ServerAuthModule


1   /*
2    * The contents of this file are subject to the terms 
3    * of the Common Development and Distribution License 
4    * (the License).  You may not use this file except in
5    * compliance with the License.
6    * 
7    * You can obtain a copy of the license at 
8    * https://glassfish.dev.java.net/public/CDDLv1.0.html or
9    * glassfish/bootstrap/legal/CDDLv1.0.txt.
10   * See the License for the specific language governing 
11   * permissions and limitations under the License.
12   * 
13   * When distributing Covered Code, include this CDDL 
14   * Header Notice in each file and include the License file 
15   * at glassfish/bootstrap/legal/CDDLv1.0.txt.  
16   * If applicable, add the following below the CDDL Header, 
17   * with the fields enclosed by brackets [] replaced by
18   * you own identifying information: 
19   * "Portions Copyrighted [year] [name of copyright owner]"
20   * 
21   * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22   */
23  
24  package com.sun.enterprise.security.jauth;
25  
26  import java.util.Map  ;
27  import javax.security.auth.Subject  ;
28  import javax.security.auth.login.Configuration  ;
29  import javax.security.auth.callback.CallbackHandler  ;
30  
31  /**
32   * This interface describes a module that can be configured
33   * for a ServerAuthContext.  The main purpose of this module
34   * is to validate client requests and to secure responses back to the client.
35   *
36   * <p> A module implementation must assume it may be shared
37   * across different requests from different clients.
38   * It is the module implementation's responsibility to properly
39   * store and restore any state necessary to associate new requests
40   * with previous responses.  A module that does not need to do so
41   * may remain completely stateless.
42   *
43   * <p> Modules are passed a shared state Map that can be used
44   * to save state across a sequence of calls from <code>validateRequest</code>
45   * to <code>secureResponse</code> to <code>disposeSubject</code>.
46   * The same Map instance is guaranteed to be passed to all methods
47   * in the call sequence.  Furthermore, it should be assumed that
48   * each call sequence is passed its own unique shared state Map instance.
49   *
50   * @version %I%, %G%
51   */
52  public interface ServerAuthModule {
53  
54      /**
55       * Initialize this module with a policy to enforce,
56       * a CallbackHandler, and administrative options.
57       *
58       * <p> Either the the request policy or the response policy (or both)
59       * must be non-null.  
60       *
61       * @param requestPolicy the request policy this module is to enforce,
62       *      which may be null.
63       *
64       * @param responsePolicy the response policy this module is to enforce,
65       *      which may be null.
66       *
67       * @param handler CallbackHandler used to request information
68       *      from the caller.
69       *
70       * @param options administrative options.
71       */
72      void initialize(AuthPolicy requestPolicy,
73          AuthPolicy responsePolicy,
74          CallbackHandler   handler,
75          Map   options);
76  
77      /**
78       * Authenticate a client request.
79       *
80       * <p> The AuthParam input parameter encapsulates the client request and
81       * server response objects.  This ServerAuthModule validates the client
82       * request object (decrypts content and verifies a signature, for example).
83       *
84       * @param param an authentication parameter that encapsulates the
85       *          client request and server response objects.
86       *
87       * @param subject the subject may be used by configured modules
88       *      to store and Principals and credentials validated
89       *      in the request.
90       *
91       * @param sharedState a Map for modules to save state across
92       *      a sequence of calls from <code>validateRequest</code>
93       *      to <code>secureResponse</code> to <code>disposeSubject</code>.
94       *
95       * @exception PendingException if the operation is pending
96       *      (for example, when a module issues a challenge).
97       *      The module must have updated the response object
98       *      in the AuthParam.
99       *
100      * @exception FailureException if the authentication failed.
101      *      The module must have updated the response object
102      *      in the AuthParam.
103      *
104      * @exception AuthException if the operation failed.
105      */
106     void validateRequest(AuthParam param,
107             Subject   subject,
108             Map   sharedState)
109         throws AuthException;
110 
111     /**
112      * Secure the response to the client
113      * (sign and encrypt the response, for example).
114      *
115      * @param param an authentication parameter that encapsulates the
116      *          client request and server response objects.
117      *
118      * @param subject the subject may be used by configured modules
119      *      to obtain credentials needed to secure the response, or null.
120      *      If null, the module may use a CallbackHandler to obtain
121      *      the necessary information.
122      *
123      * @param sharedState a Map for modules to save state across
124      *      a sequence of calls from <code>validateRequest</code>
125      *      to <code>secureResponse</code> to <code>disposeSubject</code>.
126      *
127      * @exception AuthException if the operation failed.
128      */
129     void secureResponse(AuthParam param,
130             Subject   subject,
131             Map   sharedState)
132         throws AuthException;
133 
134     /**
135      * Dispose of the Subject.
136      *
137      * <p> Remove Principals or credentials from the Subject object
138      * that were stored during <code>validateRequest</code>.
139      *
140      * @param subject the Subject instance to be disposed.
141      *
142      * @param sharedState a Map for modules to save state across
143      *      a sequence of calls from <code>validateRequest</code>
144      *      to <code>secureResponse</code> to <code>disposeSubject</code>.
145      *
146      * @exception AuthException if the operation failed.
147      */
148     void disposeSubject(Subject   subject, Map   sharedState)
149         throws AuthException;
150 }
151
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags