Class FileSystemSecurityRealm

    • Constructor Detail

      • FileSystemSecurityRealm

        public FileSystemSecurityRealm​(Path root,
                                       NameRewriter nameRewriter,
                                       int levels,
                                       boolean encoded,
                                       Encoding hashEncoding,
                                       Charset hashCharset,
                                       Supplier<Provider[]> providers,
                                       SecretKey secretKey,
                                       PrivateKey privateKey,
                                       PublicKey publicKey)
        Construct a new instance. Construction with enabled security manager requires createSecurityRealm ElytronPermission.
        Parameters:
        root - the root path of the identity store
        nameRewriter - the name rewriter to apply to looked up names
        levels - the number of levels of directory hashing to apply
        encoded - whether identity names should be BASE32 encoded before using as filename (only applies if the security realm is unencrypted)
        hashCharset - the character set to use when converting password strings to a byte array. Uses UTF-8 by default.
        hashEncoding - the string format for the hashed passwords. Uses Base64 by default.
        providers - The providers supplier
        secretKey - the SecretKey used to encrypt and decrypt the security realm (if null, the security realm will be unencrypted)
        privateKey - the PrivateKey used to verify the integrity of the security realm (if null, the security realm will not verify integrity)
        publicKey - the PublicKey used to verify the integrity of the security realm (if null, the security realm will not verify integrity)
      • FileSystemSecurityRealm

        public FileSystemSecurityRealm​(Path root,
                                       NameRewriter nameRewriter,
                                       int levels,
                                       boolean encoded,
                                       Encoding hashEncoding,
                                       Charset hashCharset,
                                       SecretKey secretKey)
        Construct a new instance. Construction with enabled security manager requires createSecurityRealm ElytronPermission.
        Parameters:
        root - the root path of the identity store
        nameRewriter - the name rewriter to apply to looked up names
        levels - the number of levels of directory hashing to apply
        encoded - whether identity names should be BASE32 encoded before using as filename
        hashCharset - the character set to use when converting password strings to a byte array. Uses UTF-8 by default.
        hashEncoding - the string format for the hashed passwords. Uses Base64 by default.
        secretKey - the SecretKey used to encrypt and decrypt the security realm (if null, the security realm will be unencrypted)
      • FileSystemSecurityRealm

        public FileSystemSecurityRealm​(Path root,
                                       NameRewriter nameRewriter,
                                       int levels,
                                       boolean encoded,
                                       Encoding hashEncoding,
                                       Charset hashCharset)
        Construct a new instance. Construction with enabled security manager requires createSecurityRealm ElytronPermission.
        Parameters:
        root - the root path of the identity store
        nameRewriter - the name rewriter to apply to looked up names
        levels - the number of levels of directory hashing to apply
        encoded - whether identity names should be BASE32 encoded before using as filename
        hashCharset - the character set to use when converting password strings to a byte array. Uses UTF-8 by default.
        hashEncoding - the string format for the hashed passwords. Uses Base64 by default.
      • FileSystemSecurityRealm

        public FileSystemSecurityRealm​(Path root,
                                       NameRewriter nameRewriter,
                                       int levels,
                                       boolean encoded)
        Construct a new instance. Construction with enabled security manager requires createSecurityRealm ElytronPermission.
        Parameters:
        root - the root path of the identity store
        nameRewriter - the name rewriter to apply to looked up names
        levels - the number of levels of directory hashing to apply
        encoded - whether identity names should by BASE32 encoded before using as filename
      • FileSystemSecurityRealm

        public FileSystemSecurityRealm​(Path root,
                                       NameRewriter nameRewriter,
                                       int levels)
        Construct a new instance.
        Parameters:
        root - the root path of the identity store
        nameRewriter - the name rewriter to apply to looked up names
        levels - the number of levels of directory hashing to apply
      • FileSystemSecurityRealm

        public FileSystemSecurityRealm​(Path root,
                                       NameRewriter nameRewriter,
                                       int levels,
                                       Encoding hashEncoding,
                                       Charset hashCharset)
        Construct a new instance.
        Parameters:
        root - the root path of the identity store
        nameRewriter - the name rewriter to apply to looked up names
        levels - the number of levels of directory hashing to apply
        hashEncoding - the string format for hashed passwords. Uses Base64 by default.
        hashCharset - the character set to use when converting password strings to a byte array. Uses UTF-8 by default and must not be null.
      • FileSystemSecurityRealm

        public FileSystemSecurityRealm​(Path root,
                                       int levels)
        Construct a new instance.
        Parameters:
        root - the root path of the identity store
        levels - the number of levels of directory hashing to apply
      • FileSystemSecurityRealm

        public FileSystemSecurityRealm​(Path root,
                                       int levels,
                                       Encoding hashEncoding,
                                       Charset hashCharset)
        Construct a new instance.
        Parameters:
        root - the root path of the identity store
        levels - the number of levels of directory hashing to apply
        hashEncoding - the string format for hashed passwords. Uses Base64 by default.
        hashCharset - the character set to use when converting password strings to a byte array. Uses UTF-8 by default and must not be null.
      • FileSystemSecurityRealm

        public FileSystemSecurityRealm​(Path root)
        Construct a new instance with 2 levels of hashing.
        Parameters:
        root - the root path of the identity store
      • FileSystemSecurityRealm

        public FileSystemSecurityRealm​(Path root,
                                       Encoding hashEncoding,
                                       Charset hashCharset)
        Construct a new instance with 2 levels of hashing.
        Parameters:
        root - the root path of the identity store
        hashEncoding - the string format for hashed passwords. Uses Base64 by default.
        hashCharset - the character set to use when converting password strings to a byte array. Uses UTF-8 by default and must not be null
      • FileSystemSecurityRealm

        public FileSystemSecurityRealm​(Path root,
                                       int levels,
                                       Supplier<Provider[]> providers)
    • Method Detail

      • builder

        public static FileSystemSecurityRealmBuilder builder()
        Construct a new instance of the FileSystemSecurityRealmBuilder.
        Returns:
        the new FileSystemSecurityRealmBuilder instance
      • hasIntegrityEnabled

        public boolean hasIntegrityEnabled()
        Checks if the FileSystemSecurityRealm has Integrity checking enabled
        Returns:
        true if Integrity checking is enabled, and false otherwise
      • getHashCharset

        public Charset getHashCharset()
      • getRealmIdentity

        public RealmIdentity getRealmIdentity​(Principal principal)
        Description copied from interface: SecurityRealm
        Get a handle for to the identity for the given principal in the context of this security realm. Any validation / name mapping is an implementation detail for the realm. The identity may or may not exist. The returned handle must be cleaned up by a call to RealmIdentity.dispose().
        Specified by:
        getRealmIdentity in interface SecurityRealm
        Parameters:
        principal - the principal which identifies the identity within the realm (must not be null)
        Returns:
        the RealmIdentity for the provided principal (not null)
      • getRealmIdentityForUpdate

        public ModifiableRealmIdentity getRealmIdentityForUpdate​(Principal principal)
        Description copied from interface: ModifiableSecurityRealm
        Get an update handle for to the identity for the given principal in the context of this security realm. Any validation / name mapping is an implementation detail for the realm. The identity may or may not exist. The returned handle must be cleaned up by a call to RealmIdentity.dispose(). During the lifespan of a ModifiableRealmIdentity, no other updates or authentications may take place for the corresponding realm identity, thus care should be taken to minimize the duration of the identity's lifespan.

        If there is not enough information to locate an identity compatible with this realm, ModifiableRealmIdentity.NON_EXISTENT may be returned.

        Specified by:
        getRealmIdentityForUpdate in interface ModifiableSecurityRealm
        Parameters:
        principal - the principal to use to locate the ModifiableRealmIdentity handle (must not be null)
        Returns:
        the ModifiableRealmIdentity for the provided information (not null)
      • getCredentialAcquireSupport

        public SupportLevel getCredentialAcquireSupport​(Class<? extends Credential> credentialType,
                                                        String algorithmName,
                                                        AlgorithmParameterSpec parameterSpec)
                                                 throws RealmUnavailableException
        Description copied from interface: SecurityRealm
        Determine whether a credential of the given type and algorithm is definitely obtainable, possibly obtainable (for] some identities), or definitely not obtainable.
        Specified by:
        getCredentialAcquireSupport in interface SecurityRealm
        Parameters:
        credentialType - the exact credential type (must not be null)
        algorithmName - the algorithm name, or null if any algorithm is acceptable or the credential type does not support algorithm names
        parameterSpec - the algorithm parameters to match, or null if any parameters are acceptable or the credential type does not support algorithm parameters
        Returns:
        the level of support for this credential
        Throws:
        RealmUnavailableException - if the realm is not able to handle requests for any reason
      • getEvidenceVerifySupport

        public SupportLevel getEvidenceVerifySupport​(Class<? extends Evidence> evidenceType,
                                                     String algorithmName)
                                              throws RealmUnavailableException
        Description copied from interface: SecurityRealm
        Determine whether a given type of evidence is definitely verifiable, possibly verifiable (for some identities), or definitely not verifiable.
        Specified by:
        getEvidenceVerifySupport in interface SecurityRealm
        Parameters:
        evidenceType - the type of evidence to be verified (must not be null)
        algorithmName - the algorithm name, or null if any algorithm is acceptable or the evidence type does not support algorithm names
        Returns:
        the level of support for this evidence type
        Throws:
        RealmUnavailableException - if the realm is not able to handle requests for any reason
      • updateRealmKeyPair

        public void updateRealmKeyPair()
                                throws RealmUnavailableException
        Re-generate the signatures for all the identities in this realm. This method is intended to be called after updating the key pair used by this realm.
        Throws:
        RealmUnavailableException - if the realm is not able to handle requests for any reason