Package org.wildfly.security.auth.callback

Class CachedIdentityAuthorizeCallback

  • All Implemented Interfaces:
    Callback, ExtendedCallback
    public class CachedIdentityAuthorizeCallback
extends Object
implements ExtendedCallback

    A callback that is capable of perform authorization based on the identities managed by an IdentityCache.

    This callback can be used in two ways:

    • As an alternative to AuthorizeCallback. As a result, the identity (if successfully authorized) will be cached
    • To perform a lookup in the cache and authorize the cached identity locally
    Author:
    Pedro Igor

    • Constructor Detail

      • CachedIdentityAuthorizeCallback

        public CachedIdentityAuthorizeCallback​(IdentityCache identityCache)
        Creates a new instance in order to authorize identities managed by the given identityCache.
        Parameters:
        identityCache - the identity cache

      • CachedIdentityAuthorizeCallback

        public CachedIdentityAuthorizeCallback​(IdentityCache identityCache,
                                       boolean localCache)
        Creates a new instance in order to authorize identities managed by the given identityCache.
        Parameters:
        identityCache - the identity cache
        localCache - if true, indicates that authorization should be based on the given identityCache only. In case the mechanism performing the authorization is wrapped by another one that provides a top-level cache (eg.: SSO), only the given identityCache will be considered.

      • CachedIdentityAuthorizeCallback

        public CachedIdentityAuthorizeCallback​(Function<SecurityDomain,​IdentityCache> identityCache,
                                       boolean localCache)

        Creates a new instance in order to authorize identities managed by the given identityCache.

        This constructor can be used to perform caching operations (e.g.: put, get and remove) in the context of a SecurityDomain.

        Parameters:
        identityCache - a function that creates an IdentityCache given a SecurityDomain
        localCache - if true, indicates that authorization should be based on the given identityCache only. In case the mechanism performing the authorization is wrapped by another one that provides a top-level cache (eg.: SSO), only the given identityCache will be considered.

      • CachedIdentityAuthorizeCallback

        public CachedIdentityAuthorizeCallback​(String name,
                                       IdentityCache identityCache)
        Creates a new instance to authenticate, authorize and cache the identity associated with the given name.
        Parameters:
        name - the name associated with the identity
        identityCache - the identity cache

      • CachedIdentityAuthorizeCallback

        public CachedIdentityAuthorizeCallback​(Principal principal,
                                       IdentityCache identityCache,
                                       boolean localCache)
        Creates a new instance to authenticate, authorize and cache the identity associated with the given principal.
        Parameters:
        principal - the principal associated with the identity
        identityCache - the identity cache
        localCache - if true, indicates that authorization should be based on the given identityCache only. In case the mechanism performing the authorization is wrapped by another one that provides a top-level cache (eg.: SSO), only the given identityCache will be considered.

      • CachedIdentityAuthorizeCallback

        public CachedIdentityAuthorizeCallback​(Principal principal,
                                       IdentityCache identityCache)
        Creates a new instance to authenticate, authorize and cache the identity associated with the given principal.
        Parameters:
        principal - the principal associated with the identity
        identityCache - the identity cache

      • CachedIdentityAuthorizeCallback

        public CachedIdentityAuthorizeCallback​(Principal principal,
                                       Function<SecurityDomain,​IdentityCache> identityCache,
                                       boolean localCache)

        Creates a new instance to authenticate, authorize and cache the identity associated with the given principal.

        This constructor can be used to perform caching operations (e.g.: put, get and remove) in the context of a SecurityDomain.

        Parameters:
        principal - the principal associated with the identity
        identityCache - a function that creates an IdentityCache given a SecurityDomain
        localCache - if true, indicates that authorization should be based on the given identityCache only. In case the mechanism performing the authorization is wrapped by another one that provides a top-level cache (eg.: SSO), only the given identityCache will be considered.

    • Method Detail

      • isAuthorized

        public boolean isAuthorized()
        Indicates if a cached identity was successfully authorized.
        Returns:
        true if the cached identity was successfully authorized. Otherwise, false

      • setAuthorized

        public void setAuthorized​(SecurityIdentity securityIdentity)
        Authorizes and caches the given securityIdentity.
        Parameters:
        securityIdentity - the identity to authorize and cache. If null, the corresponding identity will be removed from the cache

      • getPrincipal

        public Principal getPrincipal()
        Returns the Principal representing the cached identity.
        Returns:
        the principal (not null)

      • getAuthorizationPrincipal

        public Principal getAuthorizationPrincipal()
        Returns the authorization Principal.
        Returns:
        the principal (not null)

      • getIdentity

        public SecurityIdentity getIdentity()
        Returns a cached SecurityIdentity, if present in the cache.
        Returns:
        the cached identity or null if there is no entry in the cache

      • isLocalCache

        public boolean isLocalCache()
        Indicates if authorization decisions should be performed based on the given IdentityCache only.
        Returns:
        true indicating that authorization decisions should be performed based on the given IdentityCache only. Otherwise, false

      • setSecurityDomain

        public void setSecurityDomain​(SecurityDomain securityDomain)
        Set the current SecurityDomain in order to obtain identities from the cache
        Parameters:
        securityDomain - the current security domain

      • isOptional

        public boolean isOptional()
        Description copied from interface: ExtendedCallback
        Determine if this callback is optional.
        Specified by:
        isOptional in interface ExtendedCallback
        Returns:
        true if the callback is optional, false if it is mandatory

      • needsInformation

        public boolean needsInformation()
        Description copied from interface: ExtendedCallback
        Determine if this callback is requesting information.
        Specified by:
        needsInformation in interface ExtendedCallback
        Returns:
        true if the callback is requesting information, false if it is only providing information