Package org.wildfly.security.auth.realm.token

Class TokenSecurityRealm

    • Field Detail

      • principalClaimName

        private final String principalClaimName

      • claimToPrincipal

        private final Function<Attributes,​Principal> claimToPrincipal
        A function that maps the set of token claims to a Principal.

    • Method Detail

      • getRealmIdentity

        public RealmIdentity getRealmIdentity​(Evidence evidence)
        Description copied from interface: SecurityRealm
        Get a handle for to the identity for the given evidence in the context of this security realm. Any validation / name mapping is an implementation detail for the realm. The identity may or may not exist. The returned handle must be cleaned up by a call to RealmIdentity.dispose(). Where this method is used to obtain a RealmIdentity prior to evidence verification the method RealmIdentity.getEvidenceVerifySupport(Class, String) will be used to verify if the identity is usable.
        Specified by:
        getRealmIdentity in interface SecurityRealm
        Parameters:
        evidence - an evidence instance which identifies the identity within the realm (must not be null)
        Returns:
        the RealmIdentity for the provided evidence (not null)

      • getCredentialAcquireSupport

        public SupportLevel getCredentialAcquireSupport​(Class<? extends Credential> credentialType,
                                                String algorithmName,
                                                AlgorithmParameterSpec parameterSpec)
                                         throws RealmUnavailableException
        Description copied from interface: SecurityRealm
        Determine whether a credential of the given type and algorithm is definitely obtainable, possibly obtainable (for] some identities), or definitely not obtainable.
        Specified by:
        getCredentialAcquireSupport in interface SecurityRealm
        Parameters:
        credentialType - the exact credential type (must not be null)
        algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
        parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters
        Returns:
        the level of support for this credential
        Throws:
        RealmUnavailableException - if the realm is not able to handle requests for any reason

      • getEvidenceVerifySupport

        public SupportLevel getEvidenceVerifySupport​(Class<? extends Evidence> evidenceType,
                                             String algorithmName)
                                      throws RealmUnavailableException
        Description copied from interface: SecurityRealm
        Determine whether a given type of evidence is definitely verifiable, possibly verifiable (for some identities), or definitely not verifiable.
        Specified by:
        getEvidenceVerifySupport in interface SecurityRealm
        Parameters:
        evidenceType - the type of evidence to be verified (must not be null)
        algorithmName - the algorithm name, or null if any algorithm is acceptable or the evidence type does not support algorithm names
        Returns:
        the level of support for this evidence type
        Throws:
        RealmUnavailableException - if the realm is not able to handle requests for any reason

      • isBearerTokenEvidence

        private boolean isBearerTokenEvidence​(Evidence evidence)

      • isBearerTokenEvidence

        private boolean isBearerTokenEvidence​(Class<?> evidenceType)

      • defaultClaimToPrincipal

        private Principal defaultClaimToPrincipal​(Attributes claims)
        The default implementation of the claimToPrincipal mapping function. Takes the principalClaimName claim value and wraps it in a NamePrincipal.
        Parameters:
        claims - - token claims
        Returns:
        the NamePrincipal or null on failure to extract claim value