org.rhq.common.jbossas.client.controller

Class SecurityDomainJBossASClient

java.lang.Object

org.rhq.common.jbossas.client.controller.JBossASClient

org.rhq.common.jbossas.client.controller.SecurityDomainJBossASClient

public class SecurityDomainJBossASClient
extends JBossASClient

Provides convenience methods associated with security domain management.

Author:

John Mazzitelli

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SecurityDomainJBossASClient.LoginModuleRequest Immutable helper

Field Summary

Fields

Modifier and Type	Field and Description
static String	AUTHENTICATION
static String	CACHE_TYPE
static String	CLASSIC
static String	CODE
static String	DS_JNDI_NAME
static String	FLAG
static String	HASH_ALGORITHM
static String	HASH_ENCODING
static String	LOGIN_MODULE
static String	LOGIN_MODULES
static String	MODULE_OPTIONS
static String	PASSWORD
static String	PRINCIPALS_QUERY
static String	ROLES_QUERY
static String	SECURITY_DOMAIN
static String	SUBSYSTEM_SECURITY
static String	USERNAME

Fields inherited from class org.rhq.common.jbossas.client.controller.JBossASClient

ADD, ADDRESS, BATCH, BATCH_STEPS, FAILURE_DESCRIPTION, log, NAME, OPERATION, OUTCOME, OUTCOME_SUCCESS, PERSISTENT, READ_ATTRIBUTE, READ_RESOURCE, REMOVE, RESULT, SUBSYSTEM, SYSTEM_PROPERTY, VALUE, WRITE_ATTRIBUTE

Constructor Summary

Constructors

Constructor and Description
SecurityDomainJBossASClient(org.jboss.as.controller.client.ModelControllerClient client)

Method Summary

Methods

Modifier and Type	Method and Description
void	createNewDatabaseServerSecurityDomain72(String securityDomainName, String dsJndiName, String principalsQuery, String rolesQuery, String hashAlgorithm, String hashEncoding) Create a new security domain using the database server authentication method.
void	createNewSecureIdentitySecurityDomain72(String securityDomainName, String username, String password) Create a new security domain using the SecureIdentity authentication method.
void	createNewSecurityDomain(String securityDomainName, SecurityDomainJBossASClient.LoginModuleRequest... loginModules) Creates a new security domain including one or more login modules.
void	flushSecurityDomainCache(String domain) send a :flush-cache operation to the passed security domain
org.jboss.dmr.ModelNode	getSecureIdentitySecurityDomainModuleOptions(String securityDomainName) Given the name of an existing security domain that uses the SecureIdentity authentication method, this returns the module options for that security domain authentication method.
boolean	isSecurityDomain(String securityDomainName) Checks to see if there is already a security domain with the given name.
void	removeSecurityDomain(String securityDomainName) Convenience method that removes a security domain by name.
boolean	securityDomainHasLoginModule(String domainName, String moduleName) Check if a certain login module is present inside the passed security domain
void	updateSecureIdentitySecurityDomainCredentials(String securityDomainName, String username, String password) Given the name of an existing security domain that uses the SecureIdentity authentication method, this updates that domain with the new credentials.

Methods inherited from class org.rhq.common.jbossas.client.controller.JBossASClient

createBatchRequest, createReadAttributeRequest, createReadAttributeRequest, createRequest, createWriteAttributeRequest, execute, findNodeInList, getFailureDescription, getModelControllerClient, getResultListAsStrings, getResults, getStringAttribute, getStringAttribute, isSuccess, readResource, readResource, remove, setPossibleExpression

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SUBSYSTEM_SECURITY

public static final String SUBSYSTEM_SECURITY

See Also:

Constant Field Values

SECURITY_DOMAIN

public static final String SECURITY_DOMAIN

See Also:

Constant Field Values

CACHE_TYPE

public static final String CACHE_TYPE

See Also:

Constant Field Values

AUTHENTICATION

public static final String AUTHENTICATION

See Also:

Constant Field Values

LOGIN_MODULE

public static final String LOGIN_MODULE

See Also:

Constant Field Values

LOGIN_MODULES

public static final String LOGIN_MODULES

See Also:

Constant Field Values

CLASSIC

public static final String CLASSIC

See Also:

Constant Field Values

CODE

public static final String CODE

See Also:

Constant Field Values

FLAG

public static final String FLAG

See Also:

Constant Field Values

MODULE_OPTIONS

public static final String MODULE_OPTIONS

See Also:

Constant Field Values

USERNAME

public static final String USERNAME

See Also:

Constant Field Values

PASSWORD

public static final String PASSWORD

See Also:

Constant Field Values

DS_JNDI_NAME

public static final String DS_JNDI_NAME

See Also:

Constant Field Values

PRINCIPALS_QUERY

public static final String PRINCIPALS_QUERY

See Also:

Constant Field Values

ROLES_QUERY

public static final String ROLES_QUERY

See Also:

Constant Field Values

HASH_ALGORITHM

public static final String HASH_ALGORITHM

See Also:

Constant Field Values

HASH_ENCODING

public static final String HASH_ENCODING

See Also:

Constant Field Values

Constructor Detail

SecurityDomainJBossASClient

public SecurityDomainJBossASClient(org.jboss.as.controller.client.ModelControllerClient client)

Method Detail

isSecurityDomain

public boolean isSecurityDomain(String securityDomainName)
                         throws Exception

Checks to see if there is already a security domain with the given name.

Parameters:

securityDomainName - the name to check

Returns:

true if there is a security domain with the given name already in existence

Throws:

Exception

createNewSecureIdentitySecurityDomain72

public void createNewSecureIdentitySecurityDomain72(String securityDomainName,
                                           String username,
                                           String password)
                                             throws Exception

Create a new security domain using the SecureIdentity authentication method. This is used when you want to obfuscate a database password in the configuration. This is the version for as7.2+ (e.g. eap 6.1)

Parameters:

securityDomainName - the name of the new security domain

username - the username associated with the security domain

password - the value of the password to store in the configuration (e.g. the obfuscated password itself)

Throws:

Exception - if failed to create security domain

updateSecureIdentitySecurityDomainCredentials

public void updateSecureIdentitySecurityDomainCredentials(String securityDomainName,
                                                 String username,
                                                 String password)
                                                   throws Exception

Given the name of an existing security domain that uses the SecureIdentity authentication method, this updates that domain with the new credentials. Use this to change credentials if you don't want to use expressions as the username or password entry (in some cases you can't, see the JIRA https://issues.jboss.org/browse/AS7-5177 for more info).

Parameters:

securityDomainName - the name of the security domain whose credentials are to change

username - the new username to be associated with the security domain

password - the new value of the password to store in the configuration (e.g. the obfuscated password itself)

Throws:

Exception - if failed to update security domain

getSecureIdentitySecurityDomainModuleOptions

public org.jboss.dmr.ModelNode getSecureIdentitySecurityDomainModuleOptions(String securityDomainName)
                                                                     throws Exception

Given the name of an existing security domain that uses the SecureIdentity authentication method, this returns the module options for that security domain authentication method. This includes the username and password of the domain.

Parameters:

securityDomainName - the name of the security domain whose module options are to be returned

Returns:

the module options or null if the security domain doesn't exist

Throws:

Exception - if the security domain could not be looked up

createNewDatabaseServerSecurityDomain72

public void createNewDatabaseServerSecurityDomain72(String securityDomainName,
                                           String dsJndiName,
                                           String principalsQuery,
                                           String rolesQuery,
                                           String hashAlgorithm,
                                           String hashEncoding)
                                             throws Exception

Create a new security domain using the database server authentication method. This is used when you want to directly authenticate against a db entry. This is for AS 7.2+ (e.g. EAP 6.1) and works around https://issues.jboss.org/browse/AS7-6527

Parameters:

securityDomainName - the name of the new security domain

dsJndiName - the jndi name for the datasource to query against

principalsQuery - the SQL query for selecting password info for a principal

rolesQuery - the SQL query for selecting role info for a principal

hashAlgorithm - if null defaults to "MD5"

hashEncoding - if null defaults to "base64"

Throws:

Exception - if failed to create security domain

removeSecurityDomain

public void removeSecurityDomain(String securityDomainName)
                          throws Exception

Convenience method that removes a security domain by name. Useful when changing the characteristics of the login modules.

Parameters:

securityDomainName - the name of the new security domain

Throws:

Exception - if failed to remove the security domain

createNewSecurityDomain

public void createNewSecurityDomain(String securityDomainName,
                           SecurityDomainJBossASClient.LoginModuleRequest... loginModules)
                             throws Exception

Creates a new security domain including one or more login modules. The security domain will be replaced if it exists.

Parameters:

securityDomainName - the name of the new security domain

loginModules - an array of login modules to place in the security domain. They are ordered top-down in the same index order of the array.

Throws:

Exception - if failed to create security domain

flushSecurityDomainCache

public void flushSecurityDomainCache(String domain)
                              throws Exception

send a :flush-cache operation to the passed security domain

Parameters:

domain - simple name of the domain

Throws:

Exception

securityDomainHasLoginModule

public boolean securityDomainHasLoginModule(String domainName,
                                   String moduleName)
                                     throws Exception

Check if a certain login module is present inside the passed security domain

Parameters:

domainName - Name of the security domain

moduleName - Name of the Login module - wich usually is it FQCN

Returns:

True if the module is present

Throws:

Exception