org.glassfish.internal.api
Interface AdminAccessController

@Contract
public interface AdminAccessController

Determines the behavior of administrative access to GlassFish v3. It should be enhanced to take into account Role-based Access Control. As of GlassFish v3, this takes care of authentication alone.

Author:

केदार (km@dev.java.net)

Nested Class Summary

static class

AdminAccessController.Access Represents the possible types of access granted as the result of logging in as an admin user.

Method Summary

AdminAccessController.Access	loginAsAdmin(String user, String password, String realm, String originHost) Authenticates the admin user by delegating to the underlying realm.
AdminAccessController.Access	loginAsAdmin(String user, String password, String realm, String originHost, Map<String,String> authRelatedHeaders, Principal requestPrincipal) Authenticates the admin user by delegating to the underlying realm.

Method Detail

loginAsAdmin

AdminAccessController.Access loginAsAdmin(String user,
                                          String password,
                                          String realm,
                                          String originHost)
                                          throws LoginException

Authenticates the admin user by delegating to the underlying realm. The implementing classes should use the GlassFish security infrastructure constructs like LoginContextDriver. This method assumes that the realm infrastructure is available in both the configuration and runtime of the server.

Like the name suggests the method also ensures that the admin group membership is satisfied.

Parameters:

user - String representing the user name of the user doing an admin opearation

password - String representing clear-text password of the user doing an admin operation

realm - String representing the name of the admin realm for given server

originHost - the host from which the request was sent

Returns:

level of access to be granted

Throws:

LoginException - if there is any error in underlying implementation

loginAsAdmin

AdminAccessController.Access loginAsAdmin(String user,
                                          String password,
                                          String realm,
                                          String originHost,
                                          Map<String,String> authRelatedHeaders,
                                          Principal requestPrincipal)
                                          throws LoginException

Authenticates the admin user by delegating to the underlying realm. The implementing classes should use the GlassFish security infrastructure constructs like LoginContextDriver. This method assumes that the realm infrastructure is available in both the configuration and runtime of the server.

This variant also logs the requester in as an admin if the specified Principal matches the Principal from the certificate in the truststore associated with the alias configured in the domain configuration. Typically, methods invoking this variant should pass the Principal associated with the request as reported by the secure transport and the value from the X-GlassFish-admin header (null if no such header exists).

Parameters:

user - String representing the user name of the user doing an admin opearation

password - String representing clear-text password of the user doing an admin operation

realm - String representing the name of the admin realm for given server

originHost - the host from which the request was sent

authRelatedHeaders - authentication-related headers from the incoming admin request

requestPrincipal - Principal associated with the incoming admin request (can be null)

Returns:

true if authentication succeeds, false otherwise

Throws:

LoginException - if there is any error in underlying implementation