Package org.jboss.as.security.elytron

Class ElytronIntegrationResourceDefinitions

  • public class ElytronIntegrationResourceDefinitions
extends Object
    This class defines methods used to obtain ResourceDefinition instances for the various components of the elytron integration.
    Author:
    Stefan Guilhen

    • Field Detail

      • LEGACY_JAAS_CONFIG

        public static final org.jboss.as.controller.SimpleAttributeDefinition LEGACY_JAAS_CONFIG

      • LEGACY_JSSE_CONFIG

        public static final org.jboss.as.controller.SimpleAttributeDefinition LEGACY_JSSE_CONFIG

      • APPLY_ROLE_MAPPERS

        public static final org.jboss.as.controller.SimpleAttributeDefinition APPLY_ROLE_MAPPERS

    • Constructor Detail

      • ElytronIntegrationResourceDefinitions

        public ElytronIntegrationResourceDefinitions()

    • Method Detail

      • getElytronRealmResourceDefinition

        public static org.jboss.as.controller.ResourceDefinition getElytronRealmResourceDefinition()
        Defines a resource that represents an Elytron-compatible realm that can be exported by the legacy security subsystem. The constructed SecurityRealm wraps a legacy SecurityDomainContext and delegates authentication decisions to that context. To export the realm the resource uses a BasicAddHandler implementation that registers the security-realm capability and implements a org.jboss.as.security.elytron.BasicService.ValueSupplier that uses the injected SecurityDomainContext to create and return an instance of SecurityDomainContextRealm.

      • getElytronKeyStoreResourceDefinition

        public static org.jboss.as.controller.ResourceDefinition getElytronKeyStoreResourceDefinition()
        Defines a resource that represents an Elytron-compatible key store that can be exported by a JSSE-enabled domain in the legacy security subsystem. To export the key store the resource uses a BasicAddHandler implementation that registers the elytron key-store capability and implements a org.jboss.as.security.elytron.BasicService.ValueSupplier that uses the injected SecurityDomainContext to obtain a JSSESecurityDomain. If such domain is found, its configured key store is obtained and returned. The ValueSupplier implementation throws an exception if the referenced legacy domain is not a JSSE-enabled domain or if the domain doesn't contain a key store configuration.

      • getElytronTrustStoreResourceDefinition

        public static org.jboss.as.controller.ResourceDefinition getElytronTrustStoreResourceDefinition()
        Defines a resource that represents an Elytron-compatible trust store that will be exported by a JSSE-enabled domain in the legacy security subsystem. To export the trust store the resource uses a BasicAddHandler implementation that registers the elytron key-store capability and implements a org.jboss.as.security.elytron.BasicService.ValueSupplier that uses the injected SecurityDomainContext to obtain a JSSESecurityDomain. If such domain is found, its configured trust store is obtained and returned. NOTE 1: In the Elytron subsystem, both key stores and trust stores are registered using the same capability. This means that the name of the trust store must be unique across all configured trust stores and key stores. If a trust store resource is registered with the same name of a key store resource, an error will occur. The ValueSupplier implementation throws an exception if the referenced legacy domain is not a JSSE-enabled domain or if the domain doesn't contain a trust store configuration. NOTE 2: The PicketBox implementation of a JSSESecurityDomain returns a reference to the key store if a trust store was not configured. So extra care must be taken when that implementation is used (default) as the code will silently export the key store as a trust store instead of throwing an exception to alert about a missing trust store configuration in the legacy JSSE-enabled domain.

      • getElytronKeyManagersResourceDefinition

        public static org.jboss.as.controller.ResourceDefinition getElytronKeyManagersResourceDefinition()
        Defines a resource that represents Elytron-compatible key managers that can be exported by a JSSE-enabled domain in the legacy security subsystem. To export the key managers the resource uses a BasicAddHandler implementation that registers the elytron key-managers capability and implements a org.jboss.as.security.elytron.BasicService.ValueSupplier that uses the injected SecurityDomainContext to obtain a JSSESecurityDomain. If such domain is found, its configured key manager array is obtained and returned. The ValueSupplier implementation throws an exception if the referenced legacy domain is not a JSSE-enabled domain or if the domain doesn't contain a key store configuration that can be used to build the key managers.

      • getElytronTrustManagersResourceDefinition

        public static org.jboss.as.controller.ResourceDefinition getElytronTrustManagersResourceDefinition()
        Defines a resource that represents Elytron-compatible trust managers that can be exported by a JSSE-enabled domain in the legacy security subsystem. To export the trust managers the resource uses a BasicAddHandler implementation that registers the elytron trust-managers capability and implements a org.jboss.as.security.elytron.BasicService.ValueSupplier that uses the injected SecurityDomainContext to obtain a JSSESecurityDomain. If such domain is found, its configured trust manager array is obtained and returned. The ValueSupplier implementation throws an exception if the referenced legacy domain is not a JSSE-enabled domain or if the domain doesn't contain a trust store configuration that can be used to build the trust managers. NOTE: The PicketBox implementation of a JSSESecurityDomain returns a reference to the key store if a trust store was not configured. This means that the trust managers that it builds will use the configured key store instead of throwing an exception to alert about a missing trust store configuration. So extra care must be taken to ensure that the exported trust managers are being built using the correct trust stores.