org.apache.openejb.core.security

Class AbstractSecurityService

java.lang.Object

org.apache.openejb.core.security.AbstractSecurityService

All Implemented Interfaces:

BasicPolicyConfiguration.RoleResolver, ThreadContextListener, SecurityService<UUID>, Service

Direct Known Subclasses:

SecurityServiceImpl

public abstract class AbstractSecurityService
extends Object
implements SecurityService<UUID>, ThreadContextListener, BasicPolicyConfiguration.RoleResolver

This security service chooses a UUID as its token as this can be serialized to clients, is mostly secure, and can be deserialized in a client vm without addition openejb-core classes.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AbstractSecurityService.Group
protected static class	AbstractSecurityService.Identity
protected static class	AbstractSecurityService.SecurityContext
static class	AbstractSecurityService.User

Field Summary

Fields

Modifier and Type	Field and Description
protected static ThreadLocal<AbstractSecurityService.Identity>	clientIdentity
protected AbstractSecurityService.SecurityContext	defaultContext
protected Subject	defaultSubject
protected String	defaultUser

Constructor Summary

Constructors

Constructor and Description
AbstractSecurityService()
AbstractSecurityService(String jaccProvider)

Method Summary

Methods

Modifier and Type	Method and Description
void	associate(UUID securityIdentity) Active
void	contextEntered(ThreadContext oldContext, ThreadContext newContext) A new context has been entered.
void	contextExited(ThreadContext exitedContext, ThreadContext reenteredContext) A context has exited.
protected Subject	createRunAsSubject(String runAsUser, String runAsRole)
protected Subject	createSubject(String name, String groupName)
Object	currentState()
UUID	disassociate() Active
Principal	getCallerPrincipal() Implementors are encouraged to return a java.security.Principal object that implements org.apache.openejb.spi.CallerPrincipal JAAS LoginModule implementors are encouraged to use the CallerPrincipal interface to denote the best fitting Principal for getCallerPrincipal.
String	getDefaultUser()
Set<String>	getLogicalRoles(Principal[] principals, Set<String> logicalRoles)
String	getRealmName()
protected Subject	getRunAsSubject(BeanContext callingBeanContext)
void	init(Properties props)
protected static void	installJacc()
boolean	isCallerAuthorized(Method method, InterfaceType type) Active
boolean	isCallerInRole(String role) Active
UUID	login(String username, String password)
void	logout(UUID securityIdentity) Active
protected UUID	registerSubject(Subject subject)
void	setDefaultUser(String defaultUser)
void	setRealmName(String realmName)
void	setState(Object o)
protected void	unregisterSubject(Object securityIdentity)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.openejb.spi.SecurityService

login

Field Detail

clientIdentity

protected static final ThreadLocal<AbstractSecurityService.Identity> clientIdentity

defaultUser

protected String defaultUser

defaultSubject

protected Subject defaultSubject

defaultContext

protected AbstractSecurityService.SecurityContext defaultContext

Constructor Detail

AbstractSecurityService

public AbstractSecurityService()

AbstractSecurityService

public AbstractSecurityService(String jaccProvider)

Method Detail

getRealmName

public String getRealmName()

setRealmName

public void setRealmName(String realmName)

getDefaultUser

public String getDefaultUser()

Returns:

the defaultUser

setDefaultUser

public void setDefaultUser(String defaultUser)

Parameters:

defaultUser - the defaultUser to set

init

public void init(Properties props)
          throws Exception

Specified by:

init in interface Service

Throws:

Exception

login

public UUID login(String username,
         String password)
           throws LoginException

Specified by:

login in interface SecurityService<UUID>

Throws:

LoginException

getLogicalRoles

public Set<String> getLogicalRoles(Principal[] principals,
                          Set<String> logicalRoles)

Specified by:

getLogicalRoles in interface BasicPolicyConfiguration.RoleResolver

contextEntered

public void contextEntered(ThreadContext oldContext,
                  ThreadContext newContext)

Description copied from interface: ThreadContextListener

A new context has been entered. The new context is already associated with the thread.

Specified by:

contextEntered in interface ThreadContextListener

Parameters:

oldContext - the old context that was associated with the thread

newContext - the new context that is now associated with the thread

getRunAsSubject

protected Subject getRunAsSubject(BeanContext callingBeanContext)

createRunAsSubject

protected Subject createRunAsSubject(String runAsUser,
                         String runAsRole)

contextExited

public void contextExited(ThreadContext exitedContext,
                 ThreadContext reenteredContext)

Description copied from interface: ThreadContextListener

A context has exited. The reentered context is already associated with the thread.

Specified by:

contextExited in interface ThreadContextListener

Parameters:

exitedContext - the context that was exited

reenteredContext - the context that is not associated with the thread

registerSubject

protected UUID registerSubject(Subject subject)

logout

public void logout(UUID securityIdentity)
            throws LoginException

Description copied from interface: SecurityService

Active

Specified by:

logout in interface SecurityService<UUID>

Throws:

LoginException

unregisterSubject

protected void unregisterSubject(Object securityIdentity)

associate

public void associate(UUID securityIdentity)
               throws LoginException

Description copied from interface: SecurityService

Active

Specified by:

associate in interface SecurityService<UUID>

Throws:

LoginException

disassociate

public UUID disassociate()

Description copied from interface: SecurityService

Active

Specified by:

disassociate in interface SecurityService<UUID>

isCallerInRole

public boolean isCallerInRole(String role)

Description copied from interface: SecurityService

Active

Specified by:

isCallerInRole in interface SecurityService<UUID>

getCallerPrincipal

public Principal getCallerPrincipal()

Description copied from interface: SecurityService

Implementors are encouraged to return a java.security.Principal object that implements org.apache.openejb.spi.CallerPrincipal

JAAS LoginModule implementors are encouraged to use the CallerPrincipal interface to denote the best fitting Principal for getCallerPrincipal.

Specified by:

getCallerPrincipal in interface SecurityService<UUID>

isCallerAuthorized

public boolean isCallerAuthorized(Method method,
                         InterfaceType type)

Description copied from interface: SecurityService

Active

Specified by:

isCallerAuthorized in interface SecurityService<UUID>

installJacc

protected static void installJacc()

createSubject

protected Subject createSubject(String name,
                    String groupName)

currentState

public Object currentState()

Specified by:

currentState in interface SecurityService<UUID>

setState

public void setState(Object o)

Specified by:

setState in interface SecurityService<UUID>