org.jboss.as.security.elytron

Class SecurityDomainContextRealm

java.lang.Object

org.jboss.as.security.elytron.SecurityDomainContextRealm

All Implemented Interfaces:

org.wildfly.security.auth.server.SecurityRealm

public class SecurityDomainContextRealm
extends Object
implements org.wildfly.security.auth.server.SecurityRealm

A SecurityRealm implementation that delegates credential verification to an underlying SecurityDomainContext. This realm is exported as a capability by the legacy security subsystem by using the elytron-realm element that is available in the elytron-integration section in the subsystem configuration. The example bellow illustrates how to export a realm for the security domain mydomain:

     <subsystem xmlns="urn:jboss:domain:security:2.0">
         <security-domains>
             <security-domain name="mydomain" cache-type="default">
                 ...
             </security-domain>
             ...
         </security-domains>
         <elytron-integration>
             <security-realms>
                 <elytron-realm name="LegacyRealm" legacy-jaas-config="mydomain" apply-role-mappers="false"/>
             <security-realms/>
         </elytron-integration>
         ...
     </subsystem>
 

The value of the name attribute is used as the dynamic name of the exported realm. This is the name that must be used in the Elytron subsystem to reference this realm. So, for the above example, an Elytron configuration would look like this:

     <subsystem xmlns="urn:wildfly:elytron:1.0">
         <security-domains>
             <security-domain name="ApplicationDomain" default-realm="LegacyRealm">
                 <realm name="LegacyRealm"/>
             </security-domain>
         </security-domains>
         ...
     </subsystem>
 

The above Elytron security domain can then be used anywhere in the Elytron subsystem (for example, to setup a http-authentication-factory).

The legacy-jaas-config attribute MUST reference a valid legacy JAAS security domain. Failure to do so will result in a dependency resolution error that will prevent the realm from being created.

The apply-role-mappers attribute, which defaults to true, indicates to the realm if any role mappers defined in the legacy JAAS security domain should be applied to the roles retrieved from the authenticated Subject when constructing the AuthorizationIdentity.

Author:

Stefan Guilhen

Field Summary

Fields inherited from interface org.wildfly.security.auth.server.SecurityRealm

EMPTY_REALM

Constructor Summary

Constructors

Constructor and Description
SecurityDomainContextRealm(SecurityDomainContext context, boolean applyRoleMappers)

Method Summary

Modifier and Type	Method and Description
org.wildfly.security.auth.SupportLevel	getCredentialAcquireSupport(Class<? extends org.wildfly.security.credential.Credential> credentialType, String algorithmName)
org.wildfly.security.auth.SupportLevel	getCredentialAcquireSupport(Class<? extends org.wildfly.security.credential.Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec)
org.wildfly.security.auth.SupportLevel	getEvidenceVerifySupport(Class<? extends org.wildfly.security.evidence.Evidence> evidenceType, String algorithmName)
org.wildfly.security.auth.server.RealmIdentity	getRealmIdentity(Principal principal)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.wildfly.security.auth.server.SecurityRealm

getRealmIdentity, handleRealmEvent, safeHandleRealmEvent

Constructor Detail

SecurityDomainContextRealm

public SecurityDomainContextRealm(SecurityDomainContext context,
                                  boolean applyRoleMappers)

Method Detail

getRealmIdentity

public org.wildfly.security.auth.server.RealmIdentity getRealmIdentity(Principal principal)
                                                                throws org.wildfly.security.auth.server.RealmUnavailableException

Specified by:

getRealmIdentity in interface org.wildfly.security.auth.server.SecurityRealm

Throws:

org.wildfly.security.auth.server.RealmUnavailableException

getCredentialAcquireSupport

public org.wildfly.security.auth.SupportLevel getCredentialAcquireSupport(Class<? extends org.wildfly.security.credential.Credential> credentialType,
                                                                          String algorithmName)
                                                                   throws org.wildfly.security.auth.server.RealmUnavailableException

Specified by:

getCredentialAcquireSupport in interface org.wildfly.security.auth.server.SecurityRealm

Throws:

org.wildfly.security.auth.server.RealmUnavailableException

getCredentialAcquireSupport

public org.wildfly.security.auth.SupportLevel getCredentialAcquireSupport(Class<? extends org.wildfly.security.credential.Credential> credentialType,
                                                                          String algorithmName,
                                                                          AlgorithmParameterSpec parameterSpec)
                                                                   throws org.wildfly.security.auth.server.RealmUnavailableException

Specified by:

getCredentialAcquireSupport in interface org.wildfly.security.auth.server.SecurityRealm

Throws:

org.wildfly.security.auth.server.RealmUnavailableException

getEvidenceVerifySupport

public org.wildfly.security.auth.SupportLevel getEvidenceVerifySupport(Class<? extends org.wildfly.security.evidence.Evidence> evidenceType,
                                                                       String algorithmName)
                                                                throws org.wildfly.security.auth.server.RealmUnavailableException

Specified by:

getEvidenceVerifySupport in interface org.wildfly.security.auth.server.SecurityRealm

Throws:

org.wildfly.security.auth.server.RealmUnavailableException