Package org.jboss.as.security.elytron

Class ElytronIntegrationResourceDefinitions

java.lang.Object
org.jboss.as.security.elytron.ElytronIntegrationResourceDefinitions
public class ElytronIntegrationResourceDefinitions extends Object
This class defines methods used to obtain ResourceDefinition instances for the various components of the elytron integration.
Author:
Stefan Guilhen

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final org.jboss.as.controller.SimpleAttributeDefinition
    APPLY_ROLE_MAPPERS
     
    static final org.jboss.as.controller.SimpleAttributeDefinition
    LEGACY_JAAS_CONFIG
     
    static final org.jboss.as.controller.SimpleAttributeDefinition
    LEGACY_JSSE_CONFIG
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    ElytronIntegrationResourceDefinitions()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static org.jboss.as.controller.ResourceDefinition
    getElytronKeyManagersResourceDefinition()
    Defines a resource that represents Elytron-compatible key managers that can be exported by a JSSE-enabled domain in the legacy security subsystem.
    static org.jboss.as.controller.ResourceDefinition
    getElytronKeyStoreResourceDefinition()
    Defines a resource that represents an Elytron-compatible key store that can be exported by a JSSE-enabled domain in the legacy security subsystem.
    static org.jboss.as.controller.ResourceDefinition
    getElytronRealmResourceDefinition()
    Defines a resource that represents an Elytron-compatible realm that can be exported by the legacy security subsystem.
    static org.jboss.as.controller.ResourceDefinition
    getElytronTrustManagersResourceDefinition()
    Defines a resource that represents Elytron-compatible trust managers that can be exported by a JSSE-enabled domain in the legacy security subsystem.
    static org.jboss.as.controller.ResourceDefinition
    getElytronTrustStoreResourceDefinition()
    Defines a resource that represents an Elytron-compatible trust store that will be exported by a JSSE-enabled domain in the legacy security subsystem.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • LEGACY_JAAS_CONFIG

      public static final org.jboss.as.controller.SimpleAttributeDefinition LEGACY_JAAS_CONFIG

    • LEGACY_JSSE_CONFIG

      public static final org.jboss.as.controller.SimpleAttributeDefinition LEGACY_JSSE_CONFIG

    • APPLY_ROLE_MAPPERS

      public static final org.jboss.as.controller.SimpleAttributeDefinition APPLY_ROLE_MAPPERS

  • Constructor Details

    • ElytronIntegrationResourceDefinitions

      public ElytronIntegrationResourceDefinitions()

  • Method Details

    • getElytronRealmResourceDefinition

      public static org.jboss.as.controller.ResourceDefinition getElytronRealmResourceDefinition()
      Defines a resource that represents an Elytron-compatible realm that can be exported by the legacy security subsystem. The constructed SecurityRealm wraps a legacy SecurityDomainContext and delegates authentication decisions to that context. To export the realm the resource uses a BasicAddHandler implementation that registers the security-realm capability and implements a org.jboss.as.security.elytron.BasicService.ValueSupplier that uses the injected SecurityDomainContext to create and return an instance of SecurityDomainContextRealm.

    • getElytronKeyStoreResourceDefinition

      public static org.jboss.as.controller.ResourceDefinition getElytronKeyStoreResourceDefinition()
      Defines a resource that represents an Elytron-compatible key store that can be exported by a JSSE-enabled domain in the legacy security subsystem. To export the key store the resource uses a BasicAddHandler implementation that registers the elytron key-store capability and implements a org.jboss.as.security.elytron.BasicService.ValueSupplier that uses the injected SecurityDomainContext to obtain a JSSESecurityDomain. If such domain is found, its configured key store is obtained and returned. The ValueSupplier implementation throws an exception if the referenced legacy domain is not a JSSE-enabled domain or if the domain doesn't contain a key store configuration.

    • getElytronTrustStoreResourceDefinition

      public static org.jboss.as.controller.ResourceDefinition getElytronTrustStoreResourceDefinition()
      Defines a resource that represents an Elytron-compatible trust store that will be exported by a JSSE-enabled domain in the legacy security subsystem. To export the trust store the resource uses a BasicAddHandler implementation that registers the elytron key-store capability and implements a org.jboss.as.security.elytron.BasicService.ValueSupplier that uses the injected SecurityDomainContext to obtain a JSSESecurityDomain. If such domain is found, its configured trust store is obtained and returned. NOTE 1: In the Elytron subsystem, both key stores and trust stores are registered using the same capability. This means that the name of the trust store must be unique across all configured trust stores and key stores. If a trust store resource is registered with the same name of a key store resource, an error will occur. The ValueSupplier implementation throws an exception if the referenced legacy domain is not a JSSE-enabled domain or if the domain doesn't contain a trust store configuration. NOTE 2: The PicketBox implementation of a JSSESecurityDomain returns a reference to the key store if a trust store was not configured. So extra care must be taken when that implementation is used (default) as the code will silently export the key store as a trust store instead of throwing an exception to alert about a missing trust store configuration in the legacy JSSE-enabled domain.

    • getElytronKeyManagersResourceDefinition

      public static org.jboss.as.controller.ResourceDefinition getElytronKeyManagersResourceDefinition()
      Defines a resource that represents Elytron-compatible key managers that can be exported by a JSSE-enabled domain in the legacy security subsystem. To export the key managers the resource uses a BasicAddHandler implementation that registers the elytron key-managers capability and implements a org.jboss.as.security.elytron.BasicService.ValueSupplier that uses the injected SecurityDomainContext to obtain a JSSESecurityDomain. If such domain is found, its configured key manager array is obtained and returned. The ValueSupplier implementation throws an exception if the referenced legacy domain is not a JSSE-enabled domain or if the domain doesn't contain a key store configuration that can be used to build the key managers.

    • getElytronTrustManagersResourceDefinition

      public static org.jboss.as.controller.ResourceDefinition getElytronTrustManagersResourceDefinition()
      Defines a resource that represents Elytron-compatible trust managers that can be exported by a JSSE-enabled domain in the legacy security subsystem. To export the trust managers the resource uses a BasicAddHandler implementation that registers the elytron trust-managers capability and implements a org.jboss.as.security.elytron.BasicService.ValueSupplier that uses the injected SecurityDomainContext to obtain a JSSESecurityDomain. If such domain is found, its configured trust manager array is obtained and returned. The ValueSupplier implementation throws an exception if the referenced legacy domain is not a JSSE-enabled domain or if the domain doesn't contain a trust store configuration that can be used to build the trust managers. NOTE: The PicketBox implementation of a JSSESecurityDomain returns a reference to the key store if a trust store was not configured. This means that the trust managers that it builds will use the configured key store instead of throwing an exception to alert about a missing trust store configuration. So extra care must be taken to ensure that the exported trust managers are being built using the correct trust stores.