Interface AdminAccessController
-
- All Known Implementing Classes:
GenericAdminAuthenticator
@Contract public interface AdminAccessController
Determines the behavior of administrative access to GlassFish v3. It should be enhanced to take into account Role-based Access Control. As of GlassFish v3, this takes care of authentication alone.- Author:
- केदार ([email protected])
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static class
AdminAccessController.Access
Represents the possible types of access granted as the result of logging in as an admin user.
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description Subject
loginAsAdmin(String user, String password, String realm, String originHost)
Authenticates the admin user by delegating to the underlying realm.Subject
loginAsAdmin(org.glassfish.grizzly.http.server.Request request)
Authenticates the admin user by delegating to the underlying realm.Subject
loginAsAdmin(org.glassfish.grizzly.http.server.Request request, String hostname)
Authenticates the admin user by delegating to the underlying realm.
-
-
-
Method Detail
-
loginAsAdmin
Subject loginAsAdmin(String user, String password, String realm, String originHost) throws LoginException
Authenticates the admin user by delegating to the underlying realm. The implementing classes should use the GlassFish security infrastructure constructs like LoginContextDriver. This method assumes that the realm infrastructure is available in both the configuration and runtime of the server.Like the name suggests the method also ensures that the admin group membership is satisfied.
- Parameters:
user
- String representing the user name of the user doing an admin opearationpassword
- String representing clear-text password of the user doing an admin operationrealm
- String representing the name of the admin realm for given serveroriginHost
- the host from which the request was sent- Returns:
- Subject for an admin user
- Throws:
LoginException
- if the credentials do not authenticateRemoteAdminAccessException
- if the request is remote but remote access is disabled
-
loginAsAdmin
Subject loginAsAdmin(org.glassfish.grizzly.http.server.Request request) throws LoginException
Authenticates the admin user by delegating to the underlying realm. The implementing classes should use the GlassFish security infrastructure constructs like LoginContextDriver. This method assumes that the realm infrastructure is available in both the configuration and runtime of the server.This variant also logs the requester in as an admin if the specified Principal matches the Principal from the certificate in the truststore associated with the alias configured in the domain configuration. Typically, methods invoking this variant should pass the Principal associated with the request as reported by the secure transport and the value from the X-GlassFish-admin header (null if no such header exists).
- Returns:
- Subject for an admin user
- Throws:
LoginException
- if the credentials do not authenticateRemoteAdminAccessException
- if the request is remote but remote access is disabled
-
loginAsAdmin
Subject loginAsAdmin(org.glassfish.grizzly.http.server.Request request, String hostname) throws LoginException
Authenticates the admin user by delegating to the underlying realm. The implementing classes should use the GlassFish security infrastructure constructs like LoginContextDriver. This method assumes that the realm infrastructure is available in both the configuration and runtime of the server.This variant also logs the requester in as an admin if the specified Principal matches the Principal from the certificate in the truststore associated with the alias configured in the domain configuration. Typically, methods invoking this variant should pass the Principal associated with the request as reported by the secure transport and the value from the X-GlassFish-admin header (null if no such header exists).
- Parameters:
hostname
- the originating host- Returns:
- Subject for an admin user
- Throws:
LoginException
- if the credentials do not authenticateRemoteAdminAccessException
- if the request is remote but remote access is disabled
-
-