Package org.wildfly.security.auth.realm
Class FileSystemSecurityRealm
- java.lang.Object
-
- org.wildfly.security.auth.realm.FileSystemSecurityRealm
-
- All Implemented Interfaces:
CacheableSecurityRealm,ModifiableSecurityRealm,SecurityRealm
public final class FileSystemSecurityRealm extends Object implements ModifiableSecurityRealm, CacheableSecurityRealm
A simple filesystem-backed security realm.- Author:
- David M. Lloyd
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classFileSystemSecurityRealm.IntegrityResultprotected static classFileSystemSecurityRealm.LoadedIdentity
-
Field Summary
-
Fields inherited from interface org.wildfly.security.auth.server.SecurityRealm
EMPTY_REALM
-
-
Constructor Summary
Constructors Constructor Description FileSystemSecurityRealm(Path root)Construct a new instance with 2 levels of hashing.FileSystemSecurityRealm(Path root, int levels)Construct a new instance.FileSystemSecurityRealm(Path root, int levels, Supplier<Provider[]> providers)FileSystemSecurityRealm(Path root, int levels, Encoding hashEncoding, Charset hashCharset)Construct a new instance.FileSystemSecurityRealm(Path root, NameRewriter nameRewriter, int levels)Construct a new instance.FileSystemSecurityRealm(Path root, NameRewriter nameRewriter, int levels, boolean encoded)Construct a new instance.FileSystemSecurityRealm(Path root, NameRewriter nameRewriter, int levels, boolean encoded, Encoding hashEncoding, Charset hashCharset)Construct a new instance.FileSystemSecurityRealm(Path root, NameRewriter nameRewriter, int levels, boolean encoded, Encoding hashEncoding, Charset hashCharset, Supplier<Provider[]> providers, SecretKey secretKey, PrivateKey privateKey, PublicKey publicKey)Construct a new instance.FileSystemSecurityRealm(Path root, NameRewriter nameRewriter, int levels, boolean encoded, Encoding hashEncoding, Charset hashCharset, SecretKey secretKey)Construct a new instance.FileSystemSecurityRealm(Path root, NameRewriter nameRewriter, int levels, Encoding hashEncoding, Charset hashCharset)Construct a new instance.FileSystemSecurityRealm(Path root, Encoding hashEncoding, Charset hashCharset)Construct a new instance with 2 levels of hashing.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static FileSystemSecurityRealmBuilderbuilder()Construct a new instance of the FileSystemSecurityRealmBuilder.SupportLevelgetCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)SupportLevelgetEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)CharsetgetHashCharset()RealmIdentitygetRealmIdentity(Principal principal)ModifiableRealmIdentitygetRealmIdentityForUpdate(Principal principal)ModifiableRealmIdentityIteratorgetRealmIdentityIterator()booleanhasIntegrityEnabled()Checks if the FileSystemSecurityRealm has Integrity checking enabledvoidregisterIdentityChangeListener(Consumer<Principal> listener)Register a listener that should be invoked by this realm in order to notify the caching layer about changes to a specific identity.voidupdateRealmKeyPair()Re-generate the signatures for all the identities in this realm.FileSystemSecurityRealm.IntegrityResultverifyRealmIntegrity()Verify the integrity of each identity file in this realm.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.wildfly.security.auth.server.ModifiableSecurityRealm
getRealmIdentityForUpdate
-
Methods inherited from interface org.wildfly.security.auth.server.SecurityRealm
getCredentialAcquireSupport, getRealmIdentity, getRealmIdentity, handleRealmEvent
-
-
-
-
Constructor Detail
-
FileSystemSecurityRealm
public FileSystemSecurityRealm(Path root, NameRewriter nameRewriter, int levels, boolean encoded, Encoding hashEncoding, Charset hashCharset, Supplier<Provider[]> providers, SecretKey secretKey, PrivateKey privateKey, PublicKey publicKey)
Construct a new instance. Construction with enabled security manager requirescreateSecurityRealmElytronPermission.- Parameters:
root- the root path of the identity storenameRewriter- the name rewriter to apply to looked up nameslevels- the number of levels of directory hashing to applyencoded- whether identity names should be BASE32 encoded before using as filename (only applies if the security realm is unencrypted)hashCharset- the character set to use when converting password strings to a byte array. Uses UTF-8 by default.hashEncoding- the string format for the hashed passwords. Uses Base64 by default.providers- The providers suppliersecretKey- the SecretKey used to encrypt and decrypt the security realm (ifnull, the security realm will be unencrypted)privateKey- the PrivateKey used to verify the integrity of the security realm (ifnull, the security realm will not verify integrity)publicKey- the PublicKey used to verify the integrity of the security realm (ifnull, the security realm will not verify integrity)
-
FileSystemSecurityRealm
public FileSystemSecurityRealm(Path root, NameRewriter nameRewriter, int levels, boolean encoded, Encoding hashEncoding, Charset hashCharset, SecretKey secretKey)
Construct a new instance. Construction with enabled security manager requirescreateSecurityRealmElytronPermission.- Parameters:
root- the root path of the identity storenameRewriter- the name rewriter to apply to looked up nameslevels- the number of levels of directory hashing to applyencoded- whether identity names should be BASE32 encoded before using as filenamehashCharset- the character set to use when converting password strings to a byte array. Uses UTF-8 by default.hashEncoding- the string format for the hashed passwords. Uses Base64 by default.secretKey- the SecretKey used to encrypt and decrypt the security realm (ifnull, the security realm will be unencrypted)
-
FileSystemSecurityRealm
public FileSystemSecurityRealm(Path root, NameRewriter nameRewriter, int levels, boolean encoded, Encoding hashEncoding, Charset hashCharset)
Construct a new instance. Construction with enabled security manager requirescreateSecurityRealmElytronPermission.- Parameters:
root- the root path of the identity storenameRewriter- the name rewriter to apply to looked up nameslevels- the number of levels of directory hashing to applyencoded- whether identity names should be BASE32 encoded before using as filenamehashCharset- the character set to use when converting password strings to a byte array. Uses UTF-8 by default.hashEncoding- the string format for the hashed passwords. Uses Base64 by default.
-
FileSystemSecurityRealm
public FileSystemSecurityRealm(Path root, NameRewriter nameRewriter, int levels, boolean encoded)
Construct a new instance. Construction with enabled security manager requirescreateSecurityRealmElytronPermission.- Parameters:
root- the root path of the identity storenameRewriter- the name rewriter to apply to looked up nameslevels- the number of levels of directory hashing to applyencoded- whether identity names should by BASE32 encoded before using as filename
-
FileSystemSecurityRealm
public FileSystemSecurityRealm(Path root, NameRewriter nameRewriter, int levels)
Construct a new instance.- Parameters:
root- the root path of the identity storenameRewriter- the name rewriter to apply to looked up nameslevels- the number of levels of directory hashing to apply
-
FileSystemSecurityRealm
public FileSystemSecurityRealm(Path root, NameRewriter nameRewriter, int levels, Encoding hashEncoding, Charset hashCharset)
Construct a new instance.- Parameters:
root- the root path of the identity storenameRewriter- the name rewriter to apply to looked up nameslevels- the number of levels of directory hashing to applyhashEncoding- the string format for hashed passwords. Uses Base64 by default.hashCharset- the character set to use when converting password strings to a byte array. Uses UTF-8 by default and must not benull.
-
FileSystemSecurityRealm
public FileSystemSecurityRealm(Path root, int levels)
Construct a new instance.- Parameters:
root- the root path of the identity storelevels- the number of levels of directory hashing to apply
-
FileSystemSecurityRealm
public FileSystemSecurityRealm(Path root, int levels, Encoding hashEncoding, Charset hashCharset)
Construct a new instance.- Parameters:
root- the root path of the identity storelevels- the number of levels of directory hashing to applyhashEncoding- the string format for hashed passwords. Uses Base64 by default.hashCharset- the character set to use when converting password strings to a byte array. Uses UTF-8 by default and must not benull.
-
FileSystemSecurityRealm
public FileSystemSecurityRealm(Path root)
Construct a new instance with 2 levels of hashing.- Parameters:
root- the root path of the identity store
-
FileSystemSecurityRealm
public FileSystemSecurityRealm(Path root, Encoding hashEncoding, Charset hashCharset)
Construct a new instance with 2 levels of hashing.- Parameters:
root- the root path of the identity storehashEncoding- the string format for hashed passwords. Uses Base64 by default.hashCharset- the character set to use when converting password strings to a byte array. Uses UTF-8 by default and must not benull
-
-
Method Detail
-
builder
public static FileSystemSecurityRealmBuilder builder()
Construct a new instance of the FileSystemSecurityRealmBuilder.- Returns:
- the new FileSystemSecurityRealmBuilder instance
-
hasIntegrityEnabled
public boolean hasIntegrityEnabled()
Checks if the FileSystemSecurityRealm has Integrity checking enabled- Returns:
trueif Integrity checking is enabled, andfalseotherwise
-
getHashCharset
public Charset getHashCharset()
-
getRealmIdentity
public RealmIdentity getRealmIdentity(Principal principal)
- Specified by:
getRealmIdentityin interfaceSecurityRealm
-
getRealmIdentityForUpdate
public ModifiableRealmIdentity getRealmIdentityForUpdate(Principal principal)
- Specified by:
getRealmIdentityForUpdatein interfaceModifiableSecurityRealm
-
registerIdentityChangeListener
public void registerIdentityChangeListener(Consumer<Principal> listener)
Description copied from interface:CacheableSecurityRealmRegister a listener that should be invoked by this realm in order to notify the caching layer about changes to a specific identity.- Specified by:
registerIdentityChangeListenerin interfaceCacheableSecurityRealm- Parameters:
listener- the listener
-
getRealmIdentityIterator
public ModifiableRealmIdentityIterator getRealmIdentityIterator() throws RealmUnavailableException
- Specified by:
getRealmIdentityIteratorin interfaceModifiableSecurityRealm- Throws:
RealmUnavailableException
-
getCredentialAcquireSupport
public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException
- Specified by:
getCredentialAcquireSupportin interfaceSecurityRealm- Throws:
RealmUnavailableException
-
getEvidenceVerifySupport
public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) throws RealmUnavailableException
- Specified by:
getEvidenceVerifySupportin interfaceSecurityRealm- Throws:
RealmUnavailableException
-
updateRealmKeyPair
public void updateRealmKeyPair() throws RealmUnavailableExceptionRe-generate the signatures for all the identities in this realm. This method is intended to be called after updating the key pair used by this realm.- Throws:
RealmUnavailableException- if the realm is not able to handle requests for any reason
-
verifyRealmIntegrity
public FileSystemSecurityRealm.IntegrityResult verifyRealmIntegrity() throws RealmUnavailableException
Verify the integrity of each identity file in this realm.- Returns:
trueif the integrity of all the identity files in the realm is successfully verified andfalseotherwise- Throws:
RealmUnavailableException
-
-