KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > security > AuthenticationManager


1 /*
2  * JBoss, Home of Professional Open Source
3  *
4  * Distributable under LGPL license.
5  * See terms of license at gnu.org.
6  */

7 package org.jboss.security;
8
9 import java.security.Principal JavaDoc;
10 import javax.security.auth.Subject JavaDoc;
11
12 /** The AuthenticationManager is responsible for validating credentials
13  * associated with principals.
14  *
15  * @author Scott.Stark@jboss.org
16  * @version $Revision: 1.3.4.1 $
17  */

18 public interface AuthenticationManager
19 {
20    /** Get the security domain from which the security manager is from. Every
21        security manager belongs to a named domain. The meaning of the security
22        domain name depends on the implementation. Examples range from as fine
23        grained as the name of EJBs to J2EE application names to DNS domain names.
24    @return the security domain name. May be null in which case the security
25        manager belongs to the logical default domain.
26    */

27    String JavaDoc getSecurityDomain();
28
29    /** The isValid method is invoked to see if a user identity and associated
30     credentials as known in the operational environment are valid proof of the
31     user identity. Typically this is implemented as a call to isValid with a
32     null Subject.
33
34     @see #isValid(Principal, Object, Subject)
35
36     @param principal - the user identity in the operation environment
37     @param credential - the proof of user identity as known in the
38     operation environment
39     @return true if the principal, credential pair is valid, false otherwise.
40    */

41    public boolean isValid(Principal JavaDoc principal, Object JavaDoc credential);
42
43    /** The isValid method is invoked to see if a user identity and associated
44        credentials as known in the operational environment are valid proof of the
45        user identity. This extends AuthenticationManager version to provide a
46        copy of the resulting authenticated Subject. This allows a caller to
47        authenticate a user and obtain a Subject whose state cannot be modified
48        by other threads associated with the same principal.
49     @param principal - the user identity in the operation environment
50     @param credential - the proof of user identity as known in the
51     operation environment
52     @param activeSubject - the Subject which should be populated with the
53       validated Subject contents. A JAAS based implementation would typically
54       populate the activeSubject with the LoginContext.login result.
55     @return true if the principal, credential pair is valid, false otherwise.
56    */

57    boolean isValid(Principal JavaDoc principal, Object JavaDoc credential,
58       Subject JavaDoc activeSubject);
59
60    /** Get the currently authenticated subject. Historically implementations of
61     AuthenticationManager isValid methods had the side-effect of setting the
62     active Subject. This caused problems with multi-threaded usecases where the
63     Subject instance was being shared by multiple threads. This is now deprecated
64     in favor of the JACC PolicyContextHandler getContext(key, data) method.
65
66     @deprecated Use the JACC PolicyContextHandler using key "javax.security.auth.Subject.container"
67     @see javax.security.jacc.PolicyContextHandler#getContext(String, Object)
68
69     @return The previously authenticated Subject if isValid succeeded, null if
70         isValid failed or has not been called for the active thread.
71     */

72    Subject JavaDoc getActiveSubject();
73 }
74
Popular Tags