All Classes and Interfaces
Class
Description
This base class defines the methods that Security Context should exhibit.
This class is part of the interface between J2EE RI and security interceptors.
This class provides an optimization for some methods in java.security.AccessController.
Defines the behavior for audit manager implementations.
This interface is used by the Authentication Service to have the Principal authenticated by the realm.
This interface stores the status of the authentication.
This class implements an AuthenticationStatus object.
Exception thrown when a Realm is found to be corrupted for some reason.
Exception thrown when a User is found to be corrupted for some reason.
Basic implementation of audit manager.
Base class that should be extended by all classes that wish to provide their own Audit support.
Abstract base class for certificate-based login modules.
Abstract base class for password-based login modules.
Permission for using programmatic login.
Parent class for iAS Realm classes.
Realm wrapper for supporting certificate authentication.
A
LoginModule for CertificateRealm can instantiate and pass a
AppContextCallback to handle method of the passed CallbackHandler to retrieve
the application name information.Change Admin Password Command
Usage: change-admin-password [--user admin_user] [--terse=false] [--echo=false] [--host localhost] [--port 4848|4849]
[--secure | -s]
This LoginModule authenticates users with X509 certificates.
This sample LoginModule authenticates users with a password.
This class represents the security context on the client side.
This object represents the permission to invoke on a set of CORBA objects that are not EJBs.
Create Audit Module Command
Usage: create-audit-module --classname classnme [--terse=false] [--echo=false] [--interactive=true] [--host localhost] [--port
4848|4849] [--secure | -s] [--user admin_user] [--passwordfile file_name] [--property (name=value) [:name=value]*] [--target
target(Default server)] audit_module_name
domain.xml element example <audit-module classname="com.foo.security.Audit" name="AM">
CLI command to create JACC Provider
Usage: create-auth-realm --classname realm_class [--terse=false] [--interactive=true] [--host localhost] [--port 4848|4849]
[--secure | -s] [--user admin_user] [--passwordfile file_name] [--property (name=value)[:name=value]*] [--echo=false]
[--target target(Default server)] auth_realm_name
domain.xml element example <auth-realm name="file" classname="com.sun.enterprise.security.auth.realm.file.FileRealm">
Create File User Command Usage: create-file-user [--terse=false] [--echo=false] [--interactive=true] [--host localhost]
[--port 4848|4849] [--secure | -s] [--user admin_user] [--userpassword admin_passwd] [--passwordfile file_name] [--groups
user_groups[:user_groups]*] [--authrealmname authrealm_name] [--target target(Default server)] username
Create Jacc Provider Command
Usage: create-jacc-provider --policyconfigfactoryclass pc_factory_class --policyproviderclass pol_provider_class [--help]
[--user admin_user] [--passwordfile file_name] [ --property (name=value)[:name=value]*] [ --target target_name]
jacc_provider_name
domain.xml element example
<jacc-provider policy-provider="org.glassfish.exousia.modules.locked.SimplePolicyProvider" name="default"
policy-configuration-factory-provider="org.glassfish.exousia.modules.locked.SimplePolicyConfigurationFactory">
Create Message Security Provider Command
Usage: create-message-security-provider [--terse=false] [--echo=false] [--interactive=true] [--host localhost] [--port
4848|4849] [--secure | -s] [--user admin_user] [--passwordfile file_name] [--target target(Default server)] [--layer
message_layer=SOAP] [--providertype provider_type] [--requestauthsource request_auth_source] [--requestauthrecipient
request_auth_recipient] [--responseauthsource response_auth_source] [--responseauthrecipient response_auth_recipient]
[--isdefaultprovider] [--property (name=value)[:name=value]*] --classname provider_class provider_name
domain.xml element example
<message-security-config auth-layer="SOAP">
<provider-config class-name="com.sun.wss.provider.ClientSecAuthModule" provider-id="XWS_ClientProvider" provider-type=
"client"> <request-policy auth-source="content"/> <response-policy auth-source="content"/>
Create Password Alias Command
Usage: create-password-alias [--terse=false] [--echo=false] [--interactive=true] [--host localhost] [--port 4848|4849]
[--secure | -s] [--user admin_user] [--passwordfile file_name] aliasname
Result of the command is that: <domain-dir>/<domain-name>/config/domain-passwords file gets appended with the entry of the
form: aliasname=
A user can use this aliased password now in setting passwords in domain.xml.
Custom socket factory for ldaps (SSL).
Delete Audit Module Command
Usage: delete-audit-module [--terse=false] [--echo=false] [--interactive=true] [--host localhost] [--port 4848|4849] [--secure
| -s] [--user admin_user] [--passwordfile file_name] [--target target(Default server)] auth_realm_name
Delete Auth Realm Command
Usage: delete-auth-realm [--terse=false] [--echo=false] [--interactive=true] [--host localhost] [--port 4848|4849] [--secure |
-s] [--user admin_user] [--passwordfile file_name] [--target target(Default server)] auth_realm_name
Delete File User Command Usage: delete-file-user [--terse=false] [--echo=false] [--interactive=true] [--host localhost]
[--port 4848|4849] [--secure | -s] [--user admin_user] [--passwordfile file_name] [--authrealmname authrealm_name] [--target
target(Default server)] username
Usage: delete-jacc-provider [--help] [--user admin_user] [--passwordfile file_name] [ --target target_name] jacc_provider_name
Delete Message Security Provider Command
Usage: delete-message-security-provider --layer message_layer [--terse=false] [--echo=false] [--interactive=true] [--host
localhost] [--port 4848|4849] [--secure | -s] [--user admin_user] [--passwordfile file_name] [--target target(Defaultserver)]
provider_name
Delete Password Alias Command
Usage: delete-password-alias [--terse=false] [--echo=false] [--interactive=true] [--host localhost] [--port 4848|4849]
[--secure | -s] [--user admin_user] [--passwordfile file_name] aliasname
Result of the command is that: The entry of the form: aliasname=<password-encrypted-with-masterpassword> in
<domain-dir>/<domain-name>/config/domain-passwords file is removed
domain.xml example entry is:
<provider-config class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-id="XWS_ClientProvider" provider-type
="client"> <property name="password" value="${ALIAS=myalias}/> </provider-config>
Interface to Digest algorithm parameters
Adjusts the DAS configuration to turn off secure admin, as if by executing these commands:
Utility contact to copy the security related config files from the passed non-embedded instanceDir to the embedded server
instance's config.
Utility file to copy the security related config files from the passed non-embedded instanceDir to the embedded server
instance's config.
Records that secure admin is to be used and adjusts each admin listener configuration in the domain to use secure admin.
File realm login module.
Realm wrapper for supporting file password authentication.
Represents a FileRealm user.
Exception thrown when an operation is requested to remove a group that has a list of users.
A group of principals.
This class implements the GSSAPI exported name functionality as required by CSIV2.
An implementation of a LoginDialog that presents a swing based GUI for querying username and password.
Parent class for iAS Realm classes.
Parent class for iAS Realm classes.
General exception class for iAS security failures.
Exception thrown when an operation is invoked on a realm that does not support it.
This is an remote interface provided to the RealmManager This allows the realms to be updated while the server is running.
This a J2EE specific Key Manager class that is used to select user certificates for SSL client authentication.
Represents the Key(username+realmname+passwd) to be used in the Digest calculation.
iAS JAAS LoginModule for an LDAP Realm.
Realm wrapper for supporting LDAP authentication.
List Audit Modules Command Usage: list-audit-modules [--terse=false] [--echo=false] [--interactive=true] [--host localhost]
[--port 4848|4849] [--secure | -s] [--user admin_user] [--passwordfile file_name] [target(Default server)]
List Auth Realms Command Usage: list-auth-realms [--terse=false] [--echo=false] [--interactive=true] [--host localhost]
[--port 4848|4849] [--secure | -s] [--user admin_user] [--passwordfile file_name] [target(Default server)]
List File GroupsCommand Usage: list-file-groups [--terse={true|false}][ --echo={true|false} ] [ --interactive={true|false} ]
[--host host] [--port port] [--secure| -s ] [--user admin_user] [--passwordfile filename] [--help] [--name username]
[--authrealmname auth_realm_name] [ target]
List File Users Command Usage: list-file-users [--terse=false] [--echo=false] [--interactive=true] [--host localhost] [--port
4848|4849] [--secure | -s] [--user admin_user] [--passwordfile file_name] [--authrealmname authrealm_name] [target(Default
server)]
Usage: list-jacc-providers [--help] [--user admin_user] [--passwordfile file_name] [target(Default server)]
List Message Security Providers Command
Usage: list-message-security-providers [--terse=false] [--echo=false] [--interactive=true] [--host localhost] [--port
4848|4849] [--secure | -s] [--user admin_user] [--passwordfile file_name] [--layer message_layer] [target(Default server)]
List Password Aliases Command
Usage: list-password-aliases [--terse=false] [--echo=false] [--interactive=true] [--host localhost] [--port 4848|4849]
[--secure | -s] [--user admin_user] [--passwordfile file_name]
Result of the command is that: <domain-dir>/<domain-name>/config/domain-passwords file gets appended with the entry of the
form: aliasname=
A user can use this aliased password now in setting passwords in domin.xml.
author - Nithya Subramanian
Usage: list-supported-cipher-suites [--help] [--user admin_user] [--passwordfile file_name] [target_name(default server)]
This is the default callback handler provided by the application client container.
This class is kept for CTS.
This class is invoked implicitly by the server to log in the user information that was sent on the wire by the client.
LoginManager needs implementations of this class for accessing the username and passwords.
LoginException is thrown by the LoginContext class whenever the following happens:
If the client is unable to authenticate successfully with the
Interface representing nested DigestAlgorithm parameter values
Exception thrown when an operation is requested on a realm which does not exist.
Exception thrown when an operation is requested on a user which does not exist.
represents plain text password and pre hashed(username+realmname+password) password.
This class holds the user password for the shared password realm and the realm name.
Provided for backward compatibility with SunOne 7.0 Newer implementations should extend
com.sun.appserv.security.BasePasswordLoginModule
Abstract base class for password-based login modules.
Loads the Default Policy File into the system.
Factory for Group and Principal instances.
Enables formatting of principal retrieved from message eg: P-Asserted-Identity values.
This remote interface enables the deployment tool to query the details of the Privilege.
This method provides an implementation a Privilege
javadoc
RealmConfig usable by standalone : Admin CLI for creating Realms It has a subset of functionality defined in
com.sun.enterprise.security.RealmConfig
Just a Base class to make exporting remote objects a bit easier...
Provides common behavior for the enable and disable secure admin commands.
Tracks changes to secure admin configuration, basically so it can report restart-required.
Upgrades older config to current.
Various utility methods which support secure admin operations.
Starting in GlassFish 3.1.2, the DAS uses SSL to send admin requests to instances regardless of whether the user has enabled
secure admin.
Common logic for formal upgrade (i.e., start-domain --upgrade) and silent upgrade (starting a newer version of GlassFish using
an older version's domain.xml).
A subject is used a container for passing the security context information in the service context field.
This class that extends AbstractSecurityContext that gets stored in Thread Local Storage.
Acts as a security context proxy
This class extends default implementation of ServerLifecycle interface.
This interface is used by the Container to manage access to EJBs.
The only thing that needs to added Extra for SecurityService migration is the addition of the new JACC provider.
This is the default callback handler provided by the application client container.
Solaris realm login module.
Realm wrapper for supporting Solaris authentication.
Handy class containing static functions.
This implementation of LoginDialog If these are not set, then it queries the user in the command window.
validate Timestamp received in messages.
Enables developers to provide custom implementation to enable sip containers to determine if a network entity can be trusted.
Update File User Command
Usage: update-file-user [--terse=false] [--echo=false] [--interactive=true] [--host localhost] [--port 4848|4849] [--secure |
-s] [--user admin_user] [--passwordfile file_name] [--userpassword admin_passwd] [--groups user_groups[:user_groups]*]
[--authrealmname authrealm_name] [--target target(Default server)] username
Update Password Alias Command
Usage: update-password-alias [--terse=false] [--echo=false] [--interactive=true] [--host localhost] [--port 4848|4849]
[--secure | -s] [--user admin_user] [--passwordfile file_name] aliasname
Result of the command is that: the entry of the form: aliasname=<password-encrypted-with-masterpassword> in
<domain-dir>/<domain-name>/config/domain-passwords file gets updated with the new alias password
domain.xml example entry is:
<provider-config class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-id="XWS_ClientProvider" provider-type
="client"> <property name="password" value="${ALIAS=myalias}/> </provider-config>
All users are principals ...
This class is used to share information between either of the following scenarios 1.
This class holds the user certificate for the certificate realm and the realm name.