AuthenticationManager


1   /*
2    * JBoss, Home of Professional Open Source
3    *
4    * Distributable under LGPL license.
5    * See terms of license at gnu.org.
6    */
7   package org.jboss.security;
8   
9   import java.security.Principal  ;
10  import javax.security.auth.Subject  ;
11  
12  /** The AuthenticationManager is responsible for validating credentials
13   * associated with principals.
14   *      
15   * @author Scott.Stark@jboss.org
16   * @version $Revision: 1.3.4.1 $
17   */
18  public interface AuthenticationManager
19  {
20     /** Get the security domain from which the security manager is from. Every
21         security manager belongs to a named domain. The meaning of the security
22         domain name depends on the implementation. Examples range from as fine
23         grained as the name of EJBs to J2EE application names to DNS domain names.
24     @return the security domain name. May be null in which case the security
25         manager belongs to the logical default domain.
26     */
27     String   getSecurityDomain();
28  
29     /** The isValid method is invoked to see if a user identity and associated
30      credentials as known in the operational environment are valid proof of the
31      user identity. Typically this is implemented as a call to isValid with a
32      null Subject.
33  
34      @see #isValid(Principal, Object, Subject)
35  
36      @param principal - the user identity in the operation environment 
37      @param credential - the proof of user identity as known in the
38      operation environment 
39      @return true if the principal, credential pair is valid, false otherwise.
40     */
41     public boolean isValid(Principal   principal, Object   credential);
42  
43     /** The isValid method is invoked to see if a user identity and associated
44         credentials as known in the operational environment are valid proof of the
45         user identity. This extends AuthenticationManager version to provide a
46         copy of the resulting authenticated Subject. This allows a caller to
47         authenticate a user and obtain a Subject whose state cannot be modified
48         by other threads associated with the same principal.
49      @param principal - the user identity in the operation environment 
50      @param credential - the proof of user identity as known in the
51      operation environment
52      @param activeSubject - the Subject which should be populated with the
53        validated Subject contents. A JAAS based implementation would typically
54        populate the activeSubject with the LoginContext.login result.
55      @return true if the principal, credential pair is valid, false otherwise.
56     */
57     boolean isValid(Principal   principal, Object   credential,
58        Subject   activeSubject);
59  
60     /** Get the currently authenticated subject. Historically implementations of
61      AuthenticationManager isValid methods had the side-effect of setting the
62      active Subject. This caused problems with multi-threaded usecases where the
63      Subject instance was being shared by multiple threads. This is now deprecated
64      in favor of the JACC PolicyContextHandler getContext(key, data) method.
65  
66      @deprecated Use the JACC PolicyContextHandler using key "javax.security.auth.Subject.container"
67      @see javax.security.jacc.PolicyContextHandler#getContext(String, Object)
68  
69      @return The previously authenticated Subject if isValid succeeded, null if
70          isValid failed or has not been called for the active thread.
71      */
72     Subject   getActiveSubject();
73  }
74
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags