com.sun.enterprise.security.jauth

Class AuthConfig

java.lang.Object

com.sun.enterprise.security.jauth.AuthConfig

public abstract class AuthConfig
extends Object

This class manages the configuration AuthModules.

An AuthModule represents a pluggable component for performing security-related request and response processing, and can be configured for a particular interception point and provider ID. The provider ID is an administrator-defined value. The standard interception points include:

• HTTP
• EJB
• SOAP

Information may be associated with a configured module, including its fully qualified class name (so it can be instantiated), and module options (which help tune the behavior of the module). It is the responsibility of the AuthConfig implementation to load any required module information.

Callers do not operate on AuthModules directly. Instead they rely on a ClientAuthContext or ServerAuthContext to manage the invocation of modules. A caller obtains an instance of ClientAuthContext or ServerAuthContext by calling the getClientAuthContext or getServerAuthContext method, respectively. Each method takes as arguments an intercept, an id, a requestPolicy, and a responsePolicy.

An AuthConfig implementation determines the modules to be invoked via the intercept and id values. It then encapsulates those modules in a ClientAuthContext or ServerAuthContext instance, and returns that instance. The returned object is responsible for instantiating, initializing, and invoking the configured modules (when called upon).

The module initializion step involves calling each configured module's AuthModule.initialize method. The received requestPolicy and responsePolicy are passed to this method. It is then the modules' responsibility, when invoked, to enforce these policies.

A system-wide AuthConfig instance can be retrieved by invoking getConfig. A default implementation is provided, and can be replaced by setting the value of the "authconfig.provider" security property (in the Java security properties file) to the fully qualified name of the desired implementation class. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> refers to the directory where the JDK was installed.

Version:

%I%, %G%

See Also:

ClientAuthContext, ServerAuthContext

Field Summary

Fields

Modifier and Type	Field and Description
static String	EJB EJB interception point.
static String	HTTP HTTP interception point.
static String	SOAP SOAP interception point.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	AuthConfig() Sole constructor.

Method Summary

Modifier and Type	Method and Description
static AuthConfig	getAuthConfig() Get a system-wide module configuration.
abstract ClientAuthContext	getClientAuthContext(String intercept, String id, AuthPolicy requestPolicy, AuthPolicy responsePolicy, CallbackHandler handler) Get a ClientAuthContext.
abstract ServerAuthContext	getServerAuthContext(String intercept, String id, AuthPolicy requestPolicy, AuthPolicy responsePolicy, CallbackHandler handler) Get a ServerAuthContext.
abstract void	refresh() Refresh the internal representation of the active configuration by re-reading the provider configs.
static void	setAuthConfig(AuthConfig config) Set a system-wide module configuration.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

HTTP

public static final String HTTP

HTTP interception point.

See Also:

Constant Field Values

EJB

public static final String EJB

EJB interception point.

See Also:

Constant Field Values

SOAP

public static final String SOAP

SOAP interception point.

See Also:

Constant Field Values

Constructor Detail

AuthConfig

protected AuthConfig()

Sole constructor. (For invocation by subclass constructors, typically implicit.)

Method Detail

getAuthConfig

public static AuthConfig getAuthConfig()

Get a system-wide module configuration.

If an AuthConfig object was set via the setAuthConfig method, then that object is returned. Otherwise, an instance of the AuthConfig object configured in the authconfig.provider security property is returned. If that property is not set, a default implementation is returned.

Returns:

a system-wide AuthConfig instance.

Throws:

SecurityException - if the caller does not have permission to retrieve the configuration.

setAuthConfig

public static void setAuthConfig(AuthConfig config)

Set a system-wide module configuration.

Parameters:

config - the new configuration.

Throws:

SecurityException - if the caller does not have permission to set the configuration.

getClientAuthContext

public abstract ClientAuthContext getClientAuthContext(String intercept,
                                                       String id,
                                                       AuthPolicy requestPolicy,
                                                       AuthPolicy responsePolicy,
                                                       CallbackHandler handler)
                                                throws AuthException

Get a ClientAuthContext.

The modules configured for the returned ClientAuthContext are determined by the intercept and provider id input parameters. The returned ClientAuthContext may be null, which signifies that there are no modules configured.

The returned ClientAuthContext encapsulates both the configured modules, as well as the module invocation semantics (for example the order modules are to be invoked, and whether certain modules must succeed). Individual ClientAuthContext implementations may enforce custom module invocation semantics.

Parameters:

intercept - the interception point used to determine the modules configured for the returned ClientAuthContext. Standard values include:

• HTTP
• EJB
• SOAP

id - the provider id used to determine the modules configured for the returned ClientAuthContext, or null. If null, a default ID may be used.

requestPolicy - the application request policy to be enfored by the modules, or null. If null, a default request policy may be used.

responsePolicy - the application response policy to be enfored by the modules, or null. If null, a default response policy may be used.

handler - the CallbackHandler to associate with the returned ClientAuthContext for use by configured modules to request information from the caller, or null. If null, a default handler may be used.

Returns:

a ClientAuthContext, or null.

Throws:

AuthException

getServerAuthContext

public abstract ServerAuthContext getServerAuthContext(String intercept,
                                                       String id,
                                                       AuthPolicy requestPolicy,
                                                       AuthPolicy responsePolicy,
                                                       CallbackHandler handler)
                                                throws AuthException

Get a ServerAuthContext.

The modules configured for the returned ServerAuthContext are determined by the intercept and provider id, input parameters. The returned ServerAuthContext may be null, which signifies that there are no modules configured.

The returned ServerAuthContext encapsulates both the configured modules, as well as the module invocation semantics (for example the order modules are to be invoked, and whether certain modules must succeed). Individual ServerAuthContext implementations may enforce custom module invocation semantics.

Parameters:

intercept - the interception point used to determine the modules configured for the returned ServerAuthContext. Standard values include:

• HTTP
• EJB
• SOAP

id - the provider id used to determine the modules configured for the returned ClientAuthContext, or null. If null, a default id may be used.

requestPolicy - the application request policy to be enfored by the modules, or null. If null, a default request policy may be used.

responsePolicy - the application response policy to be enfored by the modules, or null. If null, a default response policy may be used.

handler - the CallbackHandler to associate with the returned ClientAuthContext, which can be used by configured modules to request information from the caller, or null. If null, a default handler may be used.

Returns:

a ServerAuthContext, or null.

Throws:

AuthException

refresh

public abstract void refresh()
                      throws AuthException

Refresh the internal representation of the active configuration by re-reading the provider configs.

Throws:

AuthException