org.wildfly.security.auth.server

Interface RealmIdentity

All Known Subinterfaces:

ModifiableRealmIdentity

public interface RealmIdentity

A representation of a pre-authentication identity. The life of a RealmIdentity is short and is for a specific authentication attempt. A SecurityRealm creating a RealmIdentity does not confirm the existence of the identity. The exists() method must be used for that purpose.

Author:

Darran Lofthouse

Field Summary

Fields

Modifier and Type	Field and Description
static RealmIdentity	ANONYMOUS The anonymous realm identity.
static RealmIdentity	NON_EXISTENT An identity for a non-existent user.

Method Summary

Modifier and Type	Method and Description
default <C extends Credential,R> R	applyToCredential(Class<C> credentialType, Function<C,R> function) Apply the given function to the acquired credential, if it is set and of the given type.
default <C extends Credential,R> R	applyToCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec, Function<C,R> function) Apply the given function to the acquired credential, if it is set and of the given type, algorithm, and parameters.
default <C extends Credential,R> R	applyToCredential(Class<C> credentialType, String algorithmName, Function<C,R> function) Apply the given function to the acquired credential, if it is set and of the given type and algorithm.
default void	dispose() Dispose this realm identity after a completed authentication attempt.
boolean	exists() Determine if the identity exists in lieu of verifying or acquiring a credential.
default Attributes	getAttributes() Get the attributes for the realm identity.
default AuthorizationIdentity	getAuthorizationIdentity() Get an authorization identity for this pre-authenticated identity.
<C extends Credential> C	getCredential(Class<C> credentialType) Acquire a credential of the given type.
default <C extends Credential> C	getCredential(Class<C> credentialType, String algorithmName) Acquire a credential of the given type and algorithm name.
default <C extends Credential> C	getCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) Acquire a credential of the given type and algorithm name.
default SupportLevel	getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName) Deprecated. Transition method; remove before GA.
SupportLevel	getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) Determine whether a given credential type is definitely obtainable, possibly obtainable, or definitely not obtainable for this identity.
SupportLevel	getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) Determine whether a given type of evidence is definitely verifiable, possibly verifiable, or definitely not verifiable.
Principal	getRealmIdentityPrincipal() Get the principal that canonically identifies the identity within the realm.
default void	updateCredential(Credential credential) Update a credential of this realm identity.
boolean	verifyEvidence(Evidence evidence) Verify the given evidence against a credential of this identity.

Field Detail

ANONYMOUS

static final RealmIdentity ANONYMOUS

The anonymous realm identity.

NON_EXISTENT

static final RealmIdentity NON_EXISTENT

An identity for a non-existent user.

Method Detail

getRealmIdentityPrincipal

Principal getRealmIdentityPrincipal()

Get the principal that canonically identifies the identity within the realm. This method may return the principal object which was passed in as a parameter to SecurityRealm.getRealmIdentity(Principal) (a.k.a. domain principal), but is not required to do so. Any existent realm identity (i.e. any identity which returns true on invocation of exists()) must return a non-null principal.

Returns:

the principal for this realm identity (may not be null)

getCredentialAcquireSupport

default SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType,
                                                 String algorithmName)
                                          throws RealmUnavailableException

Deprecated. Transition method; remove before GA.

Throws:

RealmUnavailableException

getCredentialAcquireSupport

SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType,
                                         String algorithmName,
                                         AlgorithmParameterSpec parameterSpec)
                                  throws RealmUnavailableException

Determine whether a given credential type is definitely obtainable, possibly obtainable, or definitely not obtainable for this identity.

Parameters:

credentialType - the exact credential type (must not be null)

algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names

parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters

Returns:

the level of support for this credential type (may not be null)

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

getCredential

<C extends Credential> C getCredential(Class<C> credentialType)
                                throws RealmUnavailableException

Acquire a credential of the given type.

Type Parameters:

C - the credential type

Parameters:

credentialType - the credential type class (must not be null)

Returns:

the credential, or null if no such credential exists

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

getCredential

default <C extends Credential> C getCredential(Class<C> credentialType,
                                               String algorithmName)
                                        throws RealmUnavailableException

Acquire a credential of the given type and algorithm name. Realms which support more than one credential of a given type must override this method.

Type Parameters:

C - the credential type

Parameters:

credentialType - the credential type class (must not be null)

algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names

Returns:

the credential, or null if no such credential exists

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

getCredential

default <C extends Credential> C getCredential(Class<C> credentialType,
                                               String algorithmName,
                                               AlgorithmParameterSpec parameterSpec)
                                        throws RealmUnavailableException

Acquire a credential of the given type and algorithm name. Realms which support more than one credential of a given type and algorithm must override this method.

Type Parameters:

C - the credential type

Parameters:

credentialType - the credential type class (must not be null)

algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names

parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters

Returns:

the credential, or null if no such credential exists

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

applyToCredential

default <C extends Credential,R> R applyToCredential(Class<C> credentialType,
                                                     Function<C,R> function)
                                              throws RealmUnavailableException

Apply the given function to the acquired credential, if it is set and of the given type.

Type Parameters:

C - the credential type

R - the return type

Parameters:

credentialType - the credential type class (must not be null)

function - the function to apply (must not be null)

Returns:

the result of the function, or null if the criteria are not met

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

applyToCredential

default <C extends Credential,R> R applyToCredential(Class<C> credentialType,
                                                     String algorithmName,
                                                     Function<C,R> function)
                                              throws RealmUnavailableException

Apply the given function to the acquired credential, if it is set and of the given type and algorithm.

Type Parameters:

C - the credential type

R - the return type

Parameters:

credentialType - the credential type class (must not be null)

algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names

function - the function to apply (must not be null)

Returns:

the result of the function, or null if the criteria are not met

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

applyToCredential

default <C extends Credential,R> R applyToCredential(Class<C> credentialType,
                                                     String algorithmName,
                                                     AlgorithmParameterSpec parameterSpec,
                                                     Function<C,R> function)
                                              throws RealmUnavailableException

Apply the given function to the acquired credential, if it is set and of the given type, algorithm, and parameters.

Type Parameters:

C - the credential type

R - the return type

Parameters:

credentialType - the credential type class (must not be null)

algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names

parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters

function - the function to apply (must not be null)

Returns:

the result of the function, or null if the criteria are not met

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

updateCredential

default void updateCredential(Credential credential)
                       throws RealmUnavailableException

Update a credential of this realm identity.

Parameters:

credential - the new credential (must not be null)

Throws:

UnsupportedOperationException - if the implementing class does not support updating a credential

RealmUnavailableException - if the realm is not able to handle requests for any reason

getEvidenceVerifySupport

SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType,
                                      String algorithmName)
                               throws RealmUnavailableException

Determine whether a given type of evidence is definitely verifiable, possibly verifiable, or definitely not verifiable.

Parameters:

evidenceType - the type of evidence to be verified (must not be null)

algorithmName - the algorithm name, or null if any algorithm is acceptable or the evidence type does not support algorithm names

Returns:

the level of support for this evidence type

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

verifyEvidence

boolean verifyEvidence(Evidence evidence)
                throws RealmUnavailableException

Verify the given evidence against a credential of this identity. The credential to be used is selected based on the evidence type.

Parameters:

evidence - the evidence to verify

Returns:

true if verification was successful, false otherwise

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

exists

boolean exists()
        throws RealmUnavailableException

Determine if the identity exists in lieu of verifying or acquiring a credential. This method is intended to be used to verify an identity for non-authentication purposes only. Implementations of this method should return false up until the point it is known that a call to getAuthorizationIdentity() can successfully return an identity. If a realm can load an identity independently of credential acquisition and evidence verification if not already loaded it should be loaded at the time of this call to return an accurate result.

Returns:

true if the identity exists in this realm, false otherwise

Throws:

RealmUnavailableException - if the realm is not able to handle requests for any reason

dispose

default void dispose()

Dispose this realm identity after a completed authentication attempt.

getAuthorizationIdentity

default AuthorizationIdentity getAuthorizationIdentity()
                                                throws RealmUnavailableException

Get an authorization identity for this pre-authenticated identity.

Returns:

the authorization identity (may not be null)

Throws:

IllegalStateException - if called for an identity that does not exist

RealmUnavailableException - if the realm is not able to handle requests for any reason

getAttributes

default Attributes getAttributes()
                          throws RealmUnavailableException

Get the attributes for the realm identity.

Returns:

the attributes, or null if the implementing class does not support getting attributes

Throws:

RealmUnavailableException - if accessing the attributes fails for some reason