Package fish.payara.jacc

Interface JaccConfigurationFactory

  • public interface JaccConfigurationFactory
    An alternative interface for Payara's PolicyConfigurationFactory that allows to install a local (per application) Jacc Provider (authorization module).

    Note that this only works with Payara's default PolicyConfigurationFactory and not with any replacement global PolicyConfigurationFactory. It may be possible to make such replacement PolicyConfigurationFactory support installing local Jacc Providers by letting it implement this interface.

    Installing a local Jacc provider is only supported for a web module, and thus not for an EJB module. A future version of this interface may support EJB modules.

    A local Jacc provider can be installed using a ServletContextListener as follows: 

    
 @WebListener
public class JaccInstaller implements ServletContextListener {
 
  @Override
  public void contextInitialized(ServletContextEvent sce) {
      JaccConfigurationFactory.getJaccConfigurationFactory()
                              .registerContextProvider(
                                      getAppContextId(sce.getServletContext()),
                                      new TestPolicyConfigurationFactory(), 
                                      new TestPolicy());
  }
 
  private String getAppContextId(ServletContext servletContext) {
      return servletContext.getVirtualServerName() + " " + servletContext.getContextPath();
  }
 
}

    Author:
    Arjan Tijms

    • Method Detail

      • getJaccConfigurationFactory

        static JaccConfigurationFactory getJaccConfigurationFactory()
        This static method tries to obtain the global JaccConfigurationFactory, which means looking up the global PolicyConfigurationFactory and testing to see if its a JaccConfigurationFactory.
        Returns:
        the JaccConfigurationFactory
        Throws:
        IllegalStateException - if the underlying PolicyConfigurationFactory could not be obtained or the PolicyConfigurationFactory is not a JaccConfigurationFactory

      • getPolicyConfiguration

        jakarta.security.jacc.PolicyConfiguration getPolicyConfiguration​(String policyContextId,
                                                                 boolean remove)
                                                          throws jakarta.security.jacc.PolicyContextException
        Throws:
        jakarta.security.jacc.PolicyContextException
        See Also:
        PolicyConfigurationFactory.getPolicyConfiguration(String, boolean)

      • inService

        boolean inService​(String policycontextId)
           throws jakarta.security.jacc.PolicyContextException
        Throws:
        jakarta.security.jacc.PolicyContextException
        See Also:
        PolicyConfigurationFactory.inService(String)

      • registerContextProvider

        void registerContextProvider​(String applicationContextId,
                             jakarta.security.jacc.PolicyConfigurationFactory factory,
                             Policy policy)
        Registers a context (local) Jacc provider, consisting of its two elements.

        See the JACC spec for the requirements and behavior of the PolicyConfigurationFactory and the Policy.

        Note that this uses an applicationContextId for registration. This is a Servlet based ID to identify the current application. It's defined as follows: 

        
 private String getAppContextId(ServletContext servletContext) {
     return servletContext.getVirtualServerName() + " " + servletContext.getContextPath();
 }

        Parameters:
        applicationContextId - an ID identifying the application for which the Jacc provider is installed
        factory - the PolicyConfigurationFactory element of the Jacc Provider
        policy - the Policy element of the Jacc Provider
        Throws:
        SecurityException - when the calling code has not been granted the "setPolicy" SecurityPermission.

      • getContextProviderByPolicyContextId

        ContextProvider getContextProviderByPolicyContextId​(String policyContextId)
        Gets the context JACC provider that was set by registerContextProvider.

        Note that this uses the policyContextId, which is a JACC native ID instead of the Servlet based application ID that's used for registering. The mapping from the Servlet based ID to the JACC based ID is made known to the factory by the addContextIdMapping method.

        Parameters:
        policyContextId - the identifier of the JACC policy context
        Returns:
        the bundled PolicyConfigurationFactory and Policy if previously set, otherwise null

      • removeContextProviderByPolicyContextId

        ContextProvider removeContextProviderByPolicyContextId​(String policyContextId)
        Removes any context JACC provider that was set by registerContextProvider.

        Note that this uses the policyContextId, which is a JACC native ID instead of the Servlet based application ID that's used for registering. The mapping from the Servlet based ID to the JACC based ID is made known to the factory by the addContextIdMapping method.

        Parameters:
        policyContextId - the identifier of the JACC policy context
        Returns:
        the bundled PolicyConfigurationFactory and Policy if previously set, otherwise null

      • addContextIdMapping

        void addContextIdMapping​(String applicationContextId,
                         String policyContextId)
        Makes the mapping from the Servlet based context ID to the JACC based context ID known to the factory. This method should normally only be called by the container.
        Parameters:
        applicationContextId - Servlet based identifier for an application context
        policyContextId - JACC based identifier for an application context

      • removeContextIdMappingByPolicyContextId

        boolean removeContextIdMappingByPolicyContextId​(String policyContextId)
        Removes the mapping from the Servlet based context ID to the JACC based context ID known to the factory.
        Parameters:
        policyContextId - JACC based identifier for an application context
        Returns:
        true if one or more mappings were removed, false otherwise