jrun.security
Interface JRunSecurityManagerServiceMBean

All Superinterfaces:

java.io.Serializable, Service, ServiceMBean

All Known Subinterfaces:

JRunSecurityManager

public interface JRunSecurityManagerServiceMBean

extends ServiceMBean

MBean Interface for the JRunSecurityManager to provide user credential authentication and Role validation

Fields inherited from interface jrunx.kernel.Service

INITIALIZED, STARTED, STARTING, STOPPED, STOPPING, UNINITIALIZED

Method Summary

void	addLoginModule(java.lang.String domain, java.util.Properties loginModule)
java.lang.Object	authenticateSecurityContext(java.lang.Object principalname, java.lang.Object credential)
java.lang.Object	authenticateSecurityContext(java.lang.Object principalname, java.lang.Object credential, java.lang.String hostName) Authentication for trusted hosts If the hostname is part of the trusted hosts collection, no authentication is needed We create a new security context andd return the securityID
java.lang.Object	authenticateSecurityContext(java.security.Principal principal, java.lang.Object credential) Authenticate this principal/credential pair and return a SecurityContextId
boolean	checkSharedPrincipals(java.util.Collection permissions, SimplePrincipal thisPrincipal)
void	closeSecurityContext(java.lang.Object securityContextId)
java.lang.String	getAuthConfig()
boolean	getCheckForSharedPrincipals()
JRunSecurityManager	getJRunSecurityManager()
java.util.ArrayList	getLoginModules(java.lang.String domain)
java.lang.String	getRoleMappingDomain()
SimplePrincipal	getRunAsIdentityPrincipal(SimplePrincipal thisRole) This calls returns a principal associated with the role.
SecurityContext	getSecurityContext(java.lang.Object Id)
java.lang.String	getSecurityDomain()
boolean	isGuestAccessAllowed() Flag set in jrun.xml to allow remote access as guest without providing username and password Set to true by default
boolean	isPrincipalInRole(java.security.Principal principal, java.util.Collection roles, java.lang.String containerRoleMapDomain) Is the principal set up to play one of the roles in the set.
boolean	isPrincipalValid(java.security.Principal p, java.lang.Object Credential, java.lang.String securityDomain) Authenticate the Principal Credential pair
void	modifyLoginModule(java.lang.String domain, java.util.Properties originalModule, java.util.Properties updateModule)
void	removeLoginModule(java.lang.String domain, java.util.Properties loginModule)
void	setAuthConfig(java.lang.String configFileName) filename for JAAS configuration
void	setCheckForSharedPrincipals(boolean checkForSharedPrincipals) Flag to turn ON checking for shared principals when method authorization fails for an EJB running under runAS identity.
void	setGuestAccessAllowed(boolean guestAccessAllowed)
void	setRoleMappingDomain(java.lang.String domain) The RoleMappingDomain value for Role Resource Authorization can be customized according to the container type.
void	setSecurityDomain(java.lang.String domain) SecurityDomain property decides the configuration in the auth.config file that JAAS uses for authentication This is only for Principal, Credential Authentication.
void	setTrustedHost(java.lang.String hostName) List of trusted hosts for interop

Methods inherited from interface jrunx.kernel.ServiceMBean

bind, getBindToJNDI, getDeactivated, getDomainName, getJRunService, getLogger, getName, getParentService, getServerName, requestServer, setBindToJNDI, setDeactivated, setDomainName, setName, setParentService, unbind

Methods inherited from interface jrunx.kernel.Service

destroy, getStatus, init, start, stop, updateStatus

Method Detail

setSecurityDomain

public void setSecurityDomain(java.lang.String domain)

SecurityDomain property decides the configuration in the auth.config file that JAAS uses for authentication This is only for Principal, Credential Authentication.

getSecurityDomain

public java.lang.String getSecurityDomain()

setRoleMappingDomain

public void setRoleMappingDomain(java.lang.String domain)

The RoleMappingDomain value for Role Resource Authorization can be customized according to the container type. The default value comes from jrun.xml

getRoleMappingDomain

public java.lang.String getRoleMappingDomain()

setAuthConfig

public void setAuthConfig(java.lang.String configFileName)

filename for JAAS configuration

getAuthConfig

public java.lang.String getAuthConfig()

setCheckForSharedPrincipals

public void setCheckForSharedPrincipals(boolean checkForSharedPrincipals)

Flag to turn ON checking for shared principals when method authorization fails for an EJB running under runAS identity. Default value is false

getCheckForSharedPrincipals

public boolean getCheckForSharedPrincipals()

isGuestAccessAllowed

public boolean isGuestAccessAllowed()

Flag set in jrun.xml to allow remote access as guest without providing username and password Set to true by default

setGuestAccessAllowed

public void setGuestAccessAllowed(boolean guestAccessAllowed)

setTrustedHost

public void setTrustedHost(java.lang.String hostName)

List of trusted hosts for interop

isPrincipalValid

public boolean isPrincipalValid(java.security.Principal p,
                                java.lang.Object Credential,
                                java.lang.String securityDomain)

Authenticate the Principal Credential pair

isPrincipalInRole

public boolean isPrincipalInRole(java.security.Principal principal,
                                 java.util.Collection roles,
                                 java.lang.String containerRoleMapDomain)

Is the principal set up to play one of the roles in the set.

authenticateSecurityContext

public java.lang.Object authenticateSecurityContext(java.security.Principal principal,
                                                    java.lang.Object credential)
                                             throws java.lang.Exception

Authenticate this principal/credential pair and return a SecurityContextId

authenticateSecurityContext

public java.lang.Object authenticateSecurityContext(java.lang.Object principalname,
                                                    java.lang.Object credential)
                                             throws java.lang.Exception

authenticateSecurityContext

public java.lang.Object authenticateSecurityContext(java.lang.Object principalname,
                                                    java.lang.Object credential,
                                                    java.lang.String hostName)
                                             throws java.lang.Exception

Authentication for trusted hosts If the hostname is part of the trusted hosts collection, no authentication is needed We create a new security context andd return the securityID

getSecurityContext

public SecurityContext getSecurityContext(java.lang.Object Id)

closeSecurityContext

public void closeSecurityContext(java.lang.Object securityContextId)

checkSharedPrincipals

public boolean checkSharedPrincipals(java.util.Collection permissions,
                                     SimplePrincipal thisPrincipal)

getRunAsIdentityPrincipal

public SimplePrincipal getRunAsIdentityPrincipal(SimplePrincipal thisRole)

This calls returns a principal associated with the role. If more than one principal is defined under this role, the first one is returned Only applicable if shared principals flag is set to true

getJRunSecurityManager

public JRunSecurityManager getJRunSecurityManager()

getLoginModules

public java.util.ArrayList getLoginModules(java.lang.String domain)

addLoginModule

public void addLoginModule(java.lang.String domain,
                           java.util.Properties loginModule)
                    throws JRunSecurityException

removeLoginModule

public void removeLoginModule(java.lang.String domain,
                              java.util.Properties loginModule)
                       throws JRunSecurityException

modifyLoginModule

public void modifyLoginModule(java.lang.String domain,
                              java.util.Properties originalModule,
                              java.util.Properties updateModule)
                       throws JRunSecurityException