Class AuthConfig
- java.lang.Object
-
- com.sun.enterprise.security.jauth.AuthConfig
-
public abstract class AuthConfig extends Object
This class manages the configuration AuthModules.An AuthModule represents a pluggable component for performing security-related request and response processing, and can be configured for a particular interception point and provider ID. The provider ID is an administrator-defined value. The standard interception points include:
- HTTP
- EJB
- SOAP
Information may be associated with a configured module, including its fully qualified class name (so it can be instantiated), and module options (which help tune the behavior of the module). It is the responsibility of the AuthConfig implementation to load any required module information.
Callers do not operate on AuthModules directly. Instead they rely on a ClientAuthContext or ServerAuthContext to manage the invocation of modules. A caller obtains an instance of ClientAuthContext or ServerAuthContext by calling the
getClientAuthContext
orgetServerAuthContext
method, respectively. Each method takes as arguments an intercept, an id, a requestPolicy, and a responsePolicy.An AuthConfig implementation determines the modules to be invoked via the intercept and id values. It then encapsulates those modules in a ClientAuthContext or ServerAuthContext instance, and returns that instance. The returned object is responsible for instantiating, initializing, and invoking the configured modules (when called upon).
The module initializion step involves calling each configured module's
AuthModule.initialize
method. The received requestPolicy and responsePolicy are passed to this method. It is then the modules' responsibility, when invoked, to enforce these policies.A system-wide AuthConfig instance can be retrieved by invoking
getConfig
. A default implementation is provided, and can be replaced by setting the value of the "authconfig.provider" security property (in the Java security properties file) to the fully qualified name of the desired implementation class. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> refers to the directory where the JDK was installed.- Version:
- %I%, %G%
- See Also:
ClientAuthContext
,ServerAuthContext
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
AuthConfig()
Sole constructor.
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description static AuthConfig
getAuthConfig()
Get a system-wide module configuration.abstract ClientAuthContext
getClientAuthContext(String intercept, String id, AuthPolicy requestPolicy, AuthPolicy responsePolicy, CallbackHandler handler)
Get a ClientAuthContext.abstract ServerAuthContext
getServerAuthContext(String intercept, String id, AuthPolicy requestPolicy, AuthPolicy responsePolicy, CallbackHandler handler)
Get a ServerAuthContext.abstract void
refresh()
Refresh the internal representation of the active configuration by re-reading the provider configs.static void
setAuthConfig(AuthConfig config)
Set a system-wide module configuration.
-
-
-
Field Detail
-
HTTP
public static final String HTTP
HTTP interception point.- See Also:
- Constant Field Values
-
EJB
public static final String EJB
EJB interception point.- See Also:
- Constant Field Values
-
SOAP
public static final String SOAP
SOAP interception point.- See Also:
- Constant Field Values
-
-
Method Detail
-
getAuthConfig
public static AuthConfig getAuthConfig()
Get a system-wide module configuration.If an AuthConfig object was set via the
setAuthConfig
method, then that object is returned. Otherwise, an instance of the AuthConfig object configured in the authconfig.provider security property is returned. If that property is not set, a default implementation is returned.- Returns:
- a system-wide AuthConfig instance.
- Throws:
SecurityException
- if the caller does not have permission to retrieve the configuration.
-
setAuthConfig
public static void setAuthConfig(AuthConfig config)
Set a system-wide module configuration.- Parameters:
config
- the new configuration.- Throws:
SecurityException
- if the caller does not have permission to set the configuration.
-
getClientAuthContext
public abstract ClientAuthContext getClientAuthContext(String intercept, String id, AuthPolicy requestPolicy, AuthPolicy responsePolicy, CallbackHandler handler) throws AuthException
Get a ClientAuthContext.The modules configured for the returned ClientAuthContext are determined by the intercept and provider id input parameters. The returned ClientAuthContext may be null, which signifies that there are no modules configured.
The returned ClientAuthContext encapsulates both the configured modules, as well as the module invocation semantics (for example the order modules are to be invoked, and whether certain modules must succeed). Individual ClientAuthContext implementations may enforce custom module invocation semantics.
- Parameters:
intercept
- the interception point used to determine the modules configured for the returned ClientAuthContext. Standard values include:- HTTP
- EJB
- SOAP
id
- the provider id used to determine the modules configured for the returned ClientAuthContext, or null. If null, a default ID may be used.requestPolicy
- the application request policy to be enfored by the modules, or null. If null, a default request policy may be used.responsePolicy
- the application response policy to be enfored by the modules, or null. If null, a default response policy may be used.handler
- the CallbackHandler to associate with the returned ClientAuthContext for use by configured modules to request information from the caller, or null. If null, a default handler may be used.- Returns:
- a ClientAuthContext, or null.
- Throws:
AuthException
-
getServerAuthContext
public abstract ServerAuthContext getServerAuthContext(String intercept, String id, AuthPolicy requestPolicy, AuthPolicy responsePolicy, CallbackHandler handler) throws AuthException
Get a ServerAuthContext.The modules configured for the returned ServerAuthContext are determined by the intercept and provider id, input parameters. The returned ServerAuthContext may be null, which signifies that there are no modules configured.
The returned ServerAuthContext encapsulates both the configured modules, as well as the module invocation semantics (for example the order modules are to be invoked, and whether certain modules must succeed). Individual ServerAuthContext implementations may enforce custom module invocation semantics.
- Parameters:
intercept
- the interception point used to determine the modules configured for the returned ServerAuthContext. Standard values include:- HTTP
- EJB
- SOAP
id
- the provider id used to determine the modules configured for the returned ClientAuthContext, or null. If null, a default id may be used.requestPolicy
- the application request policy to be enfored by the modules, or null. If null, a default request policy may be used.responsePolicy
- the application response policy to be enfored by the modules, or null. If null, a default response policy may be used.handler
- the CallbackHandler to associate with the returned ClientAuthContext, which can be used by configured modules to request information from the caller, or null. If null, a default handler may be used.- Returns:
- a ServerAuthContext, or null.
- Throws:
AuthException
-
refresh
public abstract void refresh() throws AuthException
Refresh the internal representation of the active configuration by re-reading the provider configs.- Throws:
AuthException
-
-