Package org.wildfly.security.auth.realm
Class DistributedSecurityRealm.PrincipalDistributedIdentity
- java.lang.Object
-
- org.wildfly.security.auth.realm.DistributedSecurityRealm.PrincipalDistributedIdentity
-
- All Implemented Interfaces:
RealmIdentity
- Enclosing class:
- DistributedSecurityRealm
final class DistributedSecurityRealm.PrincipalDistributedIdentity extends Object implements RealmIdentity
-
-
Field Summary
Fields Modifier and Type Field Description private RealmIdentity
currentIdentity
private int
nextRealm
private Principal
principal
-
Fields inherited from interface org.wildfly.security.auth.server.RealmIdentity
ANONYMOUS, NON_EXISTENT
-
-
Constructor Summary
Constructors Constructor Description PrincipalDistributedIdentity(Principal principal)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
dispose()
Dispose this realm identity after a completed authentication attempt.boolean
exists()
Determine if the identity exists in lieu of verifying or acquiring a credential.AuthorizationIdentity
getAuthorizationIdentity()
Get an authorization identity for this pre-authenticated identity.<C extends Credential>
CgetCredential(Class<C> credentialType)
Acquire a credential of the given type.<C extends Credential>
CgetCredential(Class<C> credentialType, String algorithmName)
Acquire a credential of the given type and algorithm name.<C extends Credential>
CgetCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)
Acquire a credential of the given type and algorithm name.SupportLevel
getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)
Determine whether a given credential type is definitely obtainable, possibly obtainable, or definitely not obtainable for this identity.SupportLevel
getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)
Determine whether a given type of evidence is definitely verifiable, possibly verifiable, or definitely not verifiable.Principal
getRealmIdentityPrincipal()
Get the principal that canonically identifies the identity within the realm.private boolean
nextIdentity()
boolean
verifyEvidence(Evidence evidence)
Verify the given evidence against a credential of this identity.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.wildfly.security.auth.server.RealmIdentity
applyToCredential, applyToCredential, applyToCredential, getAttributes, getCredentialAcquireSupport, updateCredential
-
-
-
-
Field Detail
-
principal
private final Principal principal
-
currentIdentity
private RealmIdentity currentIdentity
-
nextRealm
private int nextRealm
-
-
Constructor Detail
-
PrincipalDistributedIdentity
PrincipalDistributedIdentity(Principal principal) throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
-
Method Detail
-
nextIdentity
private boolean nextIdentity() throws RealmUnavailableException
- Throws:
RealmUnavailableException
-
getRealmIdentityPrincipal
public Principal getRealmIdentityPrincipal()
Description copied from interface:RealmIdentity
Get the principal that canonically identifies the identity within the realm. This method may return the principal object which was passed in as a parameter toSecurityRealm.getRealmIdentity(Principal)
(a.k.a. domain principal), but is not required to do so. Any existent realm identity (i.e. any identity which returnstrue
on invocation ofRealmIdentity.exists()
) must return a non-null
principal.- Specified by:
getRealmIdentityPrincipal
in interfaceRealmIdentity
- Returns:
- the principal for this realm identity (may not be
null
)
-
getCredentialAcquireSupport
public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException
Description copied from interface:RealmIdentity
Determine whether a given credential type is definitely obtainable, possibly obtainable, or definitely not obtainable for this identity.- Specified by:
getCredentialAcquireSupport
in interfaceRealmIdentity
- Parameters:
credentialType
- the exact credential type (must not benull
)algorithmName
- the algorithm name, ornull
if any algorithm is acceptable or the credential type does not support algorithm namesparameterSpec
- the algorithm parameters to match, ornull
if any parameters are acceptable or the credential type does not support algorithm parameters- Returns:
- the level of support for this credential type (may not be
null
) - Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
getEvidenceVerifySupport
public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) throws RealmUnavailableException
Description copied from interface:RealmIdentity
Determine whether a given type of evidence is definitely verifiable, possibly verifiable, or definitely not verifiable.- Specified by:
getEvidenceVerifySupport
in interfaceRealmIdentity
- Parameters:
evidenceType
- the type of evidence to be verified (must not benull
)algorithmName
- the algorithm name, ornull
if any algorithm is acceptable or the evidence type does not support algorithm names- Returns:
- the level of support for this evidence type
- Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
getCredential
public <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException
Description copied from interface:RealmIdentity
Acquire a credential of the given type and algorithm name. Realms which support more than one credential of a given type and algorithm must override this method.- Specified by:
getCredential
in interfaceRealmIdentity
- Type Parameters:
C
- the credential type- Parameters:
credentialType
- the credential type class (must not benull
)algorithmName
- the algorithm name, ornull
if any algorithm is acceptable or the credential type does not support algorithm namesparameterSpec
- the algorithm parameters to match, ornull
if any parameters are acceptable or the credential type does not support algorithm parameters- Returns:
- the credential, or
null
if no such credential exists - Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
getCredential
public <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName) throws RealmUnavailableException
Description copied from interface:RealmIdentity
Acquire a credential of the given type and algorithm name. Realms which support more than one credential of a given type must override this method.- Specified by:
getCredential
in interfaceRealmIdentity
- Type Parameters:
C
- the credential type- Parameters:
credentialType
- the credential type class (must not benull
)algorithmName
- the algorithm name, ornull
if any algorithm is acceptable or the credential type does not support algorithm names- Returns:
- the credential, or
null
if no such credential exists - Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
getCredential
public <C extends Credential> C getCredential(Class<C> credentialType) throws RealmUnavailableException
Description copied from interface:RealmIdentity
Acquire a credential of the given type.- Specified by:
getCredential
in interfaceRealmIdentity
- Type Parameters:
C
- the credential type- Parameters:
credentialType
- the credential type class (must not benull
)- Returns:
- the credential, or
null
if no such credential exists - Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
verifyEvidence
public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException
Description copied from interface:RealmIdentity
Verify the given evidence against a credential of this identity. The credential to be used is selected based on the evidence type.- Specified by:
verifyEvidence
in interfaceRealmIdentity
- Parameters:
evidence
- the evidence to verify- Returns:
true
if verification was successful,false
otherwise- Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
exists
public boolean exists() throws RealmUnavailableException
Description copied from interface:RealmIdentity
Determine if the identity exists in lieu of verifying or acquiring a credential. This method is intended to be used to verify an identity for non-authentication purposes only. Implementations of this method should returnfalse
up until the point it is known that a call toRealmIdentity.getAuthorizationIdentity()
can successfully return an identity. If a realm can load an identity independently of credential acquisition and evidence verification if not already loaded it should be loaded at the time of this call to return an accurate result.- Specified by:
exists
in interfaceRealmIdentity
- Returns:
true
if the identity exists in this realm,false
otherwise- Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
getAuthorizationIdentity
public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException
Description copied from interface:RealmIdentity
Get an authorization identity for this pre-authenticated identity.- Specified by:
getAuthorizationIdentity
in interfaceRealmIdentity
- Returns:
- the authorization identity (may not be
null
) - Throws:
RealmUnavailableException
- if the realm is not able to handle requests for any reason
-
dispose
public void dispose()
Description copied from interface:RealmIdentity
Dispose this realm identity after a completed authentication attempt.- Specified by:
dispose
in interfaceRealmIdentity
-
-