Package com.sun.enterprise.security.jauth

Class AuthConfig

  • public abstract class AuthConfig
extends Object
    This class manages the configuration AuthModules.

    An AuthModule represents a pluggable component for performing security-related request and response processing, and can be configured for a particular interception point and provider ID. The provider ID is an administrator-defined value. The standard interception points include:

    • HTTP
    • EJB
    • SOAP

    Information may be associated with a configured module, including its fully qualified class name (so it can be instantiated), and module options (which help tune the behavior of the module). It is the responsibility of the AuthConfig implementation to load any required module information.

    Callers do not operate on AuthModules directly. Instead they rely on a ClientAuthContext or ServerAuthContext to manage the invocation of modules. A caller obtains an instance of ClientAuthContext or ServerAuthContext by calling the getClientAuthContext or getServerAuthContext method, respectively. Each method takes as arguments an intercept, an id, a requestPolicy, and a responsePolicy.

    An AuthConfig implementation determines the modules to be invoked via the intercept and id values. It then encapsulates those modules in a ClientAuthContext or ServerAuthContext instance, and returns that instance. The returned object is responsible for instantiating, initializing, and invoking the configured modules (when called upon).

    The module initializion step involves calling each configured module's AuthModule.initialize method. The received requestPolicy and responsePolicy are passed to this method. It is then the modules' responsibility, when invoked, to enforce these policies.

    A system-wide AuthConfig instance can be retrieved by invoking getConfig. A default implementation is provided, and can be replaced by setting the value of the "authconfig.provider" security property (in the Java security properties file) to the fully qualified name of the desired implementation class. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> refers to the directory where the JDK was installed.

    Version:
    %I%, %G%
    See Also:
    ClientAuthContext, ServerAuthContext

    • Constructor Detail

      • AuthConfig

        protected AuthConfig()
        Sole constructor. (For invocation by subclass constructors, typically implicit.)

    • Method Detail

      • getAuthConfig

        public static AuthConfig getAuthConfig()
        Get a system-wide module configuration.

        If an AuthConfig object was set via the setAuthConfig method, then that object is returned. Otherwise, an instance of the AuthConfig object configured in the authconfig.provider security property is returned. If that property is not set, a default implementation is returned.

        Returns:
        a system-wide AuthConfig instance.
        Throws:
        SecurityException - if the caller does not have permission to retrieve the configuration.

      • setAuthConfig

        public static void setAuthConfig​(AuthConfig config)
        Set a system-wide module configuration.
        Parameters:
        config - the new configuration.
        Throws:
        SecurityException - if the caller does not have permission to set the configuration.

      • getClientAuthContext

        public abstract ClientAuthContext getClientAuthContext​(String intercept,
                                                       String id,
                                                       AuthPolicy requestPolicy,
                                                       AuthPolicy responsePolicy,
                                                       CallbackHandler handler)
                                                throws AuthException
        Get a ClientAuthContext.

        The modules configured for the returned ClientAuthContext are determined by the intercept and provider id input parameters. The returned ClientAuthContext may be null, which signifies that there are no modules configured.

        The returned ClientAuthContext encapsulates both the configured modules, as well as the module invocation semantics (for example the order modules are to be invoked, and whether certain modules must succeed). Individual ClientAuthContext implementations may enforce custom module invocation semantics.

        Parameters:
        intercept - the interception point used to determine the modules configured for the returned ClientAuthContext. Standard values include:
        • HTTP
        • EJB
        • SOAP
        id - the provider id used to determine the modules configured for the returned ClientAuthContext, or null. If null, a default ID may be used.
        requestPolicy - the application request policy to be enfored by the modules, or null. If null, a default request policy may be used.
        responsePolicy - the application response policy to be enfored by the modules, or null. If null, a default response policy may be used.
        handler - the CallbackHandler to associate with the returned ClientAuthContext for use by configured modules to request information from the caller, or null. If null, a default handler may be used.
        Returns:
        a ClientAuthContext, or null.
        Throws:
        AuthException

      • getServerAuthContext

        public abstract ServerAuthContext getServerAuthContext​(String intercept,
                                                       String id,
                                                       AuthPolicy requestPolicy,
                                                       AuthPolicy responsePolicy,
                                                       CallbackHandler handler)
                                                throws AuthException
        Get a ServerAuthContext.

        The modules configured for the returned ServerAuthContext are determined by the intercept and provider id, input parameters. The returned ServerAuthContext may be null, which signifies that there are no modules configured.

        The returned ServerAuthContext encapsulates both the configured modules, as well as the module invocation semantics (for example the order modules are to be invoked, and whether certain modules must succeed). Individual ServerAuthContext implementations may enforce custom module invocation semantics.

        Parameters:
        intercept - the interception point used to determine the modules configured for the returned ServerAuthContext. Standard values include:
        • HTTP
        • EJB
        • SOAP
        id - the provider id used to determine the modules configured for the returned ClientAuthContext, or null. If null, a default id may be used.
        requestPolicy - the application request policy to be enfored by the modules, or null. If null, a default request policy may be used.
        responsePolicy - the application response policy to be enfored by the modules, or null. If null, a default response policy may be used.
        handler - the CallbackHandler to associate with the returned ClientAuthContext, which can be used by configured modules to request information from the caller, or null. If null, a default handler may be used.
        Returns:
        a ServerAuthContext, or null.
        Throws:
        AuthException

      • refresh

        public abstract void refresh()
                      throws AuthException
        Refresh the internal representation of the active configuration by re-reading the provider configs.
        Throws:
        AuthException