Package com.sun.enterprise.security.jaspic
JASPIC is the EE standard for taking care of the authentication aspects
of security. It allows for users to supply pluggable custom authentication mechanisms called SAMs
ServerAuthModule
.
Unlike Servlet or EE Security there are no default authentication mechanisms in JASPIC.
Code in this package builds upon the general (server independent) JASPIC Provider
Framework Reference Implementation (org.glassfish.main.security:jaspic.provider.framework
).
It adds to this framework by implementing the Payara specific bits.
For Web/Servlet requests the authentication code is called from Catalina (Tomcat) via
com.sun.web.security.RealmAdapter
and then com.sun.web.security.realmadapter.JaspicRealm
.
The pluggable authentication mechanisms are managed by the
AuthConfigFactory
. The Payara specific implementation of this is
GFAuthConfigFactory
, which is installed by
com.sun.enterprise.security.ee.JavaEESecurityLifecycle
.
-
Interface Summary Interface Description WebServicesDelegate A Delegate interface for handling WebServices specific security and JASPIC (JSR 196) providers. -
Class Summary Class Description AuthMessagePolicy Utility class for JASPIC appserver implementation.MessageSecurityConfigEventListenerImpl Listener class to handle admin message-security-config element events.