All Downloads are FREE. Search and download functionalities are using the official Maven repository.

javax.security.auth.message.config.AuthConfigFactory Maven / Gradle / Ivy

There is a newer version: 8.0.1
Show newest version
/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright (c) 1997-2013 Oracle and/or its affiliates. All rights reserved.
 *
 * The contents of this file are subject to the terms of either the GNU
 * General Public License Version 2 only ("GPL") or the Common Development
 * and Distribution License("CDDL") (collectively, the "License").  You
 * may not use this file except in compliance with the License.  You can
 * obtain a copy of the License at
 * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
 * or packager/legal/LICENSE.txt.  See the License for the specific
 * language governing permissions and limitations under the License.
 *
 * When distributing the software, include this License Header Notice in each
 * file and include the License file at packager/legal/LICENSE.txt.
 *
 * GPL Classpath Exception:
 * Oracle designates this particular file as subject to the "Classpath"
 * exception as provided by Oracle in the GPL Version 2 section of the License
 * file that accompanied this code.
 *
 * Modifications:
 * If applicable, add the following below the License Header, with the fields
 * enclosed by brackets [] replaced by your own identifying information:
 * "Portions Copyright [year] [name of copyright owner]"
 *
 * Contributor(s):
 * If you wish your version of this file to be governed by only the CDDL or
 * only the GPL Version 2, indicate your decision by adding "[Contributor]
 * elects to include this software in this distribution under the [CDDL or GPL
 * Version 2] license."  If you don't indicate a single choice of license, a
 * recipient has the option to distribute your version of this file under
 * either the CDDL, the GPL Version 2 or to extend the choice of license to
 * its licensees as provided above.  However, if you add GPL Version 2 code
 * and therefore, elected the GPL Version 2 license, then the option applies
 * only if the new code is made subject to such option by the copyright
 * holder.
 */

package javax.security.auth.message.config;

import java.security.Permission;
import java.security.Security;
import java.security.SecurityPermission;
import java.util.Map;
import java.util.Properties;

/**
 * This class is used to obtain AuthConfigProvider objects 
 * that can be used to obtain authentication context configuration objects,
 * that is, ClientAuthConfig and ServerAuthConfig
 * objects.
 * 

Authentication context configuration objects are used to obtain * authentication context objects. Authentication context objects, * that is, ClientAuthContext and ServerAuthContex * objects, encapsulate authentication modules. Authentication modules are * pluggable components that perform security-related processing of * request and response messages. * *

Callers do not operate on modules directly. * Instead they rely on an authentication context to manage the * invocation of modules. A caller obtains an authentication context * by calling the getAuthContext method on a * ClientAuthConfig or ServerAuthConfig * obtained from an AuthConfigProvider. * *

The following represents a typical sequence of calls for obtaining * a client authentication context, and then using it to secure * a request. *

    *
  1. AuthConfigFactory factory = AuthConfigFactory.getFactory(); *
  2. AuthConfigProvider provider = factory.getConfigProvider(layer,appID,listener); *
  3. ClientAuthConfig config = provider.getClientAuthConfig(layer,appID,cbh) *
  4. String authContextID = config.getAuthContextID(messageInfo); *
  5. ClientAuthContext context = config.getAuthContext(authContextID,subject,properties); *
  6. context.secureRequest(messageInfo,subject); *
* *

A system-wide AuthConfigFactory implementation can be set by invoking * setFactory, and retrieved using getFactory. * *

Every implementation of this abstract class must offer a public, * zero argument constructor. This constructor must support the construction * and registration (including self-registration) of AuthConfigProviders * from a persistent declarative representation. * For example, a factory implementation class could interpret the contents * of a file containing a sequence of configuration entries, with one entry per * AuthConfigProvider, and with each entry representing: *

    *
  • The fully qualified name of the provider implementation class (or null) *
  • The list of provider initialization properties (which could be empty) *
* Any provider initialization properties must be specified in a * form that can be passed to the provider constructor within a Map of key, * value pairs, and where all keys and values within the Map are of type * String. *

* The entry syntax must also provide for the optional inclusion of information * sufficient to define a RegistrationContext. This information would only * be present when the factory will register the provider. * For example, each entry could provide for the inclusion of one or more * RegistrationContext objects of the following form: *

    *
  • The message layer name (or null) *
  • The application context identifier (or null) *
  • The registration description (or null) *
* When a RegistrationContext is not included, the factory must make it * convenient for the provider to self-register with the factory during * the provider construction (see * registerConfigProvider(AuthConfigProvider provider, ...)). *

An AuthConfigFactory implementation is free to choose is own * persistent declarative syntax as long as it conforms to the requirements * defined by this class. * * * @see ClientAuthContext * @see ServerAuthContext * @see ClientAuthConfig * @see ServerAuthConfig * @see Properties */ public abstract class AuthConfigFactory { private static AuthConfigFactory factory = null; /** * The name of the Security property used to define the * default AuthConfigFactory implementation class. */ public static final String DEFAULT_FACTORY_SECURITY_PROPERTY = "authconfigprovider.factory"; /** * The name of the Security property used to control operations within * the factory. */ private static final String PROVIDER_SECURITY_PROPERTY = "authconfigfactory.provider"; /** * The name of the SecurityPermission required to call getFactory */ public static final String GET_FACTORY_PERMISSION_NAME = ("getProperty."+DEFAULT_FACTORY_SECURITY_PROPERTY); /** * The name of the SecurityPermission required to call setFactory */ public static final String SET_FACTORY_PERMISSION_NAME = ("setProperty."+DEFAULT_FACTORY_SECURITY_PROPERTY); /** * The name of the SecurityPermission to be used to authorize access to the * update methods of the factory implementation class. */ public static final String PROVIDER_REGISTRATION_PERMISSION_NAME = ("setProperty."+PROVIDER_SECURITY_PROPERTY); /** * The SecurityPermission, * with name {@link #GET_FACTORY_PERMISSION_NAME}, * that is used to authorize access to the getFactory method. */ public static final SecurityPermission getFactorySecurityPermission = new SecurityPermission(GET_FACTORY_PERMISSION_NAME); /** * The SecurityPermission, * with name {@link #SET_FACTORY_PERMISSION_NAME}, * that is used to authorize access to the setFactory method. */ public static final SecurityPermission setFactorySecurityPermission = new SecurityPermission(SET_FACTORY_PERMISSION_NAME); /** * An instance of the SecurityPermission (with name * {@link #PROVIDER_REGISTRATION_PERMISSION_NAME}) * for use in authorizing access to the update methods of the factory * implementation class. */ public static final SecurityPermission providerRegistrationSecurityPermission = new SecurityPermission(PROVIDER_REGISTRATION_PERMISSION_NAME); /** * utility method to check for permission to operate on the factory. * * @exception SecurityException if the SecurityManager is enabled and * the calling access control context has not been granted * the argument permission. */ private static void checkPermission(Permission p) throws SecurityException { SecurityManager sm = System.getSecurityManager(); if (sm != null) { sm.checkPermission(p); } } /** * Get the system-wide AuthConfigFactory implementation. * *

If a non-null system-wide factory instance is defined at the time * of the call, * for example, with setFactory, it will be returned. Otherwise, an * attempt will be made to construct an instance of the default * AuthConfigFactory implementation class. The fully qualified class name * of the default factory implementation class is obtained from the value of * the {@link #DEFAULT_FACTORY_SECURITY_PROPERTY} security property. When an * instance of the default factory implementation class is successfully * constructed by this method, this method will set it as the system-wide * factory instance. * *

The absolute pathname of the Java security properties file is * JAVA_HOME/lib/security/java.security, where JAVA_HOME * refers to the directory where the JDK was installed. * *

When a SecurityManager is enabled, the * {@link #getFactorySecurityPermission} will be required to call this * method. If at the time of the call, a system-wide factory instance has * not already been defined, then the {@link #setFactorySecurityPermission} * will also be required. * * @return The non-null system-wide AuthConfigFactory instance set at the * time of the call, or if that value was null, the value of the * system-wide factory instance established by this method. * This method returns null when the system-wide factory was not * defined when this method was called and no default factory name * was defined via the security property. * * @exception SecurityException If the caller does not have permission * to retrieve the factory, or set it as the system-wide * instance. Also thrown if an exception was thrown during the * class loading, or construction of the default AuthConfigFactory * implementation class; in which case the SecurityException will * contain the root Exception as its cause. */ public static synchronized AuthConfigFactory getFactory() { checkPermission(getFactorySecurityPermission); if (AuthConfigFactory.factory == null) { final String className = Security.getProperty (DEFAULT_FACTORY_SECURITY_PROPERTY); if (className != null) { checkPermission(setFactorySecurityPermission); try { AuthConfigFactory.factory = (AuthConfigFactory) java.security.AccessController.doPrivileged (new java.security.PrivilegedExceptionAction() { public Object run() throws ClassNotFoundException, InstantiationException, IllegalAccessException { ClassLoader loader = Thread.currentThread(). getContextClassLoader(); Class clazz = Class.forName (className,true,loader); return clazz.newInstance(); } }); } catch (java.security.PrivilegedActionException pae) { throw new SecurityException(pae.getException()); } } } return AuthConfigFactory.factory; } /** * Set the system-wide AuthConfigFactory implementation. * *

If an implementation was set previously, it will be replaced. *

Listeners are not notified of a change to the registered factory. * * @param factory The AuthConfigFactory instance, which may be null. * * @exception SecurityException If the caller does not have * permission to set the factory. */ public static synchronized void setFactory(AuthConfigFactory factory) { checkPermission(setFactorySecurityPermission); AuthConfigFactory.factory = factory; } /** * Get a registered AuthConfigProvider from the factory. * * Get the provider of ServerAuthConfig and * ClientAuthConfig objects registered for the identified message * layer and application context. * *

All factories shall employ the following precedence rules to select * the registered AuthConfigProvider that matches the layer and appContext * arguments: *

    *
  • The provider specifically registered for the values * passed as the layer and appContext arguments * shall be selected. *
  • If no provider is selected according to the preceding rule, * the provider specifically registered for the value passed as the * appContext argument and for all (that is, null) layers * shall be selected. *
  • If no provider is selected according to the preceding rules, * the provider specifically registered for the value passed as the * layer argument and for all (that is, null) appContexts * shall be selected. *
  • If no provider is selected according to the preceding rules, * the provider registered for all (that is, null) layers * and for all (that is, null) appContexts shall be selected. *
  • If no provider is selected according to the preceding rules, * the factory shall terminate its search for a registered provider. *
*

* The above precedence rules apply equivalently to registrations created * with a null or non-null className argument. * * @param layer A String identifying the message layer * for which the registered AuthConfigProvider is * to be returned. The value of this argument may be null. * * @param appContext A String that identifies the application messaging * context for which the registered AuthConfigProvider * is to be returned. The value of this argument may be null. * * @param listener The RegistrationListener whose * notify method is to be invoked * if the corresponding registration is unregistered or * replaced. The value of this argument may be null. * * @return The implementation of the AuthConfigProvider interface * registered at the factory for the layer and appContext, * or null if no AuthConfigProvider is selected. An argument * listener is attached even if the return value is null. */ public abstract AuthConfigProvider getConfigProvider(String layer, String appContext, RegistrationListener listener); /** * Registers within the factory and records within the factory's * persistent declarative representation of provider registrations * a provider of ServerAuthConfig and/or ClientAuthConfig objects for a * message layer and application context identifier. * * This method typically constructs an instance of the provider * before registering it with the factory. Factories may extend or modify * the persisted registrations of existing provider instances, if * those instances were registered with ClassName and * properties arguments equivalent to those passed in the current call. *

* This method employs the two argument constructor required to * be supported by every implementation of the AuthConfigProvider * interface, and this method must pass a null value for the factory * argument of the constructor. * AuthConfigProviderImpl AuthConfigProviderImpl(Map properties, * AuthConfigFactory factory). * *

At most one registration may exist within the factory for a * given combination of message layer * and appContext. Any pre-existing * registration with identical values for layer and appContext is replaced * by a subsequent registration. When replacement occurs, the registration * identifier, layer, and appContext identifier remain unchanged, * and the AuthConfigProvider (with initialization properties) and * description are replaced. * *

Within the lifetime of its Java process, a factory must assign unique * registration identifiers to registrations, and must never * assign a previously used registration identifier to a registration * whose message layer and or appContext identifier differ from * the previous use. * *

Programmatic registrations performed by using this method must update * (according to the replacement rules described above) the persistent * declarative representation of provider registrations employed by the * factory constructor. * *

When a SecurityManager is enabled, before loading the argument * provider, and before making any changes to the factory, this method must * confirm that the calling access control context has been granted the * {@link #providerRegistrationSecurityPermission} * * * @param className The fully qualified name of an AuthConfigProvider * implementation class (or null). Calling this method with a * null value for this parameter shall cause * getConfigProvider to return null when it is * called with layer and appContext values for which the * resulting registration is the best match. * * @param properties A Map object containing the initialization * properties to be passed to the properties argument of the * provider constructor. * This argument may be null. When this argument is not null, * all the values and keys occurring in the Map must be of * type String. * * @param layer A String identifying the message layer * for which the provider will be registered at the factory. * A null value may be passed as an argument for this parameter, * in which case the provider is registered at all layers. * * @param appContext A String value that may be used by a runtime * to request a configuration object from this provider. * A null value may be passed as an argument for this parameter, * in which case the provider is registered for all * configuration ids (at the indicated layers). * * @param description A text String describing the provider. * This value may be null. * * @return A String identifier assigned by * the factory to the provider registration, and that may be * used to remove the registration from the factory. * * @exception SecurityException If the caller does not have * permission to register a provider at the factory, or if the * the provider construction (given a non-null * className) or registration fails. * */ public abstract String registerConfigProvider(String className, Map properties, String layer, String appContext, String description); /** * Registers within the (in-memory) factory, a provider * of ServerAuthConfig and/or ClientAuthConfig objects for a * message layer and application context identifier. * This method does NOT effect the factory's persistent * declarative representation of provider registrations, and is intended * to be used by providers to perform self-Registration. * *

At most one registration may exist within the factory for a * given combination of message layer * and appContext. Any pre-existing * registration with identical values for layer and appContext is replaced * by a subsequent registration. When replacement occurs, the registration * identifier, layer, and appContext identifier remain unchanged, * and the AuthConfigProvider (with initialization properties) and * description are replaced. * *

Within the lifetime of its Java process, a factory must assign unique * registration identifiers to registrations, and must never * assign a previously used registration identifier to a registration * whose message layer and or appContext identifier differ from * the previous use. * *

When a SecurityManager is enabled, and before making any changes to * the factory, this method must confirm that * the calling access control context has been granted the * {@link #providerRegistrationSecurityPermission} * * @param provider The AuthConfigProvider to be registered at the factory * (or null). Calling this method with a null value for this * parameter shall cause getConfigProvider to * return null when it is called with layer and appContext values * for which the resulting registration is the best match. * * @param layer A String identifying the message layer * for which the provider will be registered at the factory. * A null value may be passed as an argument for this parameter, * in which case the provider is registered at all layers. * * @param appContext A String value that may be used by a runtime * to request a configuration object from this provider. * A null value may be passed as an argument for this parameter, * in which case the provider is registered for all * configuration ids (at the indicated layers). * * @param description A text String describing the provider. * This value may be null. * * @return A String identifier assigned by * the factory to the provider registration, and that may be * used to remove the registration from the factory. * * @exception SecurityException If the caller does not have * permission to register a provider at the factory, or * if the provider registration fails. */ public abstract String registerConfigProvider(AuthConfigProvider provider, String layer, String appContext, String description); /** * Remove the identified provider registration from the factory (and from * the persistent declarative representation of provider registrations, * if appropriate) and invoke any listeners associated with the removed * registration. * *

When a SecurityManager is enabled, and before making any changes to * the factory, this method must confirm that * the calling access control context has been granted the * {@link #providerRegistrationSecurityPermission} * * @param registrationID A String that identifies a provider registration * at the factory * * @return True if there was a registration with the specified identifier * and it was removed. Return false if the registrationID was * invalid. * * @exception SecurityException If the caller does not have * permission to unregister the provider at the factory. * */ public abstract boolean removeRegistration(String registrationID); /** * Disassociate the listener from all the provider * registrations whose layer and appContext values are matched * by the corresponding arguments to this method. *

* Factories should periodically notify Listeners to effectively * detach listeners that are no longer in use. * *

When a SecurityManager is enabled, and before making any changes to * the factory, this method must confirm that * the calling access control context has been granted the * {@link #providerRegistrationSecurityPermission} * * @param listener The RegistrationListener to be detached. * * @param layer A String identifying the message layer or null. * * @param appContext A String value identifying the application context * or null. * * @return An array of String values where each value identifies a * provider registration from which the listener was removed. * This method never returns null; it returns an empty array if * the listener was not removed from any registrations. * * @exception SecurityException If the caller does not have * permission to detach the listener from the factory. * */ public abstract String[] detachListener(RegistrationListener listener, String layer, String appContext); /** * Get the registration identifiers for all registrations of the * provider instance at the factory. * * @param provider The AuthConfigurationProvider whose registration * identifiers are to be returned. This argument may be * null, in which case it indicates that the IDs of * all active registrations within the factory are to be returned. * * @return An array of String values where each value identifies a * provider registration at the factory. This method never returns null; * it returns an empty array when there are no registrations at the * factory for the identified provider. */ public abstract String[] getRegistrationIDs(AuthConfigProvider provider); /** * Get the the registration context for the identified registration. * * @param registrationID A String that identifies a provider registration * at the factory * * @return A RegistrationContext or null. When a Non-null value is * returned, it is a copy of the registration context corresponding to the * registration. Null is returned when the registration identifier does * not correspond to an active registration */ public abstract RegistrationContext getRegistrationContext(String registrationID); /** * Cause the factory to reprocess its persistent declarative * representation of provider registrations. * *

A factory should only replace an existing registration when * a change of provider implementation class or initialization * properties has occurred. * *

When a SecurityManager is enabled, and before the point where this * method could have caused any changes to the factory, this method must * confirm that the calling access control context has been granted the * {@link #providerRegistrationSecurityPermission} * * @exception SecurityException If the caller does not have permission * to refresh the factory, or if an error occurred during the * reinitialization. */ public abstract void refresh(); /** * Represents the layer identifier, application context identifier, * and description components of an AuthConfigProvider registration at the * factory. */ public interface RegistrationContext { /** * Get the layer name from the registration context * * @return A String identifying the message layer * for which the AuthConfigProvider was registered. * The returned value may be null. */ public String getMessageLayer(); /** * Get the application context identifier from the registration context * * @return A String identifying the application context * for which the AuthConfigProvider was registered. * The returned value may be null. */ public String getAppContext(); /** * Get the description from the registration context * * @return The description String from the registration, or null * if no description string was included in the registration. */ public String getDescription(); /** * Get the persisted status from the registration context. * * @return A boolean indicating whether the registration is the result * of a className based registration, or an instance-based * (for example, self-) registration. Only registrations performed * using the five argument registerConfigProvider * method are persistent. */ public boolean isPersistent(); } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy