org.jboss.security.plugins
Class JaasSecurityDomain

java.lang.Object
  org.jboss.mx.util.JBossNotificationBroadcasterSupport
      org.jboss.system.ServiceMBeanSupport
          org.jboss.security.plugins.JaasSecurityManager
              org.jboss.security.plugins.JaasSecurityDomain

All Implemented Interfaces:

javax.management.MBeanRegistration, javax.management.NotificationBroadcaster, javax.management.NotificationEmitter, AuthenticationManager, JaasSecurityDomainMBean, RealmMapping, SecurityDomain, SubjectSecurityManager, org.jboss.system.Service, org.jboss.system.ServiceMBean

public class JaasSecurityDomain
extends JaasSecurityManager
implements SecurityDomain, JaasSecurityDomainMBean

The JaasSecurityDomain is an extension of JaasSecurityManager that addes the notion of a KeyStore, and JSSE KeyManagerFactory and TrustManagerFactory for supporting SSL and other cryptographic use cases. Attributes:

• KeyStoreType: The implementation type name being used, defaults to 'JKS'.
• KeyStoreURL: Set the KeyStore database URL string. This is used to obtain an InputStream to initialize the KeyStore. If the string is not a value URL, its treated as a file.
• KeyStorePass: the password used to load the KeyStore. Its format is one of:
  • The plaintext password for the KeyStore(or whatever format is used by the KeyStore). The toCharArray() value of the string is used without any manipulation.
  • A command to execute to obtain the plaintext password. The format is '{EXT}...' where the '...' is the exact command line that will be passed to the Runtime.exec(String) method to execute a platform command. The first line of the command output is used as the password.
  • A class to create to obtain the plaintext password. The format is '{CLASS}classname[:ctorarg]' where the '[:ctorarg]' is an optional string delimited by the ':' from the classname that will be passed to the classname ctor. The password is obtained from classname by invoking a 'char[] toCharArray()' method if found, otherwise, the 'String toString()' method is used.
  The KeyStorePass is also used in combination with the Salt and IterationCount attributes to create a PBE secret key used with the encode/decode operations.
• ManagerServiceName: The JMX object name string of the security manager service that the domain registers with to function as a security manager for the security domain name passed to the ctor. The makes the JaasSecurityDomain available under the standard JNDI java:/jaas/(domain) binding.
• LoadSunJSSEProvider: A flag indicating if the Sun com.sun.net.ssl.internal.ssl.Provider security provider should be loaded on startup. This is needed when using the Sun JSSE jars without them installed as an extension with JDK 1.3. This should be set to false with JDK 1.4 or when using an alternate JSSE provider
• Salt:
• IterationCount:

Version:

$Revision: 1.21.2.3 $

Author:

Scott.Stark@jboss.org, Jason Essington

Nested Class Summary

Nested classes/interfaces inherited from class org.jboss.security.plugins.JaasSecurityManager

JaasSecurityManager.DomainInfo

Field Summary

Fields inherited from class org.jboss.security.plugins.JaasSecurityManager

log, trace

Fields inherited from class org.jboss.system.ServiceMBeanSupport

server, SERVICE_CONTROLLER_SIG, serviceName

Fields inherited from interface org.jboss.system.ServiceMBean

CREATE_EVENT, CREATED, DESTROY_EVENT, DESTROYED, FAILED, REGISTERED, START_EVENT, STARTED, STARTING, states, STOP_EVENT, STOPPED, STOPPING, UNREGISTERED

Constructor Summary

JaasSecurityDomain()
Creates a default JaasSecurityDomain for with a securityDomain name of 'other'.

JaasSecurityDomain(String securityDomain)
Creates a JaasSecurityDomain for with a securityDomain name of that given by the 'securityDomain' argument.

JaasSecurityDomain(String securityDomain, CallbackHandler handler)
Creates a JaasSecurityDomain for with a securityDomain name of that given by the 'securityDomain' argument.

Method Summary

byte[]	decode(byte[] secret) Decrypt the secret using the cipherKey.
byte[]	decode64(String secret) Decrypt the base64 encoded secret using the cipherKey.
byte[]	encode(byte[] secret) Encrypt the secret using the cipherKey.
String	encode64(byte[] secret) Encrypt the secret using the cipherKey and return a base64 encoding.
String	getCipherAlgorithm()
KeyManagerFactory	getKeyManagerFactory() Get the KeyManagerFactory associated with the security domain
KeyStore	getKeyStore() Get the keystore associated with the security domain
String	getKeyStoreType() KeyStore implementation type being used.
String	getKeyStoreURL() Get the KeyStore database URL string.
javax.management.ObjectName	getManagerServiceName() The JMX object name string of the security manager service.
String	getName()
TrustManagerFactory	getTrustManagerFactory() Get the TrustManagerFactory associated with the security domain
KeyStore	getTrustStore() Get the truststore associated with the security domain.
String	getTrustStoreType() Get the type of the trust store
String	getTrustStoreURL() Get the trust store database URL string.
void	reloadKeyAndTrustStore() Reload the key- and truststore
void	setCipherAlgorithm(String cipherAlgorithm)
void	setIterationCount(int iterationCount) Set the iteration count used with PBE based on the keystore password.
void	setKeyStorePass(String password) Set the credential string for the KeyStore.
void	setKeyStoreType(String type) Set the type of KeyStore implementation to use.
void	setKeyStoreURL(String storeURL) Set the KeyStore database URL string.
void	setManagerServiceName(javax.management.ObjectName managerServiceName) Set the JMX object name string of the security manager service.
void	setSalt(String salt) Set the salt used with PBE based on the keystore password.
void	setTrustStorePass(String password) Set the credential string for the trust store.
void	setTrustStoreType(String type) Set the type of the trust store
void	setTrustStoreURL(String storeURL) Set the trust store database URL string.
protected void	startService()
protected void	stopService()

Methods inherited from class org.jboss.security.plugins.JaasSecurityManager

doesRoleGroupHaveRole, doesUserHaveRole, doesUserHaveRole, flushCache, getActiveSubject, getPrincipal, getSecurityDomain, getUserRoles, isValid, isValid, setCachePolicy, setDeepCopySubjectOption

Methods inherited from class org.jboss.system.ServiceMBeanSupport

create, createService, destroy, destroyService, getDeploymentInfo, getLog, getNextNotificationSequenceNumber, getObjectName, getServer, getServiceName, getState, getStateString, jbossInternalCreate, jbossInternalDescription, jbossInternalDestroy, jbossInternalLifecycle, jbossInternalStart, jbossInternalStop, postDeregister, postRegister, preDeregister, preRegister, start, stop

Methods inherited from class org.jboss.mx.util.JBossNotificationBroadcasterSupport

addNotificationListener, getNotificationInfo, handleNotification, nextNotificationSequenceNumber, removeNotificationListener, removeNotificationListener, sendNotification

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.jboss.security.AuthenticationManager

getActiveSubject, getSecurityDomain, isValid, isValid

Methods inherited from interface org.jboss.security.RealmMapping

doesUserHaveRole, getPrincipal, getUserRoles

Methods inherited from interface org.jboss.system.ServiceMBean

getState, getStateString, jbossInternalLifecycle

Methods inherited from interface org.jboss.system.Service

create, destroy, start, stop

Constructor Detail

JaasSecurityDomain

public JaasSecurityDomain()

Creates a default JaasSecurityDomain for with a securityDomain name of 'other'.

JaasSecurityDomain

public JaasSecurityDomain(String securityDomain)

Creates a JaasSecurityDomain for with a securityDomain name of that given by the 'securityDomain' argument.

Parameters:

securityDomain - , the name of the security domain

JaasSecurityDomain

public JaasSecurityDomain(String securityDomain,
                          CallbackHandler handler)

Creates a JaasSecurityDomain for with a securityDomain name of that given by the 'securityDomain' argument.

Parameters:

securityDomain - , the name of the security domain

handler - , the CallbackHandler to use to obtain login module info

Method Detail

getKeyStore

public KeyStore getKeyStore()
                     throws SecurityException

Description copied from interface: SecurityDomain

Get the keystore associated with the security domain

Specified by:

getKeyStore in interface SecurityDomain

Throws:

SecurityException

getKeyManagerFactory

public KeyManagerFactory getKeyManagerFactory()
                                       throws SecurityException

Description copied from interface: SecurityDomain

Get the KeyManagerFactory associated with the security domain

Specified by:

getKeyManagerFactory in interface SecurityDomain

Throws:

SecurityException

getTrustStore

public KeyStore getTrustStore()
                       throws SecurityException

Description copied from interface: SecurityDomain

Get the truststore associated with the security domain. This may be the same as the keystore.

Specified by:

getTrustStore in interface SecurityDomain

Throws:

SecurityException

getTrustManagerFactory

public TrustManagerFactory getTrustManagerFactory()
                                           throws SecurityException

Description copied from interface: SecurityDomain

Get the TrustManagerFactory associated with the security domain

Specified by:

getTrustManagerFactory in interface SecurityDomain

Throws:

SecurityException

getManagerServiceName

public javax.management.ObjectName getManagerServiceName()

The JMX object name string of the security manager service.

Specified by:

getManagerServiceName in interface JaasSecurityDomainMBean

Returns:

The JMX object name string of the security manager service.

setManagerServiceName

public void setManagerServiceName(javax.management.ObjectName managerServiceName)

Set the JMX object name string of the security manager service.

Specified by:

setManagerServiceName in interface JaasSecurityDomainMBean

getKeyStoreType

public String getKeyStoreType()

Description copied from interface: JaasSecurityDomainMBean

KeyStore implementation type being used.

Specified by:

getKeyStoreType in interface JaasSecurityDomainMBean

Returns:

the KeyStore implementation type being used.

setKeyStoreType

public void setKeyStoreType(String type)

Description copied from interface: JaasSecurityDomainMBean

Set the type of KeyStore implementation to use. This is passed to the KeyStore.getInstance() factory method.

Specified by:

setKeyStoreType in interface JaasSecurityDomainMBean

getKeyStoreURL

public String getKeyStoreURL()

Description copied from interface: JaasSecurityDomainMBean

Get the KeyStore database URL string.

Specified by:

getKeyStoreURL in interface JaasSecurityDomainMBean

setKeyStoreURL

public void setKeyStoreURL(String storeURL)
                    throws IOException

Description copied from interface: JaasSecurityDomainMBean

Set the KeyStore database URL string. This is used to obtain an InputStream to initialize the KeyStore.

Specified by:

setKeyStoreURL in interface JaasSecurityDomainMBean

Throws:

IOException

setKeyStorePass

public void setKeyStorePass(String password)

Description copied from interface: JaasSecurityDomainMBean

Set the credential string for the KeyStore.

Specified by:

setKeyStorePass in interface JaasSecurityDomainMBean

getTrustStoreType

public String getTrustStoreType()

Description copied from interface: JaasSecurityDomainMBean

Get the type of the trust store

Specified by:

getTrustStoreType in interface JaasSecurityDomainMBean

Returns:

the type of the trust store

setTrustStoreType

public void setTrustStoreType(String type)

Description copied from interface: JaasSecurityDomainMBean

Set the type of the trust store

Specified by:

setTrustStoreType in interface JaasSecurityDomainMBean

Parameters:

type - - the trust store implementation type

setTrustStorePass

public void setTrustStorePass(String password)

Description copied from interface: JaasSecurityDomainMBean

Set the credential string for the trust store.

Specified by:

setTrustStorePass in interface JaasSecurityDomainMBean

getTrustStoreURL

public String getTrustStoreURL()

Description copied from interface: JaasSecurityDomainMBean

Get the trust store database URL string.

Specified by:

getTrustStoreURL in interface JaasSecurityDomainMBean

setTrustStoreURL

public void setTrustStoreURL(String storeURL)
                      throws IOException

Description copied from interface: JaasSecurityDomainMBean

Set the trust store database URL string. This is used to obtain an InputStream to initialize the trust store.

Specified by:

setTrustStoreURL in interface JaasSecurityDomainMBean

Throws:

IOException

setSalt

public void setSalt(String salt)

Description copied from interface: JaasSecurityDomainMBean

Set the salt used with PBE based on the keystore password.

Specified by:

setSalt in interface JaasSecurityDomainMBean

Parameters:

salt - - an 8 char randomization string

setIterationCount

public void setIterationCount(int iterationCount)

Description copied from interface: JaasSecurityDomainMBean

Set the iteration count used with PBE based on the keystore password.

Specified by:

setIterationCount in interface JaasSecurityDomainMBean

Parameters:

iterationCount - - an iteration count randomization value

getCipherAlgorithm

public String getCipherAlgorithm()

setCipherAlgorithm

public void setCipherAlgorithm(String cipherAlgorithm)

getName

public String getName()

Specified by:

getName in interface org.jboss.system.ServiceMBean

Overrides:

getName in class org.jboss.system.ServiceMBeanSupport

encode

public byte[] encode(byte[] secret)
              throws Exception

Encrypt the secret using the cipherKey.

Specified by:

encode in interface JaasSecurityDomainMBean

Parameters:

secret - - the plaintext secret to encrypt

Returns:

the encrypted secret

Throws:

Exception

decode

public byte[] decode(byte[] secret)
              throws Exception

Decrypt the secret using the cipherKey.

Specified by:

decode in interface JaasSecurityDomainMBean

Parameters:

secret - - the encrypted secret to decrypt.

Returns:

the decrypted secret

Throws:

Exception

encode64

public String encode64(byte[] secret)
                throws Exception

Encrypt the secret using the cipherKey and return a base64 encoding.

Specified by:

encode64 in interface JaasSecurityDomainMBean

Parameters:

secret - - the plaintext secret to encrypt

Returns:

the encrypted secret as a base64 string

Throws:

Exception

decode64

public byte[] decode64(String secret)
                throws Exception

Decrypt the base64 encoded secret using the cipherKey.

Specified by:

decode64 in interface JaasSecurityDomainMBean

Parameters:

secret - - the base64 encoded encrypted secret to decrypt.

Returns:

the decrypted secret

Throws:

Exception

reloadKeyAndTrustStore

public void reloadKeyAndTrustStore()
                            throws Exception

Reload the key- and truststore

Specified by:

reloadKeyAndTrustStore in interface JaasSecurityDomainMBean

Throws:

Exception

startService

protected void startService()
                     throws Exception

Overrides:

startService in class org.jboss.system.ServiceMBeanSupport

Throws:

Exception

stopService

protected void stopService()

Overrides:

stopService in class org.jboss.system.ServiceMBeanSupport