Package org.jboss.wsf.spi.security

Interface SecurityDomainContext

public interface SecurityDomainContext

A container independent security domain related facility

Since:

13-May-2011

Author:

alessio.soldano@jboss.com

Method Summary

Modifier and Type	Method	Description
default void	cleanupSubjectContext()	Cleans up the current association between thread and security context
boolean	doesUserHaveRole(Principal principal, Set<Principal> roles)	Validates the application domain roles to which the operational environment Principal belongs.
String	getSecurityDomain()
Set<Principal>	getUserRoles(Principal principal)	Return the set of domain roles the principal has been assigned.
boolean	isValid(Principal principal, Object credential, Subject activeSubject)	The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity.
void	pushSubjectContext(Subject subject, Principal principal, Object credential)	Push the provided subject into the current security context; if that's not set yet, also creates a new security context and associates it with the current thread.
void	runAs(Callable<Void> action)	Run action under this security context

Method Detail

getSecurityDomain

String getSecurityDomain()

isValid

boolean isValid(Principal principal,
                Object credential,
                Subject activeSubject)

The isValid method is invoked to see if a user identity and associated credentials as known in the operational environment are valid proof of the user identity.

Parameters:

principal - - the user identity in the operation environment

credential - - the proof of user identity as known in the operation environment

activeSubject - - the Subject which should be populated with the validated Subject contents. A JAAS based implementation would typically populate the activeSubject with the LoginContext.login result.

Returns:

true if the principal, credential pair is valid, false otherwise.

doesUserHaveRole

boolean doesUserHaveRole(Principal principal,
                         Set<Principal> roles)

Validates the application domain roles to which the operational environment Principal belongs.

Parameters:

principal - the caller principal as known in the operation environment.

roles - The Set<java.security.Principal> for the application domain roles that the principal is to be validated against.

Returns:

true if the principal has at least one of the roles in the roles set, false otherwise.

getUserRoles

Set<Principal> getUserRoles(Principal principal)

Return the set of domain roles the principal has been assigned.

Parameters:

principal - principal

Returns:

The Set<java.security.Principal> for the application domain roles that the principal has been assigned.

pushSubjectContext

void pushSubjectContext(Subject subject,
                        Principal principal,
                        Object credential)

Push the provided subject into the current security context; if that's not set yet, also creates a new security context and associates it with the current thread.

Parameters:

subject - subject

principal - principal

credential - credential

cleanupSubjectContext

default void cleanupSubjectContext()

Cleans up the current association between thread and security context

runAs

void runAs(Callable<Void> action)
    throws Exception

Run action under this security context

Parameters:

action - the action to run

Throws:

Exception - if input action fails