org.objectweb.easybeans.security.propagation.context
Class SecurityContext

java.lang.Object
  extended by org.objectweb.easybeans.security.propagation.context.SecurityContext
All Implemented Interfaces:
java.io.Serializable, EZBSecurityContext

public final class SecurityContext
extends java.lang.Object
implements EZBSecurityContext, java.io.Serializable

Security Context that is exchanged and propagated from clients to beans.
This is also why it is a serializable object (as it has to be exchanged).
The security contains allow to get the current principal and the roles associated to this principal.
RunAs mode is managed by keeping the previous security context.

Author:
Florent Benoit
See Also:
Serialized Form

Field Summary
private static java.lang.String ANONYMOUS_ROLE
          Anonymous role.
private static javax.security.auth.Subject ANONYMOUS_SUBJECT
          Anonymous subject (not authenticated).
private static java.lang.String ANONYMOUS_USER
          Anonymous user name.
private  javax.security.auth.Subject callerInRunAsModeSubject
          caller subject in run-as mode
In run-as case, the run-as subject is set as the current subject, and the previous one is kept.
This previous subject is used to get the caller on the run-as bean.
private static JLog logger
          Logger.
private static long serialVersionUID
          UID for serialization.
private  javax.security.auth.Subject subject
          Current subject (subject that has been authenticated).
By default, it is the anonymous subject.
 
Constructor Summary
SecurityContext()
          Default private constructor.
SecurityContext(javax.security.auth.Subject subject)
          Build a security context with the given subject.
 
Method Summary
private static javax.security.auth.Subject buildAnonymousSubject()
          Build an anonymous subject when no user is authenticated.
This is required as getCallerPrincipal() should never return null.
static javax.security.auth.Subject buildSubject(java.lang.String userName, java.util.List<java.lang.String> roleList)
          Build a subject with the given user name and the list of roles.
static javax.security.auth.Subject buildSubject(java.lang.String userName, java.lang.String[] roleArray)
          Build a subject with the given user name and the list of roles.
 void endsRunAs(javax.security.auth.Subject oldSubject)
          Ends the run-as mode and then restore the context stored by container.
 javax.security.auth.Subject enterRunAs(javax.security.auth.Subject runAsSubject)
          Enters in run-as mode with the given subject.
The previous subject is stored and will be restored when run-as mode will be ended.
 java.security.Principal getCallerPrincipal(boolean runAsBean)
          Gets the caller's principal.
 java.security.Principal[] getCallerRoles(boolean runAsBean)
          Gets the caller's roles.
 java.util.List<? extends java.security.Principal> getCallerRolesList(boolean runAsBean)
          Gets the caller's roles.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

serialVersionUID

private static final long serialVersionUID
UID for serialization.

See Also:
Constant Field Values

logger

private static JLog logger
Logger.


ANONYMOUS_USER

private static final java.lang.String ANONYMOUS_USER
Anonymous user name.

See Also:
Constant Field Values

ANONYMOUS_ROLE

private static final java.lang.String ANONYMOUS_ROLE
Anonymous role.

See Also:
Constant Field Values

ANONYMOUS_SUBJECT

private static final javax.security.auth.Subject ANONYMOUS_SUBJECT
Anonymous subject (not authenticated).


subject

private javax.security.auth.Subject subject
Current subject (subject that has been authenticated).
By default, it is the anonymous subject.


callerInRunAsModeSubject

private javax.security.auth.Subject callerInRunAsModeSubject
caller subject in run-as mode
In run-as case, the run-as subject is set as the current subject, and the previous one is kept.
This previous subject is used to get the caller on the run-as bean.

Constructor Detail

SecurityContext

public SecurityContext()
Default private constructor.


SecurityContext

public SecurityContext(javax.security.auth.Subject subject)
Build a security context with the given subject.

Parameters:
subject - the given subject.
Method Detail

enterRunAs

public javax.security.auth.Subject enterRunAs(javax.security.auth.Subject runAsSubject)
Enters in run-as mode with the given subject.
The previous subject is stored and will be restored when run-as mode will be ended.

Specified by:
enterRunAs in interface EZBSecurityContext
Parameters:
runAsSubject - the subject to used in run-as mode.
Returns:
the previous subject.

endsRunAs

public void endsRunAs(javax.security.auth.Subject oldSubject)
Ends the run-as mode and then restore the context stored by container.

Specified by:
endsRunAs in interface EZBSecurityContext
Parameters:
oldSubject - subject kept by container and restored.

getCallerPrincipal

public java.security.Principal getCallerPrincipal(boolean runAsBean)
Gets the caller's principal.

Specified by:
getCallerPrincipal in interface EZBSecurityContext
Parameters:
runAsBean - if true, the bean is a run-as bean.
Returns:
principal of the caller.

getCallerRolesList

public java.util.List<? extends java.security.Principal> getCallerRolesList(boolean runAsBean)
Gets the caller's roles.

Parameters:
runAsBean - if true, the bean is a run-as bean.
Returns:
list of roles of the caller.

getCallerRoles

public java.security.Principal[] getCallerRoles(boolean runAsBean)
Gets the caller's roles.

Specified by:
getCallerRoles in interface EZBSecurityContext
Parameters:
runAsBean - if true, the bean is a run-as bean.
Returns:
array of roles of the caller.

buildAnonymousSubject

private static javax.security.auth.Subject buildAnonymousSubject()
Build an anonymous subject when no user is authenticated.
This is required as getCallerPrincipal() should never return null.

Returns:
anonymous subject.

buildSubject

public static javax.security.auth.Subject buildSubject(java.lang.String userName,
                                                       java.lang.String[] roleArray)
Build a subject with the given user name and the list of roles.

Parameters:
userName - given username
roleArray - given array of roles.
Returns:
built subject.

buildSubject

public static javax.security.auth.Subject buildSubject(java.lang.String userName,
                                                       java.util.List<java.lang.String> roleList)
Build a subject with the given user name and the list of roles.

Parameters:
userName - given username
roleList - given list of roles.
Returns:
built subject.