get the principal that canonically identifies the identity within the realm. This method may return the principal object which was passed in as a parameter toSecurityRealm.getRealmIdentity(Principal)
(a.k.a. domain principal), but is not required to do so. Any existent realm identity (i.e. any identity which returnstrue
on invocation ofexists()
) must return a non-null
principal.- Returns:
- the principal for this realm identity (may not be
null
)
-
getCredentialAcquireSupport
default SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName) throws RealmUnavailableException
Deprecated.Transition method; remove before GA.- Throws:
RealmUnavailableException
-
getCredentialAcquireSupport
SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException
Determine whether a given credential type is definitely obtainable, possibly obtainable, or definitely not obtainable for this identity.- Parameters:
credentialType
- the exact credential type (must not benull
)algorithmName
- the algorithm name, ornull
if any algorithm is acceptable or the credential type does not support algorithm namesparameterSpec
- the algorithm parameters to match, ornull
if any parameters are acceptable or the credential type does not support algorithm parameters- Returns:
- the level of support for this credential type (may not be
null
) - Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
getCredential
<C extends Credential> C getCredential(Class<C> credentialType) throws RealmUnavailableException
Acquire a credential of the given type.- Type Parameters:
C
- the credential type- Parameters:
credentialType
- the credential type class (must not benull
)- Returns:
- the credential, or
null
if no such credential exists - Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
getCredential
default <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName) throws RealmUnavailableException
Acquire a credential of the given type and algorithm name. Realms which support more than one credential of a given type must override this method.- Type Parameters:
C
- the credential type- Parameters:
credentialType
- the credential type class (must not benull
)algorithmName
- the algorithm name, ornull
if any algorithm is acceptable or the credential type does not support algorithm names- Returns:
- the credential, or
null
if no such credential exists - Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
getCredential
default <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException
Acquire a credential of the given type and algorithm name. Realms which support more than one credential of a given type and algorithm must override this method.- Type Parameters:
C
- the credential type- Parameters:
credentialType
- the credential type class (must not benull
)algorithmName
- the algorithm name, ornull
if any algorithm is acceptable or the credential type does not support algorithm namesparameterSpec
- the algorithm parameters to match, ornull
if any parameters are acceptable or the credential type does not support algorithm parameters- Returns:
- the credential, or
null
if no such credential exists - Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
applyToCredential
default <C extends Credential,R> R applyToCredential(Class<C> credentialType, Function<C,R> function) throws RealmUnavailableException
Apply the given function to the acquired credential, if it is set and of the given type.- Type Parameters:
C
- the credential typeR
- the return type- Parameters:
credentialType
- the credential type class (must not benull
)function
- the function to apply (must not benull
)- Returns:
- the result of the function, or
null
if the criteria are not met - Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
applyToCredential
default <C extends Credential,R> R applyToCredential(Class<C> credentialType, String algorithmName, Function<C,R> function) throws RealmUnavailableException
Apply the given function to the acquired credential, if it is set and of the given type and algorithm.- Type Parameters:
C
- the credential typeR
- the return type- Parameters:
credentialType
- the credential type class (must not benull
)algorithmName
- the algorithm name, ornull
if any algorithm is acceptable or the credential type does not support algorithm namesfunction
- the function to apply (must not benull
)- Returns:
- the result of the function, or
null
if the criteria are not met - Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
applyToCredential
default <C extends Credential,R> R applyToCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec, Function<C,R> function) throws RealmUnavailableException
Apply the given function to the acquired credential, if it is set and of the given type, algorithm, and parameters.- Type Parameters:
C
- the credential typeR
- the return type- Parameters:
credentialType
- the credential type class (must not benull
)algorithmName
- the algorithm name, ornull
if any algorithm is acceptable or the credential type does not support algorithm namesparameterSpec
- the algorithm parameters to match, ornull
if any parameters are acceptable or the credential type does not support algorithm parametersfunction
- the function to apply (must not benull
)- Returns:
- the result of the function, or
null
if the criteria are not met - Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
updateCredential
default void updateCredential(Credential credential) throws RealmUnavailableException
Update a credential of this realm identity.- Parameters:
credential
- the new credential (must not benull
)- Throws:
UnsupportedOperationException
- if the implementing class does not support updating a credentialRealmUnavailableException
- if the realm is not able to handle requests for any reason
-
getEvidenceVerifySupport
SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) throws RealmUnavailableException
Determine whether a given type of evidence is definitely verifiable, possibly verifiable, or definitely not verifiable.- Parameters:
evidenceType
- the type of evidence to be verified (must not benull
)algorithmName
- the algorithm name, ornull
if any algorithm is acceptable or the evidence type does not support algorithm names- Returns:
- the level of support for this evidence type
- Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
verifyEvidence
boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException
Verify the given evidence against a credential of this identity. The credential to be used is selected based on the evidence type.- Parameters:
evidence
- the evidence to verify- Returns:
true
if verification was successful,false
otherwise- Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
exists
boolean exists() throws RealmUnavailableException
Determine if the identity exists in lieu of verifying or acquiring a credential. This method is intended to be used to verify an identity for non-authentication purposes only. Implementations of this method should returnfalse
up until the point it is known that a call togetAuthorizationIdentity()
can successfully return an identity. If a realm can load an identity independently of credential acquisition and evidence verification if not already loaded it should be loaded at the time of this call to return an accurate result.- Returns:
true
if the identity exists in this realm,false
otherwise- Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
dispose
default void dispose()
Dispose this realm identity after a completed authentication attempt.
-
getAuthorizationIdentity
default AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException
Get an authorization identity for this pre-authenticated identity.- Returns:
- the authorization identity (may not be
null
) - Throws:
IllegalStateException
- if called for an identity that does not existRealmUnavailableException
- if the realm is not able to handle requests for any reason
-
getAttributes
default Attributes getAttributes() throws RealmUnavailableException
Get the attributes for the realm identity.- Returns:
- the attributes, or
null
if the implementing class does not support getting attributes - Throws:
RealmUnavailableException
- if accessing the attributes fails for some reason
-
-