Class JaspicToJaasBridge
- java.lang.Object
-
- com.sun.enterprise.security.auth.JaspicToJaasBridge
-
public class JaspicToJaasBridge extends Object
This class contains a collection of methods used by the JASPIC implementation to interact with the Payara JAAS/Realm system.For the most part JASPIC does the authentication itself, and the JASPIC runtime code sets the security context based on that, but in a few cases bridging to JAAS is supported. This is especially the case for JASPIC's PasswordValidationCallback, which is specified to delegate credential validation from JASPIC to the contain/application server's native "identity stores" (realms, login modules, etc).
- Author:
- Harpreet Singh ([email protected]), Jyri Virkki, Arjan Tijms (refactoring)
-
-
Constructor Summary
Constructors Constructor Description JaspicToJaasBridge()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static Subject
addRealmGroupsToSubject(Subject subject, String callerPrincipalName, String realmName)
static Subject
jaasX500Login(Subject subject, X500Principal x500Principal)
static Subject
validateUsernamePasswordByJaas(Subject subject, String username, char[] password, String realm)
Performs username/password login validation against a configured JAAS context and realm for JASPIC security.
-
-
-
Method Detail
-
validateUsernamePasswordByJaas
public static Subject validateUsernamePasswordByJaas(Subject subject, String username, char[] password, String realm) throws LoginException
Performs username/password login validation against a configured JAAS context and realm for JASPIC security.This is used by SAMs that wish to delegate the validation of username/password credentials to a realm installed on the application server (e.g. the LdapRealm). Note that such delegation in pure JASPIC is only defined for the username/password credential.
The difference between this method and the ones in
WebAndEjbToJaasBridge
is that it just verifies whether the login will succeed in the given realm. It does not set the result of the authentication in the appserver runtime environment A silent return from this method means that the given user succeeding in authenticating with the given password in the given realm- Parameters:
subject
-username
-password
-realm
- the realm to authenticate under- Returns:
- Subject on successful authentication
- Throws:
LoginException
-
jaasX500Login
public static Subject jaasX500Login(Subject subject, X500Principal x500Principal) throws LoginException
- Throws:
LoginException
-
addRealmGroupsToSubject
public static Subject addRealmGroupsToSubject(Subject subject, String callerPrincipalName, String realmName) throws LoginException
- Throws:
LoginException
-
-