File Doc Category Size Date Package
AuthConfig.java API Doc Glassfish v2 API 12093 Fri May 04 22:35:42 BST 2007 com.sun.enterprise.security.jauth

AuthConfig

java.lang.Object

public abstract class AuthConfig extends Object

This class manages the configuration AuthModules.

An AuthModule represents a pluggable component for performing security-related request and response processing, and can be configured for a particular interception point and provider ID. The provider ID is an administrator-defined value. The standard interception points include:

HTTP
EJB
SOAP

Information may be associated with a configured module, including its fully qualified class name (so it can be instantiated), and module options (which help tune the behavior of the module). It is the responsibility of the AuthConfig implementation to load any required module information.

Callers do not operate on AuthModules directly. Instead they rely on a ClientAuthContext or ServerAuthContext to manage the invocation of modules. A caller obtains an instance of ClientAuthContext or ServerAuthContext by calling the getClientAuthContext or getServerAuthContext method, respectively. Each method takes as arguments an intercept, an id, a requestPolicy, and a responsePolicy.

An AuthConfig implementation determines the modules to be invoked via the intercept and id values. It then encapsulates those modules in a ClientAuthContext or ServerAuthContext instance, and returns that instance. The returned object is responsible for instantiating, initializing, and invoking the configured modules (when called upon).

The module initializion step involves calling each configured module's AuthModule.initialize method. The received requestPolicy and responsePolicy are passed to this method. It is then the modules' responsibility, when invoked, to enforce these policies.

A system-wide AuthConfig instance can be retrieved by invoking getConfig. A default implementation is provided, and can be replaced by setting the value of the "authconfig.provider" security property (in the Java security properties file) to the fully qualified name of the desired implementation class. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> refers to the directory where the JDK was installed.

version: %I%, %G%
see: ClientAuthContext
see: ServerAuthContext

Fields Summary
public static final String
HTTP
HTTP interception point.
public static final String
EJB
EJB interception point.
public static final String
SOAP
SOAP interception point.
private static final String
AUTHCONFIG_PROPERTY
private static final String
DEFAULT_CLASS
private static AuthConfig
config
Constructors Summary
protected AuthConfig()
Sole constructor. (For invocation by subclass constructors, typically implicit.)

Methods Summary
public static synchronized com.sun.enterprise.security.jauth.AuthConfig getAuthConfig()
Get a system-wide module configuration.
If an AuthConfig object was set via the setAuthConfig method, then that object is returned. Otherwise, an instance of the AuthConfig object configured in the authconfig.provider security property is returned. If that property is not set, a default implementation is returned.
return
a system-wide AuthConfig instance.
exception
SecurityException if the caller does not have permission to retrieve the configuration.
/** XXX security check? SecurityManager sm = System.getSecurityManager(); if (sm != null) sm.checkPermission(new AuthPermission("getAuthConfig")); */ if (config == null) { String config_class = null; config_class = (String) java.security.AccessController.doPrivileged (new java.security.PrivilegedAction() { public Object run() { return java.security.Security.getProperty (AUTHCONFIG_PROPERTY); } }); if (config_class == null) { config_class = DEFAULT_CLASS; } try { final String finalClass = config_class; config = (AuthConfig) java.security.AccessController.doPrivileged (new java.security.PrivilegedExceptionAction() { public Object run() throws ClassNotFoundException, InstantiationException, IllegalAccessException { return Class.forName (finalClass, true, getClassLoader()).newInstance(); } }); } catch (java.security.PrivilegedActionException e) { throw (SecurityException) new SecurityException().initCause(e.getException()); } } return config;
static java.lang.ClassLoader getClassLoader()
// package private for ConfigFile final ClassLoader rvalue; rvalue = (ClassLoader) java.security.AccessController.doPrivileged (new java.security.PrivilegedAction() { public Object run() { return Thread.currentThread().getContextClassLoader(); } }); return rvalue;
public abstract ClientAuthContext getClientAuthContext(java.lang.String intercept, java.lang.String id, AuthPolicy requestPolicy, AuthPolicy responsePolicy, javax.security.auth.callback.CallbackHandler handler)
Get a ClientAuthContext.
The modules configured for the returned ClientAuthContext are determined by the intercept and provider id input parameters. The returned ClientAuthContext may be null, which signifies that there are no modules configured.
The returned ClientAuthContext encapsulates both the configured modules, as well as the module invocation semantics (for example the order modules are to be invoked, and whether certain modules must succeed). Individual ClientAuthContext implementations may enforce custom module invocation semantics.
param
intercept the interception point used to determine the modules configured for the returned ClientAuthContext. Standard values include:

HTTP
EJB
SOAP
param
id the provider id used to determine the modules configured for the returned ClientAuthContext, or null. If null, a default ID may be used.
param
requestPolicy the application request policy to be enfored by the modules, or null. If null, a default request policy may be used.
param
responsePolicy the application response policy to be enfored by the modules, or null. If null, a default response policy may be used.
param
handler the CallbackHandler to associate with the returned ClientAuthContext for use by configured modules to request information from the caller, or null. If null, a default handler may be used.
return
a ClientAuthContext, or null.
public abstract ServerAuthContext getServerAuthContext(java.lang.String intercept, java.lang.String id, AuthPolicy requestPolicy, AuthPolicy responsePolicy, javax.security.auth.callback.CallbackHandler handler)
Get a ServerAuthContext.
The modules configured for the returned ServerAuthContext are determined by the intercept and provider id, input parameters. The returned ServerAuthContext may be null, which signifies that there are no modules configured.
The returned ServerAuthContext encapsulates both the configured modules, as well as the module invocation semantics (for example the order modules are to be invoked, and whether certain modules must succeed). Individual ServerAuthContext implementations may enforce custom module invocation semantics.
param
intercept the interception point used to determine the modules configured for the returned ServerAuthContext. Standard values include:

HTTP
EJB
SOAP
param
id the provider id used to determine the modules configured for the returned ClientAuthContext, or null. If null, a default id may be used.
param
requestPolicy the application request policy to be enfored by the modules, or null. If null, a default request policy may be used.
param
responsePolicy the application response policy to be enfored by the modules, or null. If null, a default response policy may be used.
param
handler the CallbackHandler to associate with the returned ClientAuthContext, which can be used by configured modules to request information from the caller, or null. If null, a default handler may be used.
return
a ServerAuthContext, or null.
public abstract void refresh()
Refresh the internal representation of the active configuration by re-reading the provider configs.
public static void setAuthConfig(com.sun.enterprise.security.jauth.AuthConfig config)
Set a system-wide module configuration.
param
config the new configuration.
exception
SecurityException if the caller does not have permission to set the configuration.
/** XXX security check? SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(new AuthPermission("setAuthConfig")); } */ AuthConfig.config = config;