All Downloads are FREE. Search and download functionalities are using the official Maven repository.

jakarta.security.auth.message.MessagePolicy Maven / Gradle / Ivy

Go to download

Jakarta Authentication defines a general low-level SPI for authentication mechanisms, which are controllers that interact with a caller and a container's environment to obtain the caller's credentials, validate these, and pass an authenticated identity (such as name and groups) to the container. Jakarta Authentication consists of several profiles, with each profile telling how a specific container (such as Jakarta Servlet) can integrate with- and adapt to this SPI.

There is a newer version: 3.1.0
Show newest version
/*
 * Copyright (c) 1997, 2020 Oracle and/or its affiliates and others.
 * All rights reserved.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Public License v. 2.0, which is available at
 * http://www.eclipse.org/legal/epl-2.0.
 *
 * This Source Code may also be made available under the following Secondary
 * Licenses when the conditions for such availability set forth in the
 * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
 * version 2 with the GNU Classpath Exception, which is available at
 * https://www.gnu.org/software/classpath/license.html.
 *
 * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
 */

package jakarta.security.auth.message;

import jakarta.security.auth.message.config.ClientAuthContext;
import jakarta.security.auth.message.config.ServerAuthContext;
import jakarta.security.auth.message.module.ClientAuthModule;
import jakarta.security.auth.message.module.ServerAuthModule;

/**
 * This class defines a message authentication policy.
 *
 * 

* A ClientAuthContext uses this class to communicate (at module initialization time) request and response message * protection policies to its ClientAuthModule objects. A ServerAuthContext uses this class to communicate request and * response message protection policies to its ServerAuthModule objects. * * @see ClientAuthContext * @see ServerAuthContext * @see ClientAuthModule * @see ServerAuthModule */ public class MessagePolicy { private TargetPolicy[] targetPolicies; private boolean mandatory; /** * Create a MessagePolicy instance with an array of target policies. * * @param targetPolicies an array of target policies. * * @param mandatory A boolean value indicating whether the MessagePolicy is mandatory or optional. * * @exception IllegalArgumentException if the specified targetPolicies is null. */ public MessagePolicy(TargetPolicy[] targetPolicies, boolean mandatory) { if (targetPolicies == null) { throw new IllegalArgumentException("invalid null targetPolicies"); } this.targetPolicies = targetPolicies.clone(); this.mandatory = mandatory; } /** * Get the MessagePolicy modifier. * * @return A boolean indicating whether the MessagePolicy is optional(false) or required(true). */ public boolean isMandatory() { return mandatory; } /** * Get the target policies that comprise the authentication policy. * *

* When this method returns an array of target policies, the order of elements in the array represents the order that * the corresponding message transformations or validations described by the target policies are to be performed by the * authentication module. * * @return An array of target authentication policies, where each element describes an authentication policy and the * parts of the message to which the authentication policy applies. This method returns null to indicate that no * security operations should be performed on the messages to which the policy applies. This method never returns a * zero-length array. * */ public TargetPolicy[] getTargetPolicies() { return targetPolicies.clone(); } /** * This class defines the message protection policies for specific Targets. * *

* This class is used to associate a message protection policy with targets within a message. Message targets are * represented using an implementation of the Target interface matched to the message types in MessageInfo. The * message protection policy is identified by an implementation of the ProtectionPolicy interface. * * @see ClientAuthModule * @see ServerAuthModule */ public static class TargetPolicy { private Target[] targets; private ProtectionPolicy protectionPolicy; /** * Create a TargetPolicy instance with an array of Targets and with a ProtectionPolicy. * * @param targets An array of Targets. This argument may be null. * * @param protectionPolicy The object that describes the message authentication policy that applies to the targets. * * @exception IllegalArgumentException if the specified targets or protectionPolicy is null. */ public TargetPolicy(Target[] targets, ProtectionPolicy protectionPolicy) { if (protectionPolicy == null) { throw new IllegalArgumentException("invalid null protectionPolicy"); } if (targets == null || targets.length == 0) { this.targets = null; } else { this.targets = targets.clone(); } this.protectionPolicy = protectionPolicy; } /** * Get the array of layer-specific target descriptors that identify the one or more message parts to which the specified * message protection policy applies. * * @return An array of Target that identify targets within a message. This method returns null when the specified * policy applies to the whole message (excluding any metadata added to the message to satisfy the policy). This method * never returns a zero-length array. */ public Target[] getTargets() { return targets; } /** * Get the ProtectionPolicy that applies to the targets. * * @return A ProtectionPolicy object that identifies the message authentication requirements that apply to the targets. */ public ProtectionPolicy getProtectionPolicy() { return protectionPolicy; } } /** * This interface is used to represent and perform message targeting. Targets are used by message authentication modules * to operate on the corresponding content within messages. * *

* The internal state of a Target indicates whether it applies to the request or response message of a MessageInfo and * to which components it applies within the identified message. */ public interface Target { /** * Get the Object identified by the Target from the MessageInfo. * * @param messageInfo The MessageInfo containing the request or response message from which the target is to be * obtained. * * @return An Object representing the target, or null when the target could not be found in the MessageInfo. */ Object get(MessageInfo messageInfo); /** * Remove the Object identified by the Target from the MessageInfo. * * @param messageInfo The MessageInfo containing the request or response message from which the target is to be removed. */ void remove(MessageInfo messageInfo); /** * Put the Object into the MessageInfo at the location identified by the target. * * @param messageInfo The MessageInfo containing the request or response message into which the object is to be put. * @param data The data to be put into the MessageInfo */ void put(MessageInfo messageInfo, Object data); } /** * This interface is used to represent message authentication policy. * *

* The internal state of a ProtectionPolicy object defines the message authentication requirements to be applied to the * associated Target. */ public interface ProtectionPolicy { /** * The identifier for a ProtectionPolicy that indicates that the sending entity is to be authenticated. */ String AUTHENTICATE_SENDER = "#authenticateSender"; /** * The identifier for a ProtectionPolicy that indicates that the origin of data within the message is to be authenticated * (that is, the message is to be protected such that its recipients can establish who defined the message content). */ String AUTHENTICATE_CONTENT = "#authenticateContent"; /** * The identifier for a ProtectionPolicy that indicates that the message recipient is to be authenticated. */ String AUTHENTICATE_RECIPIENT = "#authenticateRecipient"; /** * Get the ProtectionPolicy identifier. An identifier may represent a conceptual protection policy (as is the case with * the static identifiers defined within this interface) or it may identify a procedural policy expression or plan that * may be more difficult to categorize in terms of a conceptual identifier. * * @return A String containing a policy identifier. This interface defines some policy identifier constants. * Configuration systems may define and employ other policy identifiers values. */ String getID(); } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy