Package org.wildfly.security.auth.callback

Class CachedIdentityAuthorizeCallback

java.lang.Object
org.wildfly.security.auth.callback.CachedIdentityAuthorizeCallback
All Implemented Interfaces:
Callback, ExtendedCallback
public class CachedIdentityAuthorizeCallback extends Object implements ExtendedCallback

A callback that is capable of perform authorization based on the identities managed by an IdentityCache.

This callback can be used in two ways:

  • As an alternative to AuthorizeCallback. As a result, the identity (if successfully authorized) will be cached
  • To perform a lookup in the cache and authorize the cached identity locally
Author:
Pedro Igor

  • Constructor Details

    • CachedIdentityAuthorizeCallback

      public CachedIdentityAuthorizeCallback(IdentityCache identityCache)
      Creates a new instance in order to authorize identities managed by the given identityCache.
      Parameters:
      identityCache - the identity cache

    • CachedIdentityAuthorizeCallback

      public CachedIdentityAuthorizeCallback(IdentityCache identityCache, boolean localCache)
      Creates a new instance in order to authorize identities managed by the given identityCache.
      Parameters:
      identityCache - the identity cache
      localCache - if true, indicates that authorization should be based on the given identityCache only. In case the mechanism performing the authorization is wrapped by another one that provides a top-level cache (eg.: SSO), only the given identityCache will be considered.

    • CachedIdentityAuthorizeCallback

      public CachedIdentityAuthorizeCallback(Function<SecurityDomain,IdentityCache> identityCache, boolean localCache)

      Creates a new instance in order to authorize identities managed by the given identityCache.

      This constructor can be used to perform caching operations (e.g.: put, get and remove) in the context of a SecurityDomain.

      Parameters:
      identityCache - a function that creates an IdentityCache given a SecurityDomain
      localCache - if true, indicates that authorization should be based on the given identityCache only. In case the mechanism performing the authorization is wrapped by another one that provides a top-level cache (eg.: SSO), only the given identityCache will be considered.

    • CachedIdentityAuthorizeCallback

      public CachedIdentityAuthorizeCallback(String name, IdentityCache identityCache)
      Creates a new instance to authenticate, authorize and cache the identity associated with the given name.

      By supplying a name authorizing the supplied name will be prioritised over restoring an identify from the cache

      Parameters:
      name - the name associated with the identity
      identityCache - the identity cache

    • CachedIdentityAuthorizeCallback

      public CachedIdentityAuthorizeCallback(Principal principal, IdentityCache identityCache, boolean localCache)
      Creates a new instance to authenticate, authorize and cache the identity associated with the given principal.

      By supplying a Principal authorizing the supplied Principal will be prioritised over restoring an identify from the cache

      Parameters:
      principal - the principal associated with the identity
      identityCache - the identity cache
      localCache - if true, indicates that authorization should be based on the given identityCache only. In case the mechanism performing the authorization is wrapped by another one that provides a top-level cache (eg.: SSO), only the given identityCache will be considered.

    • CachedIdentityAuthorizeCallback

      public CachedIdentityAuthorizeCallback(Principal principal, IdentityCache identityCache)
      Creates a new instance to authenticate, authorize and cache the identity associated with the given principal.

      By supplying a Principal authorizing the supplied Principal will be prioritised over restoring an identify from the cache

      Parameters:
      principal - the principal associated with the identity
      identityCache - the identity cache

    • CachedIdentityAuthorizeCallback

      public CachedIdentityAuthorizeCallback(Principal principal, Function<SecurityDomain,IdentityCache> identityCache, boolean localCache)

      Creates a new instance to authenticate, authorize and cache the identity associated with the given principal.

      This constructor can be used to perform caching operations (e.g.: put, get and remove) in the context of a SecurityDomain.

      By supplying a Principal authorizing the supplied Principal will be prioritised over restoring an identify from the cache

      Parameters:
      principal - the principal associated with the identity
      identityCache - a function that creates an IdentityCache given a SecurityDomain
      localCache - if true, indicates that authorization should be based on the given identityCache only. In case the mechanism performing the authorization is wrapped by another one that provides a top-level cache (eg.: SSO), only the given identityCache will be considered.

  • Method Details

    • isAuthorized

      public boolean isAuthorized()
      Indicates if a cached identity was successfully authorized.
      Returns:
      true if the cached identity was successfully authorized. Otherwise, false

    • setAuthorized

      public void setAuthorized(SecurityIdentity securityIdentity)
      Authorizes and caches the given securityIdentity.
      Parameters:
      securityIdentity - the identity to authorize and cache. If null, the corresponding identity will be removed from the cache

    • getPrincipal

      public Principal getPrincipal()
      Returns the Principal representing the cached identity.
      Returns:
      the principal (not null)

    • getAuthorizationPrincipal

      public Principal getAuthorizationPrincipal()
      Returns the authorization Principal.
      Returns:
      the principal

    • getIdentity

      public SecurityIdentity getIdentity()
      Returns a cached SecurityIdentity, if present in the cache.
      Returns:
      the cached identity or null if there is no entry in the cache

    • isLocalCache

      public boolean isLocalCache()
      Indicates if authorization decisions should be performed based on the given IdentityCache only.
      Returns:
      true indicating that authorization decisions should be performed based on the given IdentityCache only. Otherwise, false

    • setSecurityDomain

      public void setSecurityDomain(SecurityDomain securityDomain)
      Set the current SecurityDomain in order to obtain identities from the cache
      Parameters:
      securityDomain - the current security domain

    • isOptional

      public boolean isOptional()
      Description copied from interface: ExtendedCallback
      Determine if this callback is optional.
      Specified by:
      isOptional in interface ExtendedCallback
      Returns:
      true if the callback is optional, false if it is mandatory

    • needsInformation

      public boolean needsInformation()
      Description copied from interface: ExtendedCallback
      Determine if this callback is requesting information.
      Specified by:
      needsInformation in interface ExtendedCallback
      Returns:
      true if the callback is requesting information, false if it is only providing information