de.aristaflow.adept2.base.security

Interface GlobalAuthMethod

public interface GlobalAuthMethod

This interfaces somewhat extends AuthMethod but these authentication methods here are supported by the global security manager. Some authentication methods only work with a corresponding local security manager on client-side, for instance AuthMethod.NET_IP_ADDRESS since the server needs a client-IP and someone (preferably someone with a trusted signature) needs to provide it. Single Sign-On also usually requires some information from the client.

These methods are only relevant for implementors of a local security manager or someone calling the global security manager directly. Note that in this case signing will be somewhat difficult.

Author:

Ulrich Kreher

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CONF_IMPLICIT_NETWORK_PROT_IP_PEER Configuration value for CONF_IMPLICIT_NETWORK_PROTOCOL where the direct peer needs to have a trusted IP, that is only the first communication context is checked for a trusted IP.
static java.lang.String	CONF_IMPLICIT_NETWORK_PROT_IP_ROUTE Configuration value for CONF_IMPLICIT_NETWORK_PROTOCOL allowing one trusted IP on the route, that is one communication context needs to have a trusted IP.
static java.lang.String	CONF_IMPLICIT_NETWORK_PROTOCOL The configuration key for the protocol to use for the IMPLICIT_NETWORK authentication, that is whether one trusted IP on the route suffices or whether the direct peer needs to be a trusted IP.
static java.lang.String	CONF_OAUTH2_AUTH_SERVER_URL The configuration key for the OAuth2 authentication server used for the OAUTH2_TOKEN authentication method.
static char	CONF_SUBJECT_PRINCIPAL_SEPARATOR The separator in the configuration values (String) between principal class name and principal name.
static java.lang.String	CONF_SUBJECT_SIGNED_ACCEPTED_PRINCIPAL Configuration key (prefix) for SUBJECT_SIGNED.
static java.lang.String	CONF_SUBJECT_SIGNED_ID_PRINCIPAL Configuration key (prefix) for SUBJECT_SIGNED.
static java.lang.String	CONF_TRUSTED_NET_IP Configuration key (prefix) for trusted IP address-based authentication (TRUSTED_NET_IP_SIGNED, TRUSTED_NET_IP_UNSIGNED and IMPLICIT_NETWORK).
static java.lang.String	CONF_TRUSTED_NET_MAC_SIGNED Configuration key (prefix) for TRUSTED_NET_MAC_SIGNED.
static java.lang.String	CONF_TRUSTED_SHARED_UTF8_KEYS Configuration key (prefix) for trusted shared key-based authentication (SHARED_UTF8_KEY).
static java.lang.String	CONF_USE_JAAS AuthMethod.CONF_USE_JAAS
static java.lang.String	IMPLICIT_NETWORK The authentication is done via the IP address(es) provided by the communication context(s).
static java.lang.String	JAAS AuthMethod.JAAS
static java.lang.String	JAAS_SUBJECT AuthMethod.JAAS_SUBJECT
static java.lang.String	JAAS_UTF8_PASSWORD AuthMethod.JAAS_UTF8_PASSWORD
static java.lang.String	OAUTH2_TOKEN AuthMethod.OAUTH2_TOKEN
static java.lang.String	SERIALISED_CLIENT_SESSION_FACTORY AuthMethod.SERIALISED_CLIENT_SESSION_FACTORY
static java.lang.String	SHARED_UTF8_KEY AuthMethod.SHARED_UTF8_KEY
static java.lang.String	SUBJECT_SIGNED The caller provides a Subject that has been locally authenticated and is forwarded to the server for global authentication.
static java.lang.String	TRUSTED_NET_IP_SIGNED The caller provides its IP address and signs this information.
static java.lang.String	TRUSTED_NET_IP_UNSIGNED The authentication is done via the IP address provided by the communication context.
static java.lang.String	TRUSTED_NET_MAC_SIGNED The caller provides its MAC address and signs this information.
static java.lang.String	UTF8_PASSWORD AuthMethod.UTF8_PASSWORD

Field Detail

UTF8_PASSWORD

static final java.lang.String UTF8_PASSWORD

AuthMethod.UTF8_PASSWORD

See Also:

Constant Field Values

JAAS

static final java.lang.String JAAS

AuthMethod.JAAS

See Also:

Constant Field Values

JAAS_UTF8_PASSWORD

static final java.lang.String JAAS_UTF8_PASSWORD

AuthMethod.JAAS_UTF8_PASSWORD

JAAS_SUBJECT

static final java.lang.String JAAS_SUBJECT

AuthMethod.JAAS_SUBJECT

CONF_USE_JAAS

static final java.lang.String CONF_USE_JAAS

AuthMethod.CONF_USE_JAAS

See Also:

Constant Field Values

SUBJECT_SIGNED

static final java.lang.String SUBJECT_SIGNED

The caller provides a Subject that has been locally authenticated and is forwarded to the server for global authentication. Since the provided data is signed, it is trusted and does not require any more information unless the signature is invalid. The authentication will fail if the signature is invalid.
The subject is authenticated by fulfilling a configured principal constraint (CONF_SUBJECT_SIGNED_ACCEPTED_PRINCIPAL). It is not provided to JAAS. If you want this, use JAAS_SUBJECT instead.

Note that just like with JAAS_SUBJECT the principals of the subject or rather the corresponding classes need to be found by the global security manager.

Combinations of parameters and their semantic for SUBJECT_SIGNED

String, byte[], null	String	Ignored.
	byte[]	A serialised SignedObject containing a SerialisablePair<SessionToken, Subject> with a session token of the security manager that performed the authentication and the locally authenticated Subject. The SignedObject has to be signed by the very same security manager.
String, byte[], AFCallbackHandler	String	Ignored.
	byte[]	A serialised SignedObject containing a SerialisablePair<SessionToken, Subject> with a session token of the security manager that performed the authentication and the locally authenticated Subject. The SignedObject has to be signed by the very same security manager.
	AFCallbackHandler	Ignored.
byte[], null	byte[]	A serialised SignedObject containing a SerialisablePair<SessionToken, Subject> with a session token of the security manager that performed the authentication and the locally authenticated Subject. The SignedObject has to be signed by the very same security manager.
byte[], AFCallbackHandler	byte[]	A serialised SignedObject containing a SerialisablePair<SessionToken, Subject> with a session token of the security manager that performed the authentication and the locally authenticated Subject. The SignedObject has to be signed by the very same security manager.
	AFCallbackHandler	Ignored.

See Also:

AuthMethod.JAAS, AuthMethod.JAAS_SUBJECT, AuthMethod.JAAS_UTF8_PASSWORD, Constant Field Values

CONF_SUBJECT_SIGNED_ACCEPTED_PRINCIPAL

static final java.lang.String CONF_SUBJECT_SIGNED_ACCEPTED_PRINCIPAL

Configuration key (prefix) for SUBJECT_SIGNED.

A Subject will be authenticated if its principals fulfill specific needs, that is the principals have specific names. This is similar to "Principal-based policy files". One configuration value is a list (comma-separated values) of strings, whereas each string in the list contains the principal class name and the name this principal must have, separated by 35 (CONF_SUBJECT_PRINCIPAL_SEPARATOR). There may be several of these class name-name tuples meaning that a provided subject has to have principals for each of these tuples (conjunction). If one tuple is missing in the subject, it will not be authenticated.
To allow for disjunction of principal constraints, there may be several lists with this configuration key. However, in this case this configuration key must only be a prefix and each configuration key for principal constraints must differ. Append a . and order them by assigning a number. Lesser numbers have higher priority, e.g. SSAcceptedPrincipal.1, SSAcceptedPrincipal.2, etc. A subject will be accepted if it fulfills one of these principal constraints but all elements in one list need to be satisfied.

See Also:

Constant Field Values

CONF_SUBJECT_PRINCIPAL_SEPARATOR

static final char CONF_SUBJECT_PRINCIPAL_SEPARATOR

The separator in the configuration values (String) between principal class name and principal name.

See Also:

Constant Field Values

CONF_SUBJECT_SIGNED_ID_PRINCIPAL

static final java.lang.String CONF_SUBJECT_SIGNED_ID_PRINCIPAL

Configuration key (prefix) for SUBJECT_SIGNED.

When using a Subject no ID is required since this may be determined from the principals. Which principal is used is defined with this configuration key. Provide a simple string with the fully qualified class name of the principal of which the name corresponds to the ID.
Just like CONF_SUBJECT_SIGNED_ACCEPTED_PRINCIPAL, there may be different identifying principals when accepting different principal constraints. Append the same number as for the corresponding principal constraint. If no identifying principal is present, the agent ID provided in an method of Authentication will be used.

See Also:

Constant Field Values

TRUSTED_NET_IP_SIGNED

static final java.lang.String TRUSTED_NET_IP_SIGNED

The caller provides its IP address and signs this information. The authentication will fail if the signature is invalid.

Combinations of parameters and their semantic for TRUSTED_NET_IP_SIGNED

String, byte[], null	String	The identifier of the entity, usually the username or a numerical user ID (as String).
	byte[]	A serialised SignedObject containing a SerialisablePair<SessionToken, InetAddress> with a session token of the security manager that resolved the address and the InetAddress of the local security manager. The SignedObject has to be signed by the very same security manager.
String, byte[], AFCallbackHandler	String	The identifier of the entity, usually the username or a numerical user ID (as String).
	byte[]	A serialised SignedObject containing a SerialisablePair<SessionToken, InetAddress> with a session token of the security manager that resolved the address and the InetAddress of the local security manager. The SignedObject has to be signed by the very same security manager.
	AFCallbackHandler	Ignored.
byte[], null	AuthenticationException always. The provided data is insufficient.
byte[], AFCallbackHandler	byte[]	A serialised SignedObject containing a SerialisablePair<SessionToken, InetAddress> with a session token of the security manager that resolved the address and the InetAddress of the local security manager. The SignedObject has to be signed by the very same security manager.
	AFCallbackHandler	This will use a NameCallback for the username.

See Also:

AuthMethod.NET_IP_ADDRESS, Constant Field Values

TRUSTED_NET_IP_UNSIGNED

static final java.lang.String TRUSTED_NET_IP_UNSIGNED

The authentication is done via the IP address provided by the communication context. It will be successful if IP address of the direct peer is a trusted one and the communication context (its signature) is valid. Additionally the caller has to provide its serialised IP address which has to equal the one from the communication context.

Combinations of parameters and their semantic for TRUSTED_NET_IP_UNSIGNED

String, byte[], null	String	The identifier of the entity, usually the username or a numerical user ID (as String).
	byte[]	The serialised InetAddress of the local security manager.
String, byte[], AFCallbackHandler	String	The identifier of the entity, usually the username or a numerical user ID (as String).
	byte[]	The serialised InetAddress of the local security manager.
	AFCallbackHandler	Ignored.
byte[], null	AuthenticationException always. The provided data is insufficient.
byte[], AFCallbackHandler	byte[]	The serialised InetAddress of the local security manager.
	AFCallbackHandler	This will use a NameCallback for the username.

See Also:

AuthMethod.NET_IP_ADDRESS, Constant Field Values

CONF_TRUSTED_NET_IP

static final java.lang.String CONF_TRUSTED_NET_IP

Configuration key (prefix) for trusted IP address-based authentication (TRUSTED_NET_IP_SIGNED, TRUSTED_NET_IP_UNSIGNED and IMPLICIT_NETWORK).

Trusted network-based authentication will be successful if the provided and somehow signed (locally or by the communication context) IP-address is trusted. This configuration is a list (comma-separated values) of strings, representing all trusted IP-addresses.

See Also:

Constant Field Values

CONF_TRUSTED_SHARED_UTF8_KEYS

static final java.lang.String CONF_TRUSTED_SHARED_UTF8_KEYS

Configuration key (prefix) for trusted shared key-based authentication (SHARED_UTF8_KEY).

Trusted shared key-based authentication will be successful if the provided shared key is trusted. Note that the keys are UTF-8 strings which are not encrypted.

See Also:

Constant Field Values

CONF_OAUTH2_AUTH_SERVER_URL

static final java.lang.String CONF_OAUTH2_AUTH_SERVER_URL

The configuration key for the OAuth2 authentication server used for the OAUTH2_TOKEN authentication method.

See Also:

Constant Field Values

TRUSTED_NET_MAC_SIGNED

static final java.lang.String TRUSTED_NET_MAC_SIGNED

The caller provides its MAC address and signs this information. The authentication will fail if the signature is invalid.

Combinations of parameters and their semantic for TRUSTED_NET_MAC_SIGNED

String, byte[], null	String	The identifier of the entity, usually the username or a numerical user ID (as String).
	byte[]	A serialised SignedObject containing a SerialisablePair<SessionToken, byte[]> with a session token of the security manager that resolved the address and the hardware address of the local security manager. The SignedObject has to be signed by the very same security manager.
String, byte[], AFCallbackHandler	String	The identifier of the entity, usually the username or a numerical user ID (as String).
	byte[]	A serialised SignedObject containing a SerialisablePair<SessionToken, byte[]> with a session token of the security manager that resolved the address and the hardware address of the local security manager. The SignedObject has to be signed by the very same security manager.
	AFCallbackHandler	Ignored.
byte[], null	AuthenticationException always. The provided data is insufficient.
byte[], AFCallbackHandler	byte[]	A serialised SignedObject containing a SerialisablePair<SessionToken, byte[]> with a session token of the security manager that resolved the address and the hardware address of the local security manager. The SignedObject has to be signed by the very same security manager.
	AFCallbackHandler	This will use a NameCallback for the username.

See Also:

AuthMethod.NET_MAC_ADDRESS, Constant Field Values

CONF_TRUSTED_NET_MAC_SIGNED

static final java.lang.String CONF_TRUSTED_NET_MAC_SIGNED

Configuration key (prefix) for TRUSTED_NET_MAC_SIGNED.

Trusted MAC-address-based authentication will be successful if the provided and signed MAC-address is trusted. This configuration is a list (comma-separated values) of strings, representing all trusted MAC-addresses where one MAC-address has the usual syntax, e.g. 01-50-3C-CA-DC-C2 (case of characters is not considered).

See Also:

Constant Field Values

IMPLICIT_NETWORK

static final java.lang.String IMPLICIT_NETWORK

The authentication is done via the IP address(es) provided by the communication context(s). It will be successful if the either direct peer (the first communication context) is a trusted IP address or the route (one of the communication contexts) contains a trusted IP address and the communication contexts from the server to this IP address are valid.

Combinations of parameters and their semantic for IMPLICIT_NETWORK

String, byte[], null	String	The identifier of the entity, usually the username or a numerical user ID (as String).
	byte[]	Ignored.
String, byte[], AFCallbackHandler	String	The identifier of the entity, usually the username or a numerical user ID (as String).
	byte[]	Ignored.
	AFCallbackHandler	Ignored.
byte[], null	AuthenticationException always. The provided data is insufficient.
byte[], AFCallbackHandler	byte[]	Ignored.
	AFCallbackHandler	This will use a NameCallback for the username.

See Also:

AuthMethod.IMPLICIT_NETWORK, Constant Field Values

CONF_IMPLICIT_NETWORK_PROTOCOL

static final java.lang.String CONF_IMPLICIT_NETWORK_PROTOCOL

The configuration key for the protocol to use for the IMPLICIT_NETWORK authentication, that is whether one trusted IP on the route suffices or whether the direct peer needs to be a trusted IP.

See Also:

Constant Field Values

CONF_IMPLICIT_NETWORK_PROT_IP_ROUTE

static final java.lang.String CONF_IMPLICIT_NETWORK_PROT_IP_ROUTE

Configuration value for CONF_IMPLICIT_NETWORK_PROTOCOL allowing one trusted IP on the route, that is one communication context needs to have a trusted IP.

See Also:

Constant Field Values

CONF_IMPLICIT_NETWORK_PROT_IP_PEER

static final java.lang.String CONF_IMPLICIT_NETWORK_PROT_IP_PEER

Configuration value for CONF_IMPLICIT_NETWORK_PROTOCOL where the direct peer needs to have a trusted IP, that is only the first communication context is checked for a trusted IP.

See Also:

Constant Field Values

SHARED_UTF8_KEY

static final java.lang.String SHARED_UTF8_KEY

AuthMethod.SHARED_UTF8_KEY

See Also:

Constant Field Values

OAUTH2_TOKEN

static final java.lang.String OAUTH2_TOKEN

AuthMethod.OAUTH2_TOKEN

See Also:

Constant Field Values

SERIALISED_CLIENT_SESSION_FACTORY

static final java.lang.String SERIALISED_CLIENT_SESSION_FACTORY

AuthMethod.SERIALISED_CLIENT_SESSION_FACTORY

See Also:

Constant Field Values