AuthConfigFactorypublic abstract class AuthConfigFactory extends Object This class is used to obtain AuthConfigProvider objects
that can be used to obtain authentication context configuration objects,
that is, ClientAuthConfig and ServerAuthConfig
objects.
Authentication context configuration objects are used to obtain
authentication context objects. Authentication context objects,
that is, ClientAuthContext and ServerAuthContex
objects, encapsulate authentication modules. Authentication modules are
pluggable components that perform security-related processing of
request and response messages.
Callers do not operate on modules directly.
Instead they rely on an authentication context to manage the
invocation of modules. A caller obtains an authentication context
by calling the getAuthContext method on a
ClientAuthConfig or ServerAuthConfig
obtained from an AuthConfigProvider.
The following represents a typical sequence of calls for obtaining
a client authentication context, and then using it to secure
a request.
- AuthConfigFactory factory = AuthConfigFactory.getFactory();
- AuthConfigProvider provider = factory.getConfigProvider(layer,appID,listener);
- ClientAuthConfig config = provider.getClientAuthConfig(layer,appID,cbh)
- String authContextID = config.getAuthContextID(messageInfo);
- ClientAuthContext context = config.getAuthContext(authContextID,subject,properties);
- context.secureRequest(messageInfo,subject);
A system-wide AuthConfigFactory implementation can be set by invoking
setFactory, and retrieved using getFactory.
Every implementation of this abstract class must offer a public,
zero argument constructor. This constructor must support the construction
and registration (including self-registration) of AuthConfigProviders
from a persistent declarative representation.
For example, a factory implementation class could interpret the contents
of a file containing a sequence of configuration entries, with one entry per
AuthConfigProvider, and with each entry representing:
- The fully qualified name of the provider implementation class (or null)
- The list of provider initialization properties (which could be empty)
Any provider initialization properties must be specified in a
form that can be passed to the provider constructor within a Map of key,
value pairs, and where all keys and values within the Map are of type
String.
The entry syntax must also provide for the optional inclusion of information
sufficient to define a RegistrationContext. This information would only
be present when the factory will register the provider.
For example, each entry could provide for the inclusion of one or more
RegistrationContext objects of the following form:
- The message layer name (or null)
- The application context identifier (or null)
- The registration description (or null)
When a RegistrationContext is not included, the factory must make it
convenient for the provider to self-register with the factory during
the provider construction (see
registerConfigProvider(AuthConfigProvider provider, ...)).
An AuthConfigFactory implementation is free to choose is own
persistent declarative syntax as long as it conforms to the requirements
defined by this class. |
| Fields Summary |
|---|
| private static AuthConfigFactory | factory | | public static final String | DEFAULT_FACTORY_SECURITY_PROPERTYThe name of the Security property used to define the
default AuthConfigFactory implementation class. | | private static SecurityPermission | getPerm | | private static SecurityPermission | setPerm |
| Methods Summary |
|---|
| private static void | checkPermission(java.security.Permission p)utility method to check for permission to operate on the factory.
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(p);
}
| | public abstract java.lang.String[] | detachListener(RegistrationListener listener, java.lang.String layer, java.lang.String appContext)Disassociate the listener from all the provider
registrations whose layer and appContext values are matched
by the corresponding arguments to this method.
Factories should periodically notify Listeners to effectively
detach listeners that are no longer in use.
| | public abstract AuthConfigProvider | getConfigProvider(java.lang.String layer, java.lang.String appContext, RegistrationListener listener)Get a registered AuthConfigProvider from the factory.
Get the provider of ServerAuthConfig and
ClientAuthConfig objects registered for the identified message
layer and application context.
All factories shall employ the following precedence rules to select
the registered AuthConfigProvider that matches the layer and appContext
arguments:
- The provider specifically registered for the values
passed as the layer and appContext arguments
shall be selected.
- If no provider is selected according to the preceding rule,
the provider specifically registered for the value passed as the
appContext argument and for all (that is, null) layers
shall be selected.
- If no provider is selected according to the preceding rules,
the provider specifically registered for the value passed as the
layer argument and for all (that is, null) appContexts
shall be selected.
- If no provider is selected according to the preceding rules,
the provider registered for all (that is, null) layers
and for all (that is, null) appContexts shall be selected.
- If no provider is selected according to the preceding rules,
the factory shall terminate its search for a registered provider.
The above precedence rules apply equivalently to registrations created
with a null or non-null className argument.
| | public static synchronized javax.security.auth.message.config.AuthConfigFactory | getFactory()Get the system-wide AuthConfigFactory implementation.
If a non-null system-wide factory instance is defined at the time
of the call,
for example, with setFactory, it will be returned. Otherwise, an
attempt will be made to construct an instance of the default
AuthConfigFactory implementation class. The fully qualified class name
of the default factory implementation class is obtained from the
value of the authconfigprovider.factory security property. When an
instance of the default factory implementation class is successfully
constructed by this method, this method will set it as the system-wide
factory instance.
The absolute pathname of the Java security properties file is
JAVA_HOME/lib/security/java.security, where JAVA_HOME
refers to the directory where the JDK was installed.
checkPermission(getPerm);
if (AuthConfigFactory.factory == null) {
final String className = Security.getProperty
(DEFAULT_FACTORY_SECURITY_PROPERTY);
if (className != null) {
checkPermission(setPerm);
try {
AuthConfigFactory.factory = (AuthConfigFactory)
java.security.AccessController.doPrivileged
(new java.security.PrivilegedExceptionAction() {
public Object run()
throws ClassNotFoundException,
InstantiationException,
IllegalAccessException {
ClassLoader loader =
Thread.currentThread().
getContextClassLoader();
Class clazz = Class.forName
(className,true,loader);
return clazz.newInstance();
}
});
} catch (java.security.PrivilegedActionException pae) {
throw (SecurityException)
new SecurityException().initCause(pae.getException());
}
}
}
return AuthConfigFactory.factory;
| | public abstract javax.security.auth.message.config.AuthConfigFactory$RegistrationContext | getRegistrationContext(java.lang.String registrationID)Get the the registration context for the identified registration.
| | public abstract java.lang.String[] | getRegistrationIDs(AuthConfigProvider provider)Get the registration identifiers for all registrations of the
provider instance at the factory.
| | public abstract void | refresh()Cause the factory to reprocess its persisent declarative
representation of provider registrations.
A factory should only replace an existing registration when
a change of provider implementation class or initialization
properties has occurred.
| | public abstract java.lang.String | registerConfigProvider(java.lang.String className, java.util.Map properties, java.lang.String layer, java.lang.String appContext, java.lang.String description)Registers within the factory and records within the factory's
persistent declarative representation of provider registrations
a provider of ServerAuthConfig and/or ClientAuthConfig objects for a
message layer and application context identifier.
This method typically constructs an instance of the provider
before registering it with the factory. Factories may extend or modify
the persisted registrations of existing provider instances, if
those instances were registered with ClassName and
properties arguments equivalent to those passed in the current call.
This method employs the two argument constructor required to
be supported by every implementation of the AuthConfigProvider
interface, and this method must pass a null value for the factory
argument of the constructor.
AuthConfigProviderImpl AuthConfigProviderImpl(Map properties,
AuthConfigFactory factory).
At most one registration may exist within the factory for a
given combination of message layer
and appContext. Any pre-existing
registration with identical values for layer and appContext is replaced
by a subsequent registration. When replacement occurs, the registration
identifier, layer, and appContext identifier remain unchanged,
and the AuthConfigProvider (with initialization properties) and
description are replaced.
Within the lifetime of its Java process, a factory must assign unique
registration identifiers to registrations, and must never
assign a previously used registration identifier to a registration
whose message layer and or appContext identifier differ from
the previous use.
Programmatic registrations performed by using this method must update
(according to the replacement rules described above) the persistent
declarative representation of provider registrations employed by the
factory constructor.
| | public abstract java.lang.String | registerConfigProvider(AuthConfigProvider provider, java.lang.String layer, java.lang.String appContext, java.lang.String description)Registers within the (in-memory) factory, a provider
of ServerAuthConfig and/or ClientAuthConfig objects for a
message layer and application context identifier.
This method does NOT effect the factory's persistent
declarative representation of provider registrations, and is intended
to be used by providers to perform self-Registration.
At most one registration may exist within the factory for a
given combination of message layer
and appContext. Any pre-existing
registration with identical values for layer and appContext is replaced
by a subsequent registration. When replacement occurs, the registration
identifier, layer, and appContext identifier remain unchanged,
and the AuthConfigProvider (with initialization properties) and
description are replaced.
Within the lifetime of its Java process, a factory must assign unique
registration identifiers to registrations, and must never
assign a previously used registration identifier to a registration
whose message layer and or appContext identifier differ from
the previous use.
| | public abstract boolean | removeRegistration(java.lang.String registrationID)Remove the identified provider registration from the factory (and from
the persistent declarative representation of provider registrations,
if appropriate) and invoke any listeners associated with the removed
registration.
| | public static synchronized void | setFactory(javax.security.auth.message.config.AuthConfigFactory factory)Set the system-wide AuthConfigFactory implementation.
If an implementation was set previously, it will be replaced.
Listeners are not notified of a change to the registered factory.
checkPermission(setPerm);
AuthConfigFactory.factory = factory;
|
|
