01: /*
02: * JBoss, Home of Professional Open Source.
03: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
04: * as indicated by the @author tags. See the copyright.txt file in the
05: * distribution for a full listing of individual contributors.
06: *
07: * This is free software; you can redistribute it and/or modify it
08: * under the terms of the GNU Lesser General Public License as
09: * published by the Free Software Foundation; either version 2.1 of
10: * the License, or (at your option) any later version.
11: *
12: * This software is distributed in the hope that it will be useful,
13: * but WITHOUT ANY WARRANTY; without even the implied warranty of
14: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15: * Lesser General Public License for more details.
16: *
17: * You should have received a copy of the GNU Lesser General Public
18: * License along with this software; if not, write to the Free
19: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21: */
22: package org.jboss.security;
23:
24: import java.security.Principal;
25: import javax.security.auth.Subject;
26:
27: /** The AuthenticationManager is responsible for validating credentials
28: * associated with principals.
29: *
30: * @author Scott.Stark@jboss.org
31: * @version $Revision: 57203 $
32: */
33: public interface AuthenticationManager {
34: /** Get the security domain from which the security manager is from. Every
35: security manager belongs to a named domain. The meaning of the security
36: domain name depends on the implementation. Examples range from as fine
37: grained as the name of EJBs to J2EE application names to DNS domain names.
38: @return the security domain name. May be null in which case the security
39: manager belongs to the logical default domain.
40: */
41: String getSecurityDomain();
42:
43: /** The isValid method is invoked to see if a user identity and associated
44: credentials as known in the operational environment are valid proof of the
45: user identity. Typically this is implemented as a call to isValid with a
46: null Subject.
47:
48: @see #isValid(Principal, Object, Subject)
49:
50: @param principal - the user identity in the operation environment
51: @param credential - the proof of user identity as known in the
52: operation environment
53: @return true if the principal, credential pair is valid, false otherwise.
54: */
55: public boolean isValid(Principal principal, Object credential);
56:
57: /** The isValid method is invoked to see if a user identity and associated
58: credentials as known in the operational environment are valid proof of the
59: user identity. This extends AuthenticationManager version to provide a
60: copy of the resulting authenticated Subject. This allows a caller to
61: authenticate a user and obtain a Subject whose state cannot be modified
62: by other threads associated with the same principal.
63: @param principal - the user identity in the operation environment
64: @param credential - the proof of user identity as known in the
65: operation environment
66: @param activeSubject - the Subject which should be populated with the
67: validated Subject contents. A JAAS based implementation would typically
68: populate the activeSubject with the LoginContext.login result.
69: @return true if the principal, credential pair is valid, false otherwise.
70: */
71: boolean isValid(Principal principal, Object credential,
72: Subject activeSubject);
73:
74: /** Get the currently authenticated subject. Historically implementations of
75: AuthenticationManager isValid methods had the side-effect of setting the
76: active Subject. This caused problems with multi-threaded usecases where the
77: Subject instance was being shared by multiple threads. This is now deprecated
78: in favor of the JACC PolicyContextHandler getContext(key, data) method.
79:
80: @deprecated Use the JACC PolicyContextHandler using key "javax.security.auth.Subject.container"
81: @see javax.security.jacc.PolicyContextHandler#getContext(String, Object)
82:
83: @return The previously authenticated Subject if isValid succeeded, null if
84: isValid failed or has not been called for the active thread.
85: */
86: Subject getActiveSubject();
87: }
|