Package org.wildfly.security.auth.realm

Class AggregateSecurityRealm.Identity

    • Field Detail

      • authenticationIdentity

        private final RealmIdentity authenticationIdentity

      • authorizationIdentities

        private final RealmIdentity[] authorizationIdentities

    • Method Detail

      • getRealmIdentityPrincipal

        public Principal getRealmIdentityPrincipal()
        Description copied from interface: RealmIdentity
        Get the principal that canonically identifies the identity within the realm. This method may return the principal object which was passed in as a parameter to SecurityRealm.getRealmIdentity(Principal) (a.k.a. domain principal), but is not required to do so. Any existent realm identity (i.e. any identity which returns true on invocation of RealmIdentity.exists()) must return a non-null principal.
        Specified by:
        getRealmIdentityPrincipal in interface RealmIdentity
        Returns:
        the principal for this realm identity (may not be null)

      • getCredentialAcquireSupport

        public SupportLevel getCredentialAcquireSupport​(Class<? extends Credential> credentialType,
                                                String algorithmName,
                                                AlgorithmParameterSpec parameterSpec)
                                         throws RealmUnavailableException
        Description copied from interface: RealmIdentity
        Determine whether a given credential type is definitely obtainable, possibly obtainable, or definitely not obtainable for this identity.
        Specified by:
        getCredentialAcquireSupport in interface RealmIdentity
        Parameters:
        credentialType - the exact credential type (must not be null)
        algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
        parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters
        Returns:
        the level of support for this credential type (may not be null)
        Throws:
        RealmUnavailableException - if the realm is not able to handle requests for any reason

      • getEvidenceVerifySupport

        public SupportLevel getEvidenceVerifySupport​(Class<? extends Evidence> evidenceType,
                                             String algorithmName)
                                      throws RealmUnavailableException
        Description copied from interface: RealmIdentity
        Determine whether a given type of evidence is definitely verifiable, possibly verifiable, or definitely not verifiable.
        Specified by:
        getEvidenceVerifySupport in interface RealmIdentity
        Parameters:
        evidenceType - the type of evidence to be verified (must not be null)
        algorithmName - the algorithm name, or null if any algorithm is acceptable or the evidence type does not support algorithm names
        Returns:
        the level of support for this evidence type
        Throws:
        RealmUnavailableException - if the realm is not able to handle requests for any reason

      • getCredential

        public <C extends Credential> C getCredential​(Class<C> credentialType,
                                              String algorithmName,
                                              AlgorithmParameterSpec parameterSpec)
                                       throws RealmUnavailableException
        Description copied from interface: RealmIdentity
        Acquire a credential of the given type and algorithm name. Realms which support more than one credential of a given type and algorithm must override this method.
        Specified by:
        getCredential in interface RealmIdentity
        Type Parameters:
        C - the credential type
        Parameters:
        credentialType - the credential type class (must not be null)
        algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
        parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters
        Returns:
        the credential, or null if no such credential exists
        Throws:
        RealmUnavailableException - if the realm is not able to handle requests for any reason

      • getCredential

        public <C extends Credential> C getCredential​(Class<C> credentialType,
                                              String algorithmName)
                                       throws RealmUnavailableException
        Description copied from interface: RealmIdentity
        Acquire a credential of the given type and algorithm name. Realms which support more than one credential of a given type must override this method.
        Specified by:
        getCredential in interface RealmIdentity
        Type Parameters:
        C - the credential type
        Parameters:
        credentialType - the credential type class (must not be null)
        algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
        Returns:
        the credential, or null if no such credential exists
        Throws:
        RealmUnavailableException - if the realm is not able to handle requests for any reason

      • getCredential

        public <C extends Credential> C getCredential​(Class<C> credentialType)
                                       throws RealmUnavailableException
        Description copied from interface: RealmIdentity
        Acquire a credential of the given type.
        Specified by:
        getCredential in interface RealmIdentity
        Type Parameters:
        C - the credential type
        Parameters:
        credentialType - the credential type class (must not be null)
        Returns:
        the credential, or null if no such credential exists
        Throws:
        RealmUnavailableException - if the realm is not able to handle requests for any reason

      • verifyEvidence

        public boolean verifyEvidence​(Evidence evidence)
                       throws RealmUnavailableException
        Description copied from interface: RealmIdentity
        Verify the given evidence against a credential of this identity. The credential to be used is selected based on the evidence type.
        Specified by:
        verifyEvidence in interface RealmIdentity
        Parameters:
        evidence - the evidence to verify
        Returns:
        true if verification was successful, false otherwise
        Throws:
        RealmUnavailableException - if the realm is not able to handle requests for any reason

      • exists

        public boolean exists()
               throws RealmUnavailableException
        Description copied from interface: RealmIdentity
        Determine if the identity exists in lieu of verifying or acquiring a credential. This method is intended to be used to verify an identity for non-authentication purposes only. Implementations of this method should return false up until the point it is known that a call to RealmIdentity.getAuthorizationIdentity() can successfully return an identity. If a realm can load an identity independently of credential acquisition and evidence verification if not already loaded it should be loaded at the time of this call to return an accurate result.
        Specified by:
        exists in interface RealmIdentity
        Returns:
        true if the identity exists in this realm, false otherwise
        Throws:
        RealmUnavailableException - if the realm is not able to handle requests for any reason

      • dispose

        public void dispose()
        Description copied from interface: RealmIdentity
        Dispose this realm identity after a completed authentication attempt.
        Specified by:
        dispose in interface RealmIdentity