-
- All Known Subinterfaces:
- ModifiableSecurityRealm
public interface SecurityRealmA single authentication realm. A realm is backed by a single homogeneous store of identities and credentials.- Author:
- David M. Lloyd, Darran Lofthouse
-
-
Field Summary
Fields Modifier and Type Field and Description static SecurityRealmEMPTY_REALMAn empty security realm.
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Default Methods Deprecated Methods Modifier and Type Method and Description default SupportLevelgetCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName)Deprecated.Transition method; remove before GA.SupportLevelgetCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)Determine whether a credential of the given type and algorithm is definitely obtainable, possibly obtainable (for] some identities), or definitely not obtainable.SupportLevelgetEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName)Determine whether a given type of evidence is definitely verifiable, possibly verifiable (for some identities), or definitely not verifiable.default RealmIdentitygetRealmIdentity(Evidence evidence)Get a handle for to the identity for the given evidence in the context of this security realm.default RealmIdentitygetRealmIdentity(Principal principal)Get a handle for to the identity for the given principal in the context of this security realm.default voidhandleRealmEvent(RealmEvent event)Handle a realm event.static voidsafeHandleRealmEvent(SecurityRealm realm, RealmEvent event)Safely pass an event to a security realm, absorbing and logging any exception that occurs.
-
-
-
Field Detail
-
EMPTY_REALM
static final SecurityRealm EMPTY_REALM
An empty security realm.
-
-
Method Detail
-
getRealmIdentity
default RealmIdentity getRealmIdentity(Principal principal) throws RealmUnavailableException
Get a handle for to the identity for the given principal in the context of this security realm. Any validation / name mapping is an implementation detail for the realm. The identity may or may not exist. The returned handle must be cleaned up by a call toRealmIdentity.dispose().- Parameters:
principal- the principal which identifies the identity within the realm (must not benull)- Returns:
- the
RealmIdentityfor the provided principal (notnull) - Throws:
RealmUnavailableException
-
getRealmIdentity
default RealmIdentity getRealmIdentity(Evidence evidence) throws RealmUnavailableException
Get a handle for to the identity for the given evidence in the context of this security realm. Any validation / name mapping is an implementation detail for the realm. The identity may or may not exist. The returned handle must be cleaned up by a call toRealmIdentity.dispose(). Where this method is used to obtain aRealmIdentityprior to evidence verification the methodRealmIdentity.getEvidenceVerifySupport(Class, String)will be used to verify if the identity is usable.- Parameters:
evidence- an evidence instance which identifies the identity within the realm (must not benull)- Returns:
- the
RealmIdentityfor the provided evidence (notnull) - Throws:
RealmUnavailableException
-
getCredentialAcquireSupport
default SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName) throws RealmUnavailableException
Deprecated. Transition method; remove before GA.- Throws:
RealmUnavailableException
-
getCredentialAcquireSupport
SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws RealmUnavailableException
Determine whether a credential of the given type and algorithm is definitely obtainable, possibly obtainable (for] some identities), or definitely not obtainable.- Parameters:
credentialType- the exact credential type (must not benull)algorithmName- the algorithm name, ornullif any algorithm is acceptable or the credential type does not support algorithm namesparameterSpec- the algorithm parameters to match, ornullif any parameters are acceptable or the credential type does not support algorithm parameters- Returns:
- the level of support for this credential
- Throws:
RealmUnavailableException- if the realm is not able to handle requests for any reason
-
getEvidenceVerifySupport
SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> evidenceType, String algorithmName) throws RealmUnavailableException
Determine whether a given type of evidence is definitely verifiable, possibly verifiable (for some identities), or definitely not verifiable.- Parameters:
evidenceType- the type of evidence to be verified (must not benull)algorithmName- the algorithm name, ornullif any algorithm is acceptable or the evidence type does not support algorithm names- Returns:
- the level of support for this evidence type
- Throws:
RealmUnavailableException- if the realm is not able to handle requests for any reason
-
handleRealmEvent
default void handleRealmEvent(RealmEvent event)
Handle a realm event. These events allow the realm to act upon occurrences that are relevant to policy of the realm; for example, the realm may choose to increase password iteration count on authentication success, or change the salt of a password after a certain number of authentications.The default implementation does nothing.
- Parameters:
event- the realm event
-
safeHandleRealmEvent
static void safeHandleRealmEvent(SecurityRealm realm, RealmEvent event)
Safely pass an event to a security realm, absorbing and logging any exception that occurs.- Parameters:
realm- the security realm to notify (notnull)event- the event to send (notnull)
-
-