diff --git a/api/src/main/java/jakarta/security/auth/message/AuthException.java b/api/src/main/java/jakarta/security/auth/message/AuthException.java index 64f9e5b..986dcbd 100644 --- a/api/src/main/java/jakarta/security/auth/message/AuthException.java +++ b/api/src/main/java/jakarta/security/auth/message/AuthException.java @@ -23,23 +23,23 @@ */ public class AuthException extends javax.security.auth.login.LoginException { - private static final long serialVersionUID = -1156951780670243758L; + private static final long serialVersionUID = -1156951780670243758L; - /** - * Constructs an AuthException with no detail message. A detail message is a String that describes this particular - * exception. - */ - public AuthException() { - super(); - } + /** + * Constructs an AuthException with no detail message. A detail message is a String that describes this particular + * exception. + */ + public AuthException() { + super(); + } - /** - * Constructs an AuthException with the specified detail message. A detail message is a String that describes this - * particular exception. - * - * @param msg The detail message. - */ - public AuthException(String msg) { - super(msg); - } + /** + * Constructs an AuthException with the specified detail message. A detail message is a String that describes this + * particular exception. + * + * @param msg The detail message. + */ + public AuthException(String msg) { + super(msg); + } } diff --git a/api/src/main/java/jakarta/security/auth/message/AuthStatus.java b/api/src/main/java/jakarta/security/auth/message/AuthStatus.java index 75a09d1..500ba49 100644 --- a/api/src/main/java/jakarta/security/auth/message/AuthStatus.java +++ b/api/src/main/java/jakarta/security/auth/message/AuthStatus.java @@ -24,57 +24,57 @@ */ public class AuthStatus { - /** - * Indicates that the message processing by the authentication module was successful and that the runtime is to proceed - * with its normal processing of the resulting message. - */ - public static final AuthStatus SUCCESS = new AuthStatus(1); + /** + * Indicates that the message processing by the authentication module was successful and that the runtime is to proceed + * with its normal processing of the resulting message. + */ + public static final AuthStatus SUCCESS = new AuthStatus(1); - /** - * Indicates that the message processing by the authentication module was NOT successful, and that the module replaced - * the application message with an error message. - */ - public static final AuthStatus FAILURE = new AuthStatus(2); + /** + * Indicates that the message processing by the authentication module was NOT successful, and that the module replaced + * the application message with an error message. + */ + public static final AuthStatus FAILURE = new AuthStatus(2); - /** - * Indicates that the message processing by the authentication module was successful and that the runtime is to proceed - * by sending a message returned by the authentication module. - */ - public static final AuthStatus SEND_SUCCESS = new AuthStatus(3); + /** + * Indicates that the message processing by the authentication module was successful and that the runtime is to proceed + * by sending a message returned by the authentication module. + */ + public static final AuthStatus SEND_SUCCESS = new AuthStatus(3); - /** - * Indicates that the message processing by the authentication module was NOT successful, that the module replaced the - * application message with an error message, and that the runtime is to proceed by sending the error message. - */ - public static final AuthStatus SEND_FAILURE = new AuthStatus(4); + /** + * Indicates that the message processing by the authentication module was NOT successful, that the module replaced the + * application message with an error message, and that the runtime is to proceed by sending the error message. + */ + public static final AuthStatus SEND_FAILURE = new AuthStatus(4); - /** - * Indicates the message processing by the authentication module is NOT complete, that the module replaced the - * application message with a security message, and that the runtime is to proceed by sending the security message. - */ - public static final AuthStatus SEND_CONTINUE = new AuthStatus(5); + /** + * Indicates the message processing by the authentication module is NOT complete, that the module replaced the + * application message with a security message, and that the runtime is to proceed by sending the security message. + */ + public static final AuthStatus SEND_CONTINUE = new AuthStatus(5); - private final int value; + private final int value; - private AuthStatus(int value) { - this.value = value; - } + private AuthStatus(int value) { + this.value = value; + } - @Override - public String toString() { - switch (value) { - case 1: - return "AuthStatus.SUCCESS"; - case 2: - return "AuthStatus.FAILURE"; - case 3: - return "AuthStatus.SEND_SUCCESS"; - case 4: - return "AuthStatus.SEND_FAILURE"; - case 5: - return "AuthStatus.SEND_CONTINUE"; - default: - return "Unknown AuthStatus"; - } - } + @Override + public String toString() { + switch (value) { + case 1: + return "AuthStatus.SUCCESS"; + case 2: + return "AuthStatus.FAILURE"; + case 3: + return "AuthStatus.SEND_SUCCESS"; + case 4: + return "AuthStatus.SEND_FAILURE"; + case 5: + return "AuthStatus.SEND_CONTINUE"; + default: + return "Unknown AuthStatus"; + } + } } diff --git a/api/src/main/java/jakarta/security/auth/message/ClientAuth.java b/api/src/main/java/jakarta/security/auth/message/ClientAuth.java index 91b58f1..ee5cb1e 100644 --- a/api/src/main/java/jakarta/security/auth/message/ClientAuth.java +++ b/api/src/main/java/jakarta/security/auth/message/ClientAuth.java @@ -28,109 +28,109 @@ */ public interface ClientAuth { - /** - * Secure a service request message before sending it to the service. - * - *
- * This method is called to transform the request message acquired by calling getRequestMessage (on messageInfo) into - * the mechanism-specific form to be sent by the runtime. - * - *
- * This method conveys the outcome of its message processing either by returning an AuthStatus value or by throwing an - * AuthException. - * - * @param messageInfo A contextual object that encapsulates the client request and server response objects, and that may - * be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing - * a secure message exchange. - * - * @param clientSubject A Subject that represents the source of the service request, or null. It may be used by the - * method implementation as the source of Principals or credentials to be used to secure the request. If the Subject is - * not null, the method implementation may add additional Principals or credentials (pertaining to the source of the - * service request) to the Subject. - * - * @return An AuthStatus object representing the completion status of the processing performed by the method. The - * AuthStatus values that may be returned by this method are defined as follows: - *
validateResponse
must be able to
- * obtain the original application request message.
- *
- * + * This method is called to transform the request message acquired by calling getRequestMessage (on messageInfo) into + * the mechanism-specific form to be sent by the runtime. + * + *
+ * This method conveys the outcome of its message processing either by returning an AuthStatus value or by throwing an + * AuthException. + * + * @param messageInfo A contextual object that encapsulates the client request and server response objects, and that may + * be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing + * a secure message exchange. + * + * @param clientSubject A Subject that represents the source of the service request, or null. It may be used by the + * method implementation as the source of Principals or credentials to be used to secure the request. If the Subject is + * not null, the method implementation may add additional Principals or credentials (pertaining to the source of the + * service request) to the Subject. + * + * @return An AuthStatus object representing the completion status of the processing performed by the method. The + * AuthStatus values that may be returned by this method are defined as follows: + *
validateResponse
must be able to
+ * obtain the original application request message.
+ *
+ * - * This method is called to transform the mechanism-specific response message acquired by calling getResponseMessage (on - * messageInfo) into the validated application message to be returned to the message processing runtime. If the response - * message is a (mechanism-specific) meta-message, the method implementation must attempt to transform the meta-message - * into the next mechanism-specific request message to be sent by the runtime. - * - *
- * This method conveys the outcome of its message processing either by returning an AuthStatus value or by throwing an - * AuthException. - * - * @param messageInfo A contextual object that encapsulates the client request and server response objects, and that may - * be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing - * a secure message exchange. - * - * @param clientSubject A Subject that represents the recipient of the service response, or null. It may be used by the - * method implementation as the source of Principals or credentials to be used to validate the response. If the Subject - * is not null, the method implementation may add additional Principals or credentials (pertaining to the recipient of - * the service request) to the Subject. - * - * @param serviceSubject A Subject that represents the source of the service response, or null. If the Subject is not - * null, the method implementation may add additional Principals or credentials (pertaining to the source of the service - * response) to the Subject. - * - * @return An AuthStatus object representing the completion status of the processing performed by the method. The - * AuthStatus values that may be returned by this method are defined as follows: - *
+ * This method is called to transform the mechanism-specific response message acquired by calling getResponseMessage (on + * messageInfo) into the validated application message to be returned to the message processing runtime. If the response + * message is a (mechanism-specific) meta-message, the method implementation must attempt to transform the meta-message + * into the next mechanism-specific request message to be sent by the runtime. + * + *
+ * This method conveys the outcome of its message processing either by returning an AuthStatus value or by throwing an + * AuthException. + * + * @param messageInfo A contextual object that encapsulates the client request and server response objects, and that may + * be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing + * a secure message exchange. + * + * @param clientSubject A Subject that represents the recipient of the service response, or null. It may be used by the + * method implementation as the source of Principals or credentials to be used to validate the response. If the Subject + * is not null, the method implementation may add additional Principals or credentials (pertaining to the recipient of + * the service request) to the Subject. + * + * @param serviceSubject A Subject that represents the source of the service response, or null. If the Subject is not + * null, the method implementation may add additional Principals or credentials (pertaining to the source of the service + * response) to the Subject. + * + * @return An AuthStatus object representing the completion status of the processing performed by the method. The + * AuthStatus values that may be returned by this method are defined as follows: + *
- * When this method returns an array of target policies, the order of elements in the array represents the order that - * the corresponding message transformations or validations described by the target policies are to be performed by the - * authentication module. - * - * @return An array of target authentication policies, where each element describes an authentication policy and the - * parts of the message to which the authentication policy applies. This method returns null to indicate that no - * security operations should be performed on the messages to which the policy applies. This method never returns a - * zero-length array. - * - */ - public TargetPolicy[] getTargetPolicies() { - return targetPolicies.clone(); - } - - /** - * This class defines the message protection policies for specific Targets. - * - *
- * This class is used to associate a message protection policy with targets within a message. Message targets are - * represented using an implementation of the Target interface matched to the message types in MessageInfo. The - * message protection policy is identified by an implementation of the ProtectionPolicy interface. - * - * @see ClientAuthModule - * @see ServerAuthModule - */ - public static class TargetPolicy { - - private Target[] targets; - private ProtectionPolicy protectionPolicy; - - /** - * Create a TargetPolicy instance with an array of Targets and with a ProtectionPolicy. - * - * @param targets An array of Targets. This argument may be null. - * - * @param protectionPolicy The object that describes the message authentication policy that applies to the targets. - * - * @exception IllegalArgumentException if the specified targets or protectionPolicy is null. - */ - public TargetPolicy(Target[] targets, ProtectionPolicy protectionPolicy) { - if (protectionPolicy == null) { - throw new IllegalArgumentException("invalid null protectionPolicy"); - } - if (targets == null || targets.length == 0) { - this.targets = null; - } else { - this.targets = targets.clone(); - } - this.protectionPolicy = protectionPolicy; - } - - /** - * Get the array of layer-specific target descriptors that identify the one or more message parts to which the specified - * message protection policy applies. - * - * @return An array of Target that identify targets within a message. This method returns null when the specified - * policy applies to the whole message (excluding any metadata added to the message to satisfy the policy). This method - * never returns a zero-length array. - */ - public Target[] getTargets() { - return targets; - } - - /** - * Get the ProtectionPolicy that applies to the targets. - * - * @return A ProtectionPolicy object that identifies the message authentication requirements that apply to the targets. - */ - public ProtectionPolicy getProtectionPolicy() { - return protectionPolicy; - } - } - - /** - * This interface is used to represent and perform message targeting. Targets are used by message authentication modules - * to operate on the corresponding content within messages. - * - *
- * The internal state of a Target indicates whether it applies to the request or response message of a MessageInfo and - * to which components it applies within the identified message. - */ - public interface Target { - - /** - * Get the Object identified by the Target from the MessageInfo. - * - * @param messageInfo The MessageInfo containing the request or response message from which the target is to be - * obtained. - * - * @return An Object representing the target, or null when the target could not be found in the MessageInfo. - */ - Object get(MessageInfo messageInfo); - - /** - * Remove the Object identified by the Target from the MessageInfo. - * - * @param messageInfo The MessageInfo containing the request or response message from which the target is to be removed. - */ - void remove(MessageInfo messageInfo); - - /** - * Put the Object into the MessageInfo at the location identified by the target. - * - * @param messageInfo The MessageInfo containing the request or response message into which the object is to be put. - * @param data The data to be put into the MessageInfo - */ - void put(MessageInfo messageInfo, Object data); - } - - /** - * This interface is used to represent message authentication policy. - * - *
- * The internal state of a ProtectionPolicy object defines the message authentication requirements to be applied to the - * associated Target. - */ - public interface ProtectionPolicy { - - /** - * The identifier for a ProtectionPolicy that indicates that the sending entity is to be authenticated. - */ - String AUTHENTICATE_SENDER = - - "#authenticateSender"; - - /** - * The identifier for a ProtectionPolicy that indicates that the origin of data within the message is to be authenticated - * (that is, the message is to be protected such that its recipients can establish who defined the message content). - */ - String AUTHENTICATE_CONTENT = - - "#authenticateContent"; - - /** - * The identifier for a ProtectionPolicy that indicates that the message recipient is to be authenticated. - */ - String AUTHENTICATE_RECIPIENT = - - "#authenticateRecipient"; - - /** - * Get the ProtectionPolicy identifier. An identifier may represent a conceptual protection policy (as is the case with - * the static identifiers defined within this interface) or it may identify a procedural policy expression or plan that - * may be more difficult to categorize in terms of a conceptual identifier. - * - * @return A String containing a policy identifier. This interface defines some policy identifier constants. - * Configuration systems may define and employ other policy identifiers values. - */ - String getID(); - } + private TargetPolicy[] targetPolicies; + private boolean mandatory; + + /** + * Create a MessagePolicy instance with an array of target policies. + * + * @param targetPolicies an array of target policies. + * + * @param mandatory A boolean value indicating whether the MessagePolicy is mandatory or optional. + * + * @exception IllegalArgumentException if the specified targetPolicies is null. + */ + public MessagePolicy(TargetPolicy[] targetPolicies, boolean mandatory) { + if (targetPolicies == null) { + throw new IllegalArgumentException("invalid null targetPolicies"); + } + this.targetPolicies = targetPolicies.clone(); + this.mandatory = mandatory; + } + + /** + * Get the MessagePolicy modifier. + * + * @return A boolean indicating whether the MessagePolicy is optional(false) or required(true). + */ + public boolean isMandatory() { + return mandatory; + } + + /** + * Get the target policies that comprise the authentication policy. + * + *
+ * When this method returns an array of target policies, the order of elements in the array represents the order that + * the corresponding message transformations or validations described by the target policies are to be performed by the + * authentication module. + * + * @return An array of target authentication policies, where each element describes an authentication policy and the + * parts of the message to which the authentication policy applies. This method returns null to indicate that no + * security operations should be performed on the messages to which the policy applies. This method never returns a + * zero-length array. + * + */ + public TargetPolicy[] getTargetPolicies() { + return targetPolicies.clone(); + } + + /** + * This class defines the message protection policies for specific Targets. + * + *
+ * This class is used to associate a message protection policy with targets within a message. Message targets are + * represented using an implementation of the Target interface matched to the message types in MessageInfo. The + * message protection policy is identified by an implementation of the ProtectionPolicy interface. + * + * @see ClientAuthModule + * @see ServerAuthModule + */ + public static class TargetPolicy { + + private Target[] targets; + private ProtectionPolicy protectionPolicy; + + /** + * Create a TargetPolicy instance with an array of Targets and with a ProtectionPolicy. + * + * @param targets An array of Targets. This argument may be null. + * + * @param protectionPolicy The object that describes the message authentication policy that applies to the targets. + * + * @exception IllegalArgumentException if the specified targets or protectionPolicy is null. + */ + public TargetPolicy(Target[] targets, ProtectionPolicy protectionPolicy) { + if (protectionPolicy == null) { + throw new IllegalArgumentException("invalid null protectionPolicy"); + } + if (targets == null || targets.length == 0) { + this.targets = null; + } else { + this.targets = targets.clone(); + } + this.protectionPolicy = protectionPolicy; + } + + /** + * Get the array of layer-specific target descriptors that identify the one or more message parts to which the specified + * message protection policy applies. + * + * @return An array of Target that identify targets within a message. This method returns null when the specified + * policy applies to the whole message (excluding any metadata added to the message to satisfy the policy). This method + * never returns a zero-length array. + */ + public Target[] getTargets() { + return targets; + } + + /** + * Get the ProtectionPolicy that applies to the targets. + * + * @return A ProtectionPolicy object that identifies the message authentication requirements that apply to the targets. + */ + public ProtectionPolicy getProtectionPolicy() { + return protectionPolicy; + } + } + + /** + * This interface is used to represent and perform message targeting. Targets are used by message authentication modules + * to operate on the corresponding content within messages. + * + *
+ * The internal state of a Target indicates whether it applies to the request or response message of a MessageInfo and + * to which components it applies within the identified message. + */ + public interface Target { + + /** + * Get the Object identified by the Target from the MessageInfo. + * + * @param messageInfo The MessageInfo containing the request or response message from which the target is to be + * obtained. + * + * @return An Object representing the target, or null when the target could not be found in the MessageInfo. + */ + Object get(MessageInfo messageInfo); + + /** + * Remove the Object identified by the Target from the MessageInfo. + * + * @param messageInfo The MessageInfo containing the request or response message from which the target is to be removed. + */ + void remove(MessageInfo messageInfo); + + /** + * Put the Object into the MessageInfo at the location identified by the target. + * + * @param messageInfo The MessageInfo containing the request or response message into which the object is to be put. + * @param data The data to be put into the MessageInfo + */ + void put(MessageInfo messageInfo, Object data); + } + + /** + * This interface is used to represent message authentication policy. + * + *
+ * The internal state of a ProtectionPolicy object defines the message authentication requirements to be applied to the + * associated Target. + */ + public interface ProtectionPolicy { + + /** + * The identifier for a ProtectionPolicy that indicates that the sending entity is to be authenticated. + */ + String AUTHENTICATE_SENDER = + + "#authenticateSender"; + + /** + * The identifier for a ProtectionPolicy that indicates that the origin of data within the message is to be authenticated + * (that is, the message is to be protected such that its recipients can establish who defined the message content). + */ + String AUTHENTICATE_CONTENT = + + "#authenticateContent"; + + /** + * The identifier for a ProtectionPolicy that indicates that the message recipient is to be authenticated. + */ + String AUTHENTICATE_RECIPIENT = + + "#authenticateRecipient"; + + /** + * Get the ProtectionPolicy identifier. An identifier may represent a conceptual protection policy (as is the case with + * the static identifiers defined within this interface) or it may identify a procedural policy expression or plan that + * may be more difficult to categorize in terms of a conceptual identifier. + * + * @return A String containing a policy identifier. This interface defines some policy identifier constants. + * Configuration systems may define and employ other policy identifiers values. + */ + String getID(); + } } diff --git a/api/src/main/java/jakarta/security/auth/message/ServerAuth.java b/api/src/main/java/jakarta/security/auth/message/ServerAuth.java index b2c2018..28fa3d4 100644 --- a/api/src/main/java/jakarta/security/auth/message/ServerAuth.java +++ b/api/src/main/java/jakarta/security/auth/message/ServerAuth.java @@ -28,114 +28,114 @@ */ public interface ServerAuth { - /** - * Authenticate a received service request. - * - *
- * This method is called to transform the mechanism-specific request message acquired by calling getRequestMessage (on - * messageInfo) into the validated application message to be returned to the message processing runtime. If the received - * message is a (mechanism-specific) meta-message, the method implementation must attempt to transform the meta-message - * into a corresponding mechanism-specific response message, or to the validated application request message. The - * runtime will bind a validated application message into the the corresponding service invocation. - * - *
- * This method conveys the outcome of its message processing either by returning an AuthStatus value or by throwing an - * AuthException. - * - * @param messageInfo A contextual object that encapsulates the client request and server response objects, and that may - * be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing - * a secure message exchange. - * - * @param clientSubject A Subject that represents the source of the service request. It is used by the method - * implementation to store Principals and credentials validated in the request. - * - * @param serviceSubject A Subject that represents the recipient of the service request, or null. It may be used by the - * method implementation as the source of Principals or credentials to be used to validate the request. If the Subject - * is not null, the method implementation may add additional Principals or credentials (pertaining to the recipient of - * the service request) to the Subject. - * - * @return An AuthStatus object representing the completion status of the processing performed by the method. The - * AuthStatus values that may be returned by this method are defined as follows: - * - *
+ * This method is called to transform the mechanism-specific request message acquired by calling getRequestMessage (on + * messageInfo) into the validated application message to be returned to the message processing runtime. If the received + * message is a (mechanism-specific) meta-message, the method implementation must attempt to transform the meta-message + * into a corresponding mechanism-specific response message, or to the validated application request message. The + * runtime will bind a validated application message into the the corresponding service invocation. + * + *
+ * This method conveys the outcome of its message processing either by returning an AuthStatus value or by throwing an + * AuthException. + * + * @param messageInfo A contextual object that encapsulates the client request and server response objects, and that may + * be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing + * a secure message exchange. + * + * @param clientSubject A Subject that represents the source of the service request. It is used by the method + * implementation to store Principals and credentials validated in the request. + * + * @param serviceSubject A Subject that represents the recipient of the service request, or null. It may be used by the + * method implementation as the source of Principals or credentials to be used to validate the request. If the Subject + * is not null, the method implementation may add additional Principals or credentials (pertaining to the recipient of + * the service request) to the Subject. + * + * @return An AuthStatus object representing the completion status of the processing performed by the method. The + * AuthStatus values that may be returned by this method are defined as follows: + * + *
- * This method conveys the outcome of its message processing either by returning an AuthStatus value or by throwing an - * AuthException. - * - * @param messageInfo A contextual object that encapsulates the client request and server response objects, and that may - * be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing - * a secure message exchange. - * - * @param serviceSubject A Subject that represents the source of the service response, or null. It may be used by the - * method implementation to retrieve Principals and credentials necessary to secure the response. If the Subject is not - * null, the method implementation may add additional Principals or credentials (pertaining to the source of the service - * response) to the Subject. - * - * @return An AuthStatus object representing the completion status of the processing performed by the method. The - * AuthStatus values that may be returned by this method are defined as follows: - * - *
+ * This method conveys the outcome of its message processing either by returning an AuthStatus value or by throwing an + * AuthException. + * + * @param messageInfo A contextual object that encapsulates the client request and server response objects, and that may + * be used to save state across a sequence of calls made to the methods of this interface for the purpose of completing + * a secure message exchange. + * + * @param serviceSubject A Subject that represents the source of the service response, or null. It may be used by the + * method implementation to retrieve Principals and credentials necessary to secure the response. If the Subject is not + * null, the method implementation may add additional Principals or credentials (pertaining to the source of the service + * response) to the Subject. + * + * @return An AuthStatus object representing the completion status of the processing performed by the method. The + * AuthStatus values that may be returned by this method are defined as follows: + * + *
- * The CallbackHandler must use the argument Principal
to establish the caller principal associated with
- * the invocation being processed by the container. When the argument Principal
is null, the handler must
- * establish the container's representation of the unauthenticated caller principal.
- *
- *
- * The handler may perform principal mapping of non-null argument Principal
values, but it must be possible
- * to configure the handler such that it establishes the non-null argument Principal
as the caller
- * principal.
- *
- * @param subject The Subject in which the container will distinguish the caller identity.
- *
- * @param principal The Principal that will be distinguished as the caller principal. This value may be null.
- */
- public CallerPrincipalCallback(Subject subject, Principal principal) {
- this.subject = subject;
- this.principal = principal;
- }
+ /**
+ * Create a CallerPrincipalCallback to set the container's representation of the caller principal
+ *
+ *
+ * The CallbackHandler must use the argument Principal
to establish the caller principal associated with
+ * the invocation being processed by the container. When the argument Principal
is null, the handler must
+ * establish the container's representation of the unauthenticated caller principal.
+ *
+ *
+ * The handler may perform principal mapping of non-null argument Principal
values, but it must be possible
+ * to configure the handler such that it establishes the non-null argument Principal
as the caller
+ * principal.
+ *
+ * @param subject The Subject in which the container will distinguish the caller identity.
+ *
+ * @param principal The Principal that will be distinguished as the caller principal. This value may be null.
+ */
+ public CallerPrincipalCallback(Subject subject, Principal principal) {
+ this.subject = subject;
+ this.principal = principal;
+ }
- /**
- * Create a CallerPrincipalCallback to set the container's representation of the caller principal.
- *
- *
- * The CallbackHandler must use the name
argument to establish the caller principal associated with the
- * invocation being processed by the container. When the name
argument is null, the handler must establish
- * the container's representation of the unauthenticated caller principal (which may or may not be equal to null,
- * depending on the requirements of the container type).
- *
- *
- * The handler may perform principal mapping of non-null values of name
, but it must be possible to
- * configure the handler such that it establishes the non-null argument value as the value returned when
- * getName
is called on the established principal.
- *
- * @param subject The Subject in which the container will distinguish the caller identity.
- *
- * @param name The String value that will be returned when getName()
is called on the principal established
- * as the caller principal or null.
- */
- public CallerPrincipalCallback(Subject subject, String name) {
- this.subject = subject;
- this.name = name;
- }
+ /**
+ * Create a CallerPrincipalCallback to set the container's representation of the caller principal.
+ *
+ *
+ * The CallbackHandler must use the name
argument to establish the caller principal associated with the
+ * invocation being processed by the container. When the name
argument is null, the handler must establish
+ * the container's representation of the unauthenticated caller principal (which may or may not be equal to null,
+ * depending on the requirements of the container type).
+ *
+ *
+ * The handler may perform principal mapping of non-null values of name
, but it must be possible to
+ * configure the handler such that it establishes the non-null argument value as the value returned when
+ * getName
is called on the established principal.
+ *
+ * @param subject The Subject in which the container will distinguish the caller identity.
+ *
+ * @param name The String value that will be returned when getName()
is called on the principal established
+ * as the caller principal or null.
+ */
+ public CallerPrincipalCallback(Subject subject, String name) {
+ this.subject = subject;
+ this.name = name;
+ }
- /**
- * Get the Subject in which the handler will distinguish the caller principal
- *
- * @return The subject.
- */
- public Subject getSubject() {
- return subject;
- }
+ /**
+ * Get the Subject in which the handler will distinguish the caller principal
+ *
+ * @return The subject.
+ */
+ public Subject getSubject() {
+ return subject;
+ }
- /**
- * Get the caller principal.
- *
- *
- * When the values returned by this method and the getName methods are null, the handler must establish the container's - * representation of the unauthenticated caller principal within the Subject. - * - * @return The principal or null. - */ - public Principal getPrincipal() { - return principal; - } + /** + * Get the caller principal. + * + *
+ * When the values returned by this method and the getName methods are null, the handler must establish the container's + * representation of the unauthenticated caller principal within the Subject. + * + * @return The principal or null. + */ + public Principal getPrincipal() { + return principal; + } - /** - * Get the caller principal name. - * - *
- * When the values returned by this method and the getPrincipal methods are null, the handler must establish the - * container's representation of the unauthenticated caller principal within the Subject. - * - * @return The principal name or null. - */ - public String getName() { - return name; - } + /** + * Get the caller principal name. + * + *
+ * When the values returned by this method and the getPrincipal methods are null, the handler must establish the + * container's representation of the unauthenticated caller principal within the Subject. + * + * @return The principal name or null. + */ + public String getName() { + return name; + } } diff --git a/api/src/main/java/jakarta/security/auth/message/callback/CertStoreCallback.java b/api/src/main/java/jakarta/security/auth/message/callback/CertStoreCallback.java index efd0bf5..22f7efd 100644 --- a/api/src/main/java/jakarta/security/auth/message/callback/CertStoreCallback.java +++ b/api/src/main/java/jakarta/security/auth/message/callback/CertStoreCallback.java @@ -31,23 +31,23 @@ */ public class CertStoreCallback implements Callback { - private CertStore certStore; + private CertStore certStore; - /** - * Used by the CallbackHandler to set the CertStore within the Callback. - * - * @param certStore The certificate store, which may be null - */ - public void setCertStore(CertStore certStore) { - this.certStore = certStore; - } + /** + * Used by the CallbackHandler to set the CertStore within the Callback. + * + * @param certStore The certificate store, which may be null + */ + public void setCertStore(CertStore certStore) { + this.certStore = certStore; + } - /** - * Used by the CertStore user to obtain the CertStore set within the Callback. - * - * @return The CertStore, or null. - */ - public CertStore getCertStore() { - return certStore; - } + /** + * Used by the CertStore user to obtain the CertStore set within the Callback. + * + * @return The CertStore, or null. + */ + public CertStore getCertStore() { + return certStore; + } } diff --git a/api/src/main/java/jakarta/security/auth/message/callback/GroupPrincipalCallback.java b/api/src/main/java/jakarta/security/auth/message/callback/GroupPrincipalCallback.java index a6fa215..a4307d1 100644 --- a/api/src/main/java/jakarta/security/auth/message/callback/GroupPrincipalCallback.java +++ b/api/src/main/java/jakarta/security/auth/message/callback/GroupPrincipalCallback.java @@ -30,53 +30,53 @@ */ public class GroupPrincipalCallback implements Callback { - private Subject subject; - private String[] groups; + private Subject subject; + private String[] groups; - /** - * Create a GroupPrincipalCallback to establish the container's representation of the corresponding group principals - * within the Subject. - * - *
- * When a null value is passed to the groups
argument, the handler will establish the container's
- * representation of no group principals within the Subject. Otherwise, the handler's processing of this callback is
- * additive, yielding the union (without duplicates) of the principals existing within the Subject, and those created
- * with the names occurring within the argument array. The CallbackHandler will define the type of the created
- * principals.
- *
- * @param subject The Subject in which the container will create group principals.
- *
- * @param groups An array of Strings, where each element contains the name of a group that will be used to create a
- * corresponding group principal within the Subject.
- */
- public GroupPrincipalCallback(Subject subject, String[] groups) {
- this.subject = subject;
- this.groups = groups;
- }
+ /**
+ * Create a GroupPrincipalCallback to establish the container's representation of the corresponding group principals
+ * within the Subject.
+ *
+ *
+ * When a null value is passed to the groups
argument, the handler will establish the container's
+ * representation of no group principals within the Subject. Otherwise, the handler's processing of this callback is
+ * additive, yielding the union (without duplicates) of the principals existing within the Subject, and those created
+ * with the names occurring within the argument array. The CallbackHandler will define the type of the created
+ * principals.
+ *
+ * @param subject The Subject in which the container will create group principals.
+ *
+ * @param groups An array of Strings, where each element contains the name of a group that will be used to create a
+ * corresponding group principal within the Subject.
+ */
+ public GroupPrincipalCallback(Subject subject, String[] groups) {
+ this.subject = subject;
+ this.groups = groups;
+ }
- /**
- * Get the Subject in which the handler will establish the group principals.
- *
- * @return The subject.
- */
- public Subject getSubject() {
- return subject;
- }
+ /**
+ * Get the Subject in which the handler will establish the group principals.
+ *
+ * @return The subject.
+ */
+ public Subject getSubject() {
+ return subject;
+ }
- /**
- * Get the array of group names.
- *
- *
- * When the return value is null, the handler will establish the container's representation of no group principals - * within the Subject. - * - * Otherwise, the handler's processing of this callback is additive, yielding the union (without duplicates) of the - * principals created with the names in the returned array and those existing within the Subject. - * - * @return Null, or an array containing 0 or more String group names. - */ - public String[] getGroups() { - return groups; - } + /** + * Get the array of group names. + * + *
+ * When the return value is null, the handler will establish the container's representation of no group principals + * within the Subject. + * + * Otherwise, the handler's processing of this callback is additive, yielding the union (without duplicates) of the + * principals created with the names in the returned array and those existing within the Subject. + * + * @return Null, or an array containing 0 or more String group names. + */ + public String[] getGroups() { + return groups; + } } diff --git a/api/src/main/java/jakarta/security/auth/message/callback/PasswordValidationCallback.java b/api/src/main/java/jakarta/security/auth/message/callback/PasswordValidationCallback.java index 1d45757..8bea476 100644 --- a/api/src/main/java/jakarta/security/auth/message/callback/PasswordValidationCallback.java +++ b/api/src/main/java/jakarta/security/auth/message/callback/PasswordValidationCallback.java @@ -32,83 +32,83 @@ */ public class PasswordValidationCallback implements Callback { - private Subject subject; - private String username; - private char[] password; - private boolean result; + private Subject subject; + private String username; + private char[] password; + private boolean result; - /** - * Create a PasswordValidationCallback. - * - * @param subject The subject for authentication - * - * @param username The username to authenticate - * - * @param password The user's password, which may be null. - */ - public PasswordValidationCallback(Subject subject, String username, char[] password) { - this.subject = subject; - this.username = username; - if (password != null) { - this.password = password.clone(); - } - } + /** + * Create a PasswordValidationCallback. + * + * @param subject The subject for authentication + * + * @param username The username to authenticate + * + * @param password The user's password, which may be null. + */ + public PasswordValidationCallback(Subject subject, String username, char[] password) { + this.subject = subject; + this.username = username; + if (password != null) { + this.password = password.clone(); + } + } - /** - * Get the subject. - * - * @return The subject. - */ - public Subject getSubject() { - return subject; - } + /** + * Get the subject. + * + * @return The subject. + */ + public Subject getSubject() { + return subject; + } - /** - * Get the username. - * - * @return The username. - */ - public String getUsername() { - return username; - } + /** + * Get the username. + * + * @return The username. + */ + public String getUsername() { + return username; + } - /** - * Get the password. - * - *
- * Note that this method returns a reference to the password. If a clone of the array is created it is the caller's - * responsibility to zero out the password information after it is no longer needed. - * - * @return The password, which may be null. - */ - public char[] getPassword() { - return password; - } + /** + * Get the password. + * + *
+ * Note that this method returns a reference to the password. If a clone of the array is created it is the caller's + * responsibility to zero out the password information after it is no longer needed. + * + * @return The password, which may be null. + */ + public char[] getPassword() { + return password; + } - /** - * Clear the password. - */ - public void clearPassword() { - if (password != null) { - Arrays.fill(password, ' '); - } - } + /** + * Clear the password. + */ + public void clearPassword() { + if (password != null) { + Arrays.fill(password, ' '); + } + } - /** - * Set the authentication result. - * - * @param result True if authentication succeeded, false otherwise - */ - public void setResult(boolean result) { - this.result = result; - } + /** + * Set the authentication result. + * + * @param result True if authentication succeeded, false otherwise + */ + public void setResult(boolean result) { + this.result = result; + } - /** - * Get the authentication result. - * - * @return True if authentication succeeded, false otherwise - */ - public boolean getResult() { - return result; - } + /** + * Get the authentication result. + * + * @return True if authentication succeeded, false otherwise + */ + public boolean getResult() { + return result; + } } diff --git a/api/src/main/java/jakarta/security/auth/message/callback/PrivateKeyCallback.java b/api/src/main/java/jakarta/security/auth/message/callback/PrivateKeyCallback.java index 2c587c4..42460d7 100644 --- a/api/src/main/java/jakarta/security/auth/message/callback/PrivateKeyCallback.java +++ b/api/src/main/java/jakarta/security/auth/message/callback/PrivateKeyCallback.java @@ -33,231 +33,231 @@ */ public class PrivateKeyCallback implements Callback { - private Request request; - private PrivateKey key; - private Certificate[] chain; + private Request request; + private PrivateKey key; + private Certificate[] chain; - /** - * Marker interface for private key request types. - */ - public interface Request { - } + /** + * Marker interface for private key request types. + */ + public interface Request { + } - /** - * Request type for private keys that are identified using an alias. - */ - public static class AliasRequest implements Request { - private String alias; + /** + * Request type for private keys that are identified using an alias. + */ + public static class AliasRequest implements Request { + private String alias; - /** - * Construct an AliasRequest with an alias. - * - *
- * The alias is used to directly identify the private key to be returned. The corresponding certificate chain for the - * private key is also returned. - * - *
- * If the alias is null, the handler of the callback relies on its own default. - * - * @param alias Name identifier for the private key, or null. - */ - public AliasRequest(String alias) { - this.alias = alias; - } + /** + * Construct an AliasRequest with an alias. + * + *
+ * The alias is used to directly identify the private key to be returned. The corresponding certificate chain for the + * private key is also returned. + * + *
+ * If the alias is null, the handler of the callback relies on its own default. + * + * @param alias Name identifier for the private key, or null. + */ + public AliasRequest(String alias) { + this.alias = alias; + } - /** - * Get the alias. - * - * @return The alias, or null. - */ - public String getAlias() { - return alias; - } - } + /** + * Get the alias. + * + * @return The alias, or null. + */ + public String getAlias() { + return alias; + } + } - /** - * Request type for private keys that are identified using a SubjectKeyID - */ - public static class SubjectKeyIDRequest implements Request { - private byte[] id; + /** + * Request type for private keys that are identified using a SubjectKeyID + */ + public static class SubjectKeyIDRequest implements Request { + private byte[] id; - /** - * Construct a SubjectKeyIDRequest with an subjectKeyID. - * - *
- * The subjectKeyID is used to directly identify the private key to be returned. The corresponding certificate chain for - * the private key is also returned. - * - *
- * If the subjectKeyID is null, the handler of the callback relies on its own default. - * - * @param subjectKeyID Identifier for the private key, or null. - */ - public SubjectKeyIDRequest(byte[] subjectKeyID) { - if (subjectKeyID != null) { - this.id = subjectKeyID.clone(); - } - } + /** + * Construct a SubjectKeyIDRequest with an subjectKeyID. + * + *
+ * The subjectKeyID is used to directly identify the private key to be returned. The corresponding certificate chain for + * the private key is also returned. + * + *
+ * If the subjectKeyID is null, the handler of the callback relies on its own default. + * + * @param subjectKeyID Identifier for the private key, or null. + */ + public SubjectKeyIDRequest(byte[] subjectKeyID) { + if (subjectKeyID != null) { + this.id = subjectKeyID.clone(); + } + } - /** - * Get the subjectKeyID. - * - * @return The subjectKeyID, or null. - */ - public byte[] getSubjectKeyID() { - return id; - } - } + /** + * Get the subjectKeyID. + * + * @return The subjectKeyID, or null. + */ + public byte[] getSubjectKeyID() { + return id; + } + } - /** - * Request type for private keys that are identified using an issuer/serial number. - */ - public static class IssuerSerialNumRequest implements Request { - private X500Principal issuer; - private BigInteger serialNum; + /** + * Request type for private keys that are identified using an issuer/serial number. + */ + public static class IssuerSerialNumRequest implements Request { + private X500Principal issuer; + private BigInteger serialNum; - /** - * Constructs a IssuerSerialNumRequest with an issuer/serial number. - * - *
- * The issuer/serial number is used to identify a public key certificate. The corresponding private key is returned in - * the callback. The corresponding certificate chain for the private key is also returned. - * - * If the issuer/serialNumber parameters are null, the handler of the callback relies on its own defaults. - * - * @param issuer The X500Principal name of the certificate issuer, or null. - * - * @param serialNumber The serial number of the certificate, or null. - */ - public IssuerSerialNumRequest(X500Principal issuer, BigInteger serialNumber) { - this.issuer = issuer; - this.serialNum = serialNumber; - } + /** + * Constructs a IssuerSerialNumRequest with an issuer/serial number. + * + *
+ * The issuer/serial number is used to identify a public key certificate. The corresponding private key is returned in + * the callback. The corresponding certificate chain for the private key is also returned. + * + * If the issuer/serialNumber parameters are null, the handler of the callback relies on its own defaults. + * + * @param issuer The X500Principal name of the certificate issuer, or null. + * + * @param serialNumber The serial number of the certificate, or null. + */ + public IssuerSerialNumRequest(X500Principal issuer, BigInteger serialNumber) { + this.issuer = issuer; + this.serialNum = serialNumber; + } - /** - * Get the issuer. - * - * @return The issuer, or null. - */ - public X500Principal getIssuer() { - return issuer; - } + /** + * Get the issuer. + * + * @return The issuer, or null. + */ + public X500Principal getIssuer() { + return issuer; + } - /** - * Get the serial number. - * - * @return The serial number, or null. - */ - public BigInteger getSerialNum() { - return serialNum; - } - } + /** + * Get the serial number. + * + * @return The serial number, or null. + */ + public BigInteger getSerialNum() { + return serialNum; + } + } - /** - * Request type for private keys that are identified using a certificate digest or thumbprint. - */ - public static class DigestRequest implements Request { - private String algorithm; - private byte[] digest; + /** + * Request type for private keys that are identified using a certificate digest or thumbprint. + */ + public static class DigestRequest implements Request { + private String algorithm; + private byte[] digest; - /** - * Constructs a DigestRequest with a digest value and algorithm identifier. - * - *
- * The digest of the certificate whose private key is returned must match the provided digest. The certificate digest is
- * computed by applying the specified algorithm to the bytes of the certificate. For example:
- * MessageDigest.getInstance(algorithm).digest(cert.getEncoded())
-
. The corresponding certificate chain for the private key is also returned.
- *
- * If the digest or algorithm parameters are null, the handler of the callback relies on its own defaults.
- *
- * @param digest The digest value to use to select the corresponding certificate and private key (or null).
- *
- * @param algorithm A string value identifying the digest algorithm. The value passed to this parameter may be null. If
- * it is not null, it must conform to the requirements for the algorithm parameter of
- * java.security.MessageDigest.getInstance()
.
- */
- public DigestRequest(byte[] digest, String algorithm) {
- this.digest = digest;
- this.algorithm = algorithm;
- }
+ /**
+ * Constructs a DigestRequest with a digest value and algorithm identifier.
+ *
+ *
+ * The digest of the certificate whose private key is returned must match the provided digest. The certificate digest is
+ * computed by applying the specified algorithm to the bytes of the certificate. For example:
+ * MessageDigest.getInstance(algorithm).digest(cert.getEncoded())
+
. The corresponding certificate chain for the private key is also returned.
+ *
+ * If the digest or algorithm parameters are null, the handler of the callback relies on its own defaults.
+ *
+ * @param digest The digest value to use to select the corresponding certificate and private key (or null).
+ *
+ * @param algorithm A string value identifying the digest algorithm. The value passed to this parameter may be null. If
+ * it is not null, it must conform to the requirements for the algorithm parameter of
+ * java.security.MessageDigest.getInstance()
.
+ */
+ public DigestRequest(byte[] digest, String algorithm) {
+ this.digest = digest;
+ this.algorithm = algorithm;
+ }
- /**
- * Get the digest value.
- *
- * @return The digest value which must match the digest of the certificate corresponding to the returned private key.
- */
- public byte[] getDigest() {
- return digest;
- }
+ /**
+ * Get the digest value.
+ *
+ * @return The digest value which must match the digest of the certificate corresponding to the returned private key.
+ */
+ public byte[] getDigest() {
+ return digest;
+ }
- /**
- * Get the algorithm identifier.
- *
- * @return The identifier of the algorithm used to compute the digest.
- */
- public String getAlgorithm() {
- return algorithm;
- }
- }
+ /**
+ * Get the algorithm identifier.
+ *
+ * @return The identifier of the algorithm used to compute the digest.
+ */
+ public String getAlgorithm() {
+ return algorithm;
+ }
+ }
- /**
- * Constructs this PrivateKeyCallback with a private key Request object.
- *
- *
- * The request object identifies the private key to be returned. The corresponding certificate chain for the - * private key is also returned. - * - *
- * If the request object is null, the handler of the callback relies on its own default. - * - * @param request Identifier for the private key, or null. - */ - public PrivateKeyCallback(Request request) { - this.request = request; - } + /** + * Constructs this PrivateKeyCallback with a private key Request object. + * + *
+ * The request object identifies the private key to be returned. The corresponding certificate chain for the + * private key is also returned. + * + *
+ * If the request object is null, the handler of the callback relies on its own default. + * + * @param request Identifier for the private key, or null. + */ + public PrivateKeyCallback(Request request) { + this.request = request; + } - /** - * Used by the CallbackHandler to get the Request object that identifies the private key to be returned. - * - * @return The Request object which identifies the private key to be returned, or null. If null, the handler of the - * callback relies on its own default. - */ - public Request getRequest() { - return request; - } + /** + * Used by the CallbackHandler to get the Request object that identifies the private key to be returned. + * + * @return The Request object which identifies the private key to be returned, or null. If null, the handler of the + * callback relies on its own default. + */ + public Request getRequest() { + return request; + } - /** - * Used by the CallbackHandler to set the requested private key and the corresponding certificate chain within the - * Callback. - * - *
- * If the requested private key or chain could not be found, then both values must be set to null. - * - * @param key The private key, or null. - * - * @param chain The corresponding certificate chain, or null. - */ - public void setKey(PrivateKey key, Certificate[] chain) { - this.key = key; - this.chain = chain; - } + /** + * Used by the CallbackHandler to set the requested private key and the corresponding certificate chain within the + * Callback. + * + *
+ * If the requested private key or chain could not be found, then both values must be set to null. + * + * @param key The private key, or null. + * + * @param chain The corresponding certificate chain, or null. + */ + public void setKey(PrivateKey key, Certificate[] chain) { + this.key = key; + this.chain = chain; + } - /** - * Used to obtain the private key set within the Callback. - * - * @return The private key, or null if the key could not be found. - */ - public PrivateKey getKey() { - return key; - } + /** + * Used to obtain the private key set within the Callback. + * + * @return The private key, or null if the key could not be found. + */ + public PrivateKey getKey() { + return key; + } - /** - * Used to obtain the certificate chain set within the Callback. - * - * @return The certificate chain, or null if the chain could not be found. - */ - public Certificate[] getChain() { - return chain; - } + /** + * Used to obtain the certificate chain set within the Callback. + * + * @return The certificate chain, or null if the chain could not be found. + */ + public Certificate[] getChain() { + return chain; + } } diff --git a/api/src/main/java/jakarta/security/auth/message/callback/SecretKeyCallback.java b/api/src/main/java/jakarta/security/auth/message/callback/SecretKeyCallback.java index 6a0e270..cea5426 100644 --- a/api/src/main/java/jakarta/security/auth/message/callback/SecretKeyCallback.java +++ b/api/src/main/java/jakarta/security/auth/message/callback/SecretKeyCallback.java @@ -32,85 +32,85 @@ */ public class SecretKeyCallback implements Callback { - private Request request; - private SecretKey key; + private Request request; + private SecretKey key; - /** - * Marker interface for secret key request types. - */ - public interface Request { - } + /** + * Marker interface for secret key request types. + */ + public interface Request { + } - /** - * Request type for secret keys that are identified using an alias. - */ - public static class AliasRequest implements Request { - private String alias; + /** + * Request type for secret keys that are identified using an alias. + */ + public static class AliasRequest implements Request { + private String alias; - /** - * Construct an AliasRequest with an alias. - * - *
- * The alias is used to directly identify the secret key to be returned. - * - *
- * If the alias is null, the handler of the callback relies on its own default. - * - * @param alias Name identifier for the secret key, or null. - */ - public AliasRequest(String alias) { - this.alias = alias; - } + /** + * Construct an AliasRequest with an alias. + * + *
+ * The alias is used to directly identify the secret key to be returned. + * + *
+ * If the alias is null, the handler of the callback relies on its own default. + * + * @param alias Name identifier for the secret key, or null. + */ + public AliasRequest(String alias) { + this.alias = alias; + } - /** - * Get the alias. - * - * @return The alias, or null. - */ - public String getAlias() { - return alias; - } - } + /** + * Get the alias. + * + * @return The alias, or null. + */ + public String getAlias() { + return alias; + } + } - /** - * Constructs this SecretKeyCallback with a secret key Request object. - * - *
- * The request object identifies the secret key to be returned. - * - * If the alias is null, the handler of the callback relies on its own default. - * - * @param request Request object identifying the secret key, or null. - */ - public SecretKeyCallback(Request request) { - this.request = request; - } + /** + * Constructs this SecretKeyCallback with a secret key Request object. + * + *
+ * The request object identifies the secret key to be returned.
+ *
+ * If the alias is null, the handler of the callback relies on its own default.
+ *
+ * @param request Request object identifying the secret key, or null.
+ */
+ public SecretKeyCallback(Request request) {
+ this.request = request;
+ }
- /**
- * Used by the CallbackHandler to get the Request object which identifies the secret key to be returned.
- *
- * @return The Request object which identifies the private key to be returned, or null. If null, the handler of the
- * callback relies on its own default.
- */
- public Request getRequest() {
- return request;
- }
+ /**
+ * Used by the CallbackHandler to get the Request object which identifies the secret key to be returned.
+ *
+ * @return The Request object which identifies the private key to be returned, or null. If null, the handler of the
+ * callback relies on its own default.
+ */
+ public Request getRequest() {
+ return request;
+ }
- /**
- * Used by the CallbackHandler to set the requested secret key within the Callback.
- *
- * @param key The secret key, or null if no key was found.
- */
- public void setKey(SecretKey key) {
- this.key = key;
- }
+ /**
+ * Used by the CallbackHandler to set the requested secret key within the Callback.
+ *
+ * @param key The secret key, or null if no key was found.
+ */
+ public void setKey(SecretKey key) {
+ this.key = key;
+ }
- /**
- * Used to obtain the secret key set within the Callback.
- *
- * @return The secret key, or null if no key was found.
- */
- public SecretKey getKey() {
- return key;
- }
+ /**
+ * Used to obtain the secret key set within the Callback.
+ *
+ * @return The secret key, or null if no key was found.
+ */
+ public SecretKey getKey() {
+ return key;
+ }
}
diff --git a/api/src/main/java/jakarta/security/auth/message/callback/TrustStoreCallback.java b/api/src/main/java/jakarta/security/auth/message/callback/TrustStoreCallback.java
index b2e2175..b591e7d 100644
--- a/api/src/main/java/jakarta/security/auth/message/callback/TrustStoreCallback.java
+++ b/api/src/main/java/jakarta/security/auth/message/callback/TrustStoreCallback.java
@@ -29,23 +29,23 @@
*/
public class TrustStoreCallback implements Callback {
- private KeyStore trustStore;
+ private KeyStore trustStore;
- /**
- * Used by the CallbackHandler to set the trusted certificate keystore within the Callback.
- *
- * @param trustStore The trusted certificate KeyStore, which must already be loaded.
- */
- public void setTrustStore(KeyStore trustStore) {
- this.trustStore = trustStore;
- }
+ /**
+ * Used by the CallbackHandler to set the trusted certificate keystore within the Callback.
+ *
+ * @param trustStore The trusted certificate KeyStore, which must already be loaded.
+ */
+ public void setTrustStore(KeyStore trustStore) {
+ this.trustStore = trustStore;
+ }
- /**
- * Used by the TrustStore user to obtain the TrustStore set within the Callback.
- *
- * @return The trusted certificate KeyStore. The KeyStore is guaranteed to already be loaded.
- */
- public KeyStore getTrustStore() {
- return trustStore;
- }
+ /**
+ * Used by the TrustStore user to obtain the TrustStore set within the Callback.
+ *
+ * @return The trusted certificate KeyStore. The KeyStore is guaranteed to already be loaded.
+ */
+ public KeyStore getTrustStore() {
+ return trustStore;
+ }
}
diff --git a/api/src/main/java/jakarta/security/auth/message/config/AuthConfig.java b/api/src/main/java/jakarta/security/auth/message/config/AuthConfig.java
index 29be2e8..de77ad5 100644
--- a/api/src/main/java/jakarta/security/auth/message/config/AuthConfig.java
+++ b/api/src/main/java/jakarta/security/auth/message/config/AuthConfig.java
@@ -26,52 +26,52 @@
* @see ServerAuthContext
*/
public interface AuthConfig {
-
- /**
- * Get the message layer name of this authentication context configuration object.
- *
- * @return The message layer name of this configuration object, or null if the configuration object pertains to an
- * unspecified message layer.
- */
- String getMessageLayer();
+
+ /**
+ * Get the message layer name of this authentication context configuration object.
+ *
+ * @return The message layer name of this configuration object, or null if the configuration object pertains to an
+ * unspecified message layer.
+ */
+ String getMessageLayer();
- /**
- * Get the application context identifier of this authentication context configuration object.
- *
- * @return The String identifying the application context of this configuration object, or null if the configuration
- * object pertains to an unspecified application context.
- */
- String getAppContext();
+ /**
+ * Get the application context identifier of this authentication context configuration object.
+ *
+ * @return The String identifying the application context of this configuration object, or null if the configuration
+ * object pertains to an unspecified application context.
+ */
+ String getAppContext();
- /**
- * Get the authentication context identifier corresponding to the request and response objects encapsulated in
- * messageInfo.
- *
- * @param messageInfo A contextual Object that encapsulates the client request and server response objects.
- *
- * @return The authentication context identifier corresponding to the encapsulated request and response objects, or
- * null.
- *
- * @throws IllegalArgumentException If the type of the message objects incorporated in messageInfo are not compatible
- * with the message types supported by this authentication context configuration object.
- */
- String getAuthContextID(MessageInfo messageInfo);
+ /**
+ * Get the authentication context identifier corresponding to the request and response objects encapsulated in
+ * messageInfo.
+ *
+ * @param messageInfo A contextual Object that encapsulates the client request and server response objects.
+ *
+ * @return The authentication context identifier corresponding to the encapsulated request and response objects, or
+ * null.
+ *
+ * @throws IllegalArgumentException If the type of the message objects incorporated in messageInfo are not compatible
+ * with the message types supported by this authentication context configuration object.
+ */
+ String getAuthContextID(MessageInfo messageInfo);
- /**
- * Causes a dynamic authentication context configuration object to update the internal state that it uses to process
- * calls to its getAuthContext
method.
- *
- * @exception SecurityException If the caller does not have permission to refresh the configuration object, or if an
- * error occurred during the update.
- */
- void refresh();
+ /**
+ * Causes a dynamic authentication context configuration object to update the internal state that it uses to process
+ * calls to its getAuthContext
method.
+ *
+ * @exception SecurityException If the caller does not have permission to refresh the configuration object, or if an
+ * error occurred during the update.
+ */
+ void refresh();
- /**
- * Used to determine whether the authentication context configuration object encapsulates any protected authentication
- * contexts.
- *
- * @return True if the configuration object encapsulates at least one protected authentication context. Otherwise, this
- * method returns false.
- */
- boolean isProtected();
+ /**
+ * Used to determine whether the authentication context configuration object encapsulates any protected authentication
+ * contexts.
+ *
+ * @return True if the configuration object encapsulates at least one protected authentication context. Otherwise, this
+ * method returns false.
+ */
+ boolean isProtected();
}
diff --git a/api/src/main/java/jakarta/security/auth/message/config/AuthConfigFactory.java b/api/src/main/java/jakarta/security/auth/message/config/AuthConfigFactory.java
index 4180f1d..ac10be7 100644
--- a/api/src/main/java/jakarta/security/auth/message/config/AuthConfigFactory.java
+++ b/api/src/main/java/jakarta/security/auth/message/config/AuthConfigFactory.java
@@ -96,411 +96,411 @@
*/
public abstract class AuthConfigFactory {
- private static AuthConfigFactory factory = null;
-
- /**
- * The name of the Security property used to define the default AuthConfigFactory implementation class.
- */
- public static final String DEFAULT_FACTORY_SECURITY_PROPERTY = "authconfigprovider.factory";
-
- /**
- * The name of the Security property used to control operations within the factory.
- */
- private static final String PROVIDER_SECURITY_PROPERTY = "authconfigfactory.provider";
-
- /**
- * The name of the SecurityPermission required to call getFactory
- */
-
- public static final String GET_FACTORY_PERMISSION_NAME = ("getProperty." + DEFAULT_FACTORY_SECURITY_PROPERTY);
-
- /**
- * The name of the SecurityPermission required to call setFactory
- */
-
- public static final String SET_FACTORY_PERMISSION_NAME = ("setProperty." + DEFAULT_FACTORY_SECURITY_PROPERTY);
-
- /**
- * The name of the SecurityPermission to be used to authorize access to the update methods of the factory implementation
- * class.
- */
-
- public static final String PROVIDER_REGISTRATION_PERMISSION_NAME = ("setProperty." + PROVIDER_SECURITY_PROPERTY);
-
- /**
- * The SecurityPermission, with name {@link #GET_FACTORY_PERMISSION_NAME}, that is used to authorize access to the
- * getFactory method.
- */
-
- public static final SecurityPermission getFactorySecurityPermission = new SecurityPermission(GET_FACTORY_PERMISSION_NAME);
-
- /**
- * The SecurityPermission, with name {@link #SET_FACTORY_PERMISSION_NAME}, that is used to authorize access to the
- * setFactory method.
- */
-
- public static final SecurityPermission setFactorySecurityPermission = new SecurityPermission(SET_FACTORY_PERMISSION_NAME);
-
- /**
- * An instance of the SecurityPermission (with name {@link #PROVIDER_REGISTRATION_PERMISSION_NAME}) for use in
- * authorizing access to the update methods of the factory implementation class.
- */
-
- public static final SecurityPermission providerRegistrationSecurityPermission = new SecurityPermission(PROVIDER_REGISTRATION_PERMISSION_NAME);
-
- /**
- * Utility method to check for permission to operate on the factory.
- *
- * @exception SecurityException if the SecurityManager is enabled and the calling access control context has not been
- * granted the argument permission.
- */
- private static void checkPermission(Permission permission) throws SecurityException {
- SecurityManager securityManager = System.getSecurityManager();
- if (securityManager != null) {
- securityManager.checkPermission(permission);
- }
- }
-
- /**
- * Get the system-wide AuthConfigFactory implementation.
- *
- *
- * If a non-null system-wide factory instance is defined at the time of the call, for example, with
- * setFactory
, it will be returned. Otherwise, an attempt will be made to construct an instance of the
- * default AuthConfigFactory implementation class. The fully qualified class name of the default factory implementation
- * class is obtained from the value of the {@link #DEFAULT_FACTORY_SECURITY_PROPERTY} security property. When an
- * instance of the default factory implementation class is successfully constructed by this method, this method will set
- * it as the system-wide factory instance.
- *
- *
- * The absolute pathname of the Java security properties file is JAVA_HOME/lib/security/java.security, where JAVA_HOME - * refers to the directory where the JDK was installed. - * - *
- * When a SecurityManager is enabled, the {@link #getFactorySecurityPermission} will be required to call this method. If
- * at the time of the call, a system-wide factory instance has not already been defined, then the
- * {@link #setFactorySecurityPermission} will also be required.
- *
- * @return The non-null system-wide AuthConfigFactory instance set at the time of the call, or if that value was null,
- * the value of the system-wide factory instance established by this method. This method returns null when the
- * system-wide factory was not defined when this method was called and no default factory name was defined via the
- * security property.
- *
- * @exception SecurityException If the caller does not have permission to retrieve the factory, or set it as the
- * system-wide instance. Also thrown if an exception was thrown during the class loading, or construction of the default
- * AuthConfigFactory implementation class; in which case the SecurityException will contain the root Exception as its
- * cause.
- */
- public static synchronized AuthConfigFactory getFactory() {
- checkPermission(getFactorySecurityPermission);
-
- if (AuthConfigFactory.factory == null) {
- final String className = Security.getProperty(DEFAULT_FACTORY_SECURITY_PROPERTY);
- if (className != null) {
- checkPermission(setFactorySecurityPermission);
- try {
- AuthConfigFactory.factory = AccessController.doPrivileged(new PrivilegedExceptionAction
- * If an implementation was set previously, it will be replaced.
- *
- * Listeners are not notified of a change to the registered factory.
- *
- * @param factory The AuthConfigFactory instance, which may be null.
- *
- * @exception SecurityException If the caller does not have permission to set the factory.
- */
- public static synchronized void setFactory(AuthConfigFactory factory) {
- checkPermission(setFactorySecurityPermission);
- AuthConfigFactory.factory = factory;
- }
-
- /**
- * Get a registered AuthConfigProvider from the factory.
- *
- * Get the provider of ServerAuthConfig and ClientAuthConfig objects registered for the identified message layer and
- * application context.
- *
- *
- * All factories shall employ the following precedence rules to select the registered AuthConfigProvider that matches
- * the layer and appContext arguments:
- *
- * The above precedence rules apply equivalently to registrations created with a null or non-null
- * This method employs the two argument constructor required to be supported by every implementation of the
- * AuthConfigProvider interface, and this method must pass a null value for the factory argument of the constructor.
- *
- * At most one registration may exist within the factory for a given combination of message layer and appContext. Any
- * pre-existing registration with identical values for layer and appContext is replaced by a subsequent registration.
- * When replacement occurs, the registration identifier, layer, and appContext identifier remain unchanged, and the
- * AuthConfigProvider (with initialization properties) and description are replaced.
- *
- *
- * Within the lifetime of its Java process, a factory must assign unique registration identifiers to registrations, and
- * must never assign a previously used registration identifier to a registration whose message layer and or appContext
- * identifier differ from the previous use.
- *
- *
- * Programmatic registrations performed by using this method must update (according to the replacement rules described
- * above) the persistent declarative representation of provider registrations employed by the factory constructor.
- *
- *
- * When a SecurityManager is enabled, before loading the argument provider, and before making any changes to the
- * factory, this method must confirm that the calling access control context has been granted the
- * {@link #providerRegistrationSecurityPermission}
- *
- *
- * @param className The fully qualified name of an AuthConfigProvider implementation class (or null). Calling this
- * method with a null value for this parameter shall cause
- * At most one registration may exist within the factory for a given combination of message layer and appContext. Any
- * pre-existing registration with identical values for layer and appContext is replaced by a subsequent registration.
- * When replacement occurs, the registration identifier, layer, and appContext identifier remain unchanged, and the
- * AuthConfigProvider (with initialization properties) and description are replaced.
- *
- *
- * Within the lifetime of its Java process, a factory must assign unique registration identifiers to registrations, and
- * must never assign a previously used registration identifier to a registration whose message layer and or appContext
- * identifier differ from the previous use.
- *
- *
- * When a SecurityManager is enabled, and before making any changes to the factory, this method must confirm that the
- * calling access control context has been granted the {@link #providerRegistrationSecurityPermission}
- *
- * @param provider The AuthConfigProvider to be registered at the factory (or null). Calling this method with a null
- * value for this parameter shall cause
- * When a SecurityManager is enabled, and before making any changes to the factory, this method must confirm that the
- * calling access control context has been granted the {@link #providerRegistrationSecurityPermission}
- *
- * @param registrationID A String that identifies a provider registration at the factory
- *
- * @return True if there was a registration with the specified identifier and it was removed. Return false if the
- * registrationID was invalid.
- *
- * @exception SecurityException If the caller does not have permission to unregister the provider at the factory.
- *
- */
- public abstract boolean removeRegistration(String registrationID);
-
- /**
- * Disassociate the listener from all the provider registrations whose layer and appContext values are matched by the
- * corresponding arguments to this method.
- *
- * Factories should periodically notify Listeners to effectively detach listeners that are no longer in use.
- *
- *
- * When a SecurityManager is enabled, and before making any changes to the factory, this method must confirm that the
- * calling access control context has been granted the {@link #providerRegistrationSecurityPermission}
- *
- * @param listener The RegistrationListener to be detached.
- *
- * @param layer A String identifying the message layer or null.
- *
- * @param appContext A String value identifying the application context or null.
- *
- * @return An array of String values where each value identifies a provider registration from which the listener was
- * removed. This method never returns null; it returns an empty array if the listener was not removed from any
- * registrations.
- *
- * @exception SecurityException If the caller does not have permission to detach the listener from the factory.
- *
- */
- public abstract String[] detachListener(RegistrationListener listener, String layer, String appContext);
-
- /**
- * Get the registration identifiers for all registrations of the provider instance at the factory.
- *
- * @param provider The AuthConfigurationProvider whose registration identifiers are to be returned. This argument may be
- * null, in which case it indicates that the IDs of all active registrations within the factory are to be returned.
- *
- * @return An array of String values where each value identifies a provider registration at the factory. This method
- * never returns null; it returns an empty array when there are no registrations at the factory for the identified
- * provider.
- */
- public abstract String[] getRegistrationIDs(AuthConfigProvider provider);
-
- /**
- * Get the the registration context for the identified registration.
- *
- * @param registrationID A String that identifies a provider registration at the factory
- *
- * @return A RegistrationContext or null. When a Non-null value is returned, it is a copy of the registration context
- * corresponding to the registration. Null is returned when the registration identifier does not correspond to an active
- * registration
- */
- public abstract RegistrationContext getRegistrationContext(String registrationID);
-
- /**
- * Cause the factory to reprocess its persistent declarative representation of provider registrations.
- *
- *
- * A factory should only replace an existing registration when a change of provider implementation class or
- * initialization properties has occurred.
- *
- *
- * When a SecurityManager is enabled, and before the point where this method could have caused any changes to the
- * factory, this method must confirm that the calling access control context has been granted the
- * {@link #providerRegistrationSecurityPermission}
- *
- * @exception SecurityException If the caller does not have permission to refresh the factory, or if an error occurred
- * during the reinitialization.
- */
- public abstract void refresh();
-
- /**
- * Represents the layer identifier, application context identifier, and description components of an AuthConfigProvider
- * registration at the factory.
- */
- public interface RegistrationContext {
-
- /**
- * Get the layer name from the registration context
- *
- * @return A String identifying the message layer for which the AuthConfigProvider was registered. The returned value
- * may be null.
- */
-
- String getMessageLayer();
-
- /**
- * Get the application context identifier from the registration context
- *
- * @return A String identifying the application context for which the AuthConfigProvider was registered. The returned
- * value may be null.
- */
- String getAppContext();
-
- /**
- * Get the description from the registration context
- *
- * @return The description String from the registration, or null if no description string was included in the
- * registration.
- */
- String getDescription();
-
- /**
- * Get the persisted status from the registration context.
- *
- * @return A boolean indicating whether the registration is the result of a className based registration, or an
- * instance-based (for example, self-) registration. Only registrations performed using the five argument
- *
+ * If a non-null system-wide factory instance is defined at the time of the call, for example, with
+ *
+ * The absolute pathname of the Java security properties file is JAVA_HOME/lib/security/java.security, where JAVA_HOME
+ * refers to the directory where the JDK was installed.
+ *
+ *
+ * When a SecurityManager is enabled, the {@link #getFactorySecurityPermission} will be required to call this method. If
+ * at the time of the call, a system-wide factory instance has not already been defined, then the
+ * {@link #setFactorySecurityPermission} will also be required.
+ *
+ * @return The non-null system-wide AuthConfigFactory instance set at the time of the call, or if that value was null,
+ * the value of the system-wide factory instance established by this method. This method returns null when the
+ * system-wide factory was not defined when this method was called and no default factory name was defined via the
+ * security property.
+ *
+ * @exception SecurityException If the caller does not have permission to retrieve the factory, or set it as the
+ * system-wide instance. Also thrown if an exception was thrown during the class loading, or construction of the default
+ * AuthConfigFactory implementation class; in which case the SecurityException will contain the root Exception as its
+ * cause.
+ */
+ public static synchronized AuthConfigFactory getFactory() {
+ checkPermission(getFactorySecurityPermission);
+
+ if (AuthConfigFactory.factory == null) {
+ final String className = Security.getProperty(DEFAULT_FACTORY_SECURITY_PROPERTY);
+ if (className != null) {
+ checkPermission(setFactorySecurityPermission);
+ try {
+ AuthConfigFactory.factory = AccessController.doPrivileged(new PrivilegedExceptionAction
+ * If an implementation was set previously, it will be replaced.
+ *
+ * Listeners are not notified of a change to the registered factory.
+ *
+ * @param factory The AuthConfigFactory instance, which may be null.
+ *
+ * @exception SecurityException If the caller does not have permission to set the factory.
+ */
+ public static synchronized void setFactory(AuthConfigFactory factory) {
+ checkPermission(setFactorySecurityPermission);
+ AuthConfigFactory.factory = factory;
+ }
+
+ /**
+ * Get a registered AuthConfigProvider from the factory.
+ *
+ * Get the provider of ServerAuthConfig and ClientAuthConfig objects registered for the identified message layer and
+ * application context.
+ *
+ *
+ * All factories shall employ the following precedence rules to select the registered AuthConfigProvider that matches
+ * the layer and appContext arguments:
+ *
+ * The above precedence rules apply equivalently to registrations created with a null or non-null
+ * This method employs the two argument constructor required to be supported by every implementation of the
+ * AuthConfigProvider interface, and this method must pass a null value for the factory argument of the constructor.
+ *
+ * At most one registration may exist within the factory for a given combination of message layer and appContext. Any
+ * pre-existing registration with identical values for layer and appContext is replaced by a subsequent registration.
+ * When replacement occurs, the registration identifier, layer, and appContext identifier remain unchanged, and the
+ * AuthConfigProvider (with initialization properties) and description are replaced.
+ *
+ *
+ * Within the lifetime of its Java process, a factory must assign unique registration identifiers to registrations, and
+ * must never assign a previously used registration identifier to a registration whose message layer and or appContext
+ * identifier differ from the previous use.
+ *
+ *
+ * Programmatic registrations performed by using this method must update (according to the replacement rules described
+ * above) the persistent declarative representation of provider registrations employed by the factory constructor.
+ *
+ *
+ * When a SecurityManager is enabled, before loading the argument provider, and before making any changes to the
+ * factory, this method must confirm that the calling access control context has been granted the
+ * {@link #providerRegistrationSecurityPermission}
+ *
+ *
+ * @param className The fully qualified name of an AuthConfigProvider implementation class (or null). Calling this
+ * method with a null value for this parameter shall cause
+ * At most one registration may exist within the factory for a given combination of message layer and appContext. Any
+ * pre-existing registration with identical values for layer and appContext is replaced by a subsequent registration.
+ * When replacement occurs, the registration identifier, layer, and appContext identifier remain unchanged, and the
+ * AuthConfigProvider (with initialization properties) and description are replaced.
+ *
+ *
+ * Within the lifetime of its Java process, a factory must assign unique registration identifiers to registrations, and
+ * must never assign a previously used registration identifier to a registration whose message layer and or appContext
+ * identifier differ from the previous use.
+ *
+ *
+ * When a SecurityManager is enabled, and before making any changes to the factory, this method must confirm that the
+ * calling access control context has been granted the {@link #providerRegistrationSecurityPermission}
+ *
+ * @param provider The AuthConfigProvider to be registered at the factory (or null). Calling this method with a null
+ * value for this parameter shall cause
+ * When a SecurityManager is enabled, and before making any changes to the factory, this method must confirm that the
+ * calling access control context has been granted the {@link #providerRegistrationSecurityPermission}
+ *
+ * @param registrationID A String that identifies a provider registration at the factory
+ *
+ * @return True if there was a registration with the specified identifier and it was removed. Return false if the
+ * registrationID was invalid.
+ *
+ * @exception SecurityException If the caller does not have permission to unregister the provider at the factory.
+ *
+ */
+ public abstract boolean removeRegistration(String registrationID);
+
+ /**
+ * Disassociate the listener from all the provider registrations whose layer and appContext values are matched by the
+ * corresponding arguments to this method.
+ *
+ * Factories should periodically notify Listeners to effectively detach listeners that are no longer in use.
+ *
+ *
+ * When a SecurityManager is enabled, and before making any changes to the factory, this method must confirm that the
+ * calling access control context has been granted the {@link #providerRegistrationSecurityPermission}
+ *
+ * @param listener The RegistrationListener to be detached.
+ *
+ * @param layer A String identifying the message layer or null.
+ *
+ * @param appContext A String value identifying the application context or null.
+ *
+ * @return An array of String values where each value identifies a provider registration from which the listener was
+ * removed. This method never returns null; it returns an empty array if the listener was not removed from any
+ * registrations.
+ *
+ * @exception SecurityException If the caller does not have permission to detach the listener from the factory.
+ *
+ */
+ public abstract String[] detachListener(RegistrationListener listener, String layer, String appContext);
+
+ /**
+ * Get the registration identifiers for all registrations of the provider instance at the factory.
+ *
+ * @param provider The AuthConfigurationProvider whose registration identifiers are to be returned. This argument may be
+ * null, in which case it indicates that the IDs of all active registrations within the factory are to be returned.
+ *
+ * @return An array of String values where each value identifies a provider registration at the factory. This method
+ * never returns null; it returns an empty array when there are no registrations at the factory for the identified
+ * provider.
+ */
+ public abstract String[] getRegistrationIDs(AuthConfigProvider provider);
+
+ /**
+ * Get the the registration context for the identified registration.
+ *
+ * @param registrationID A String that identifies a provider registration at the factory
+ *
+ * @return A RegistrationContext or null. When a Non-null value is returned, it is a copy of the registration context
+ * corresponding to the registration. Null is returned when the registration identifier does not correspond to an active
+ * registration
+ */
+ public abstract RegistrationContext getRegistrationContext(String registrationID);
+
+ /**
+ * Cause the factory to reprocess its persistent declarative representation of provider registrations.
+ *
+ *
+ * A factory should only replace an existing registration when a change of provider implementation class or
+ * initialization properties has occurred.
+ *
+ *
+ * When a SecurityManager is enabled, and before the point where this method could have caused any changes to the
+ * factory, this method must confirm that the calling access control context has been granted the
+ * {@link #providerRegistrationSecurityPermission}
+ *
+ * @exception SecurityException If the caller does not have permission to refresh the factory, or if an error occurred
+ * during the reinitialization.
+ */
+ public abstract void refresh();
+
+ /**
+ * Represents the layer identifier, application context identifier, and description components of an AuthConfigProvider
+ * registration at the factory.
+ */
+ public interface RegistrationContext {
+
+ /**
+ * Get the layer name from the registration context
+ *
+ * @return A String identifying the message layer for which the AuthConfigProvider was registered. The returned value
+ * may be null.
+ */
+
+ String getMessageLayer();
+
+ /**
+ * Get the application context identifier from the registration context
+ *
+ * @return A String identifying the application context for which the AuthConfigProvider was registered. The returned
+ * value may be null.
+ */
+ String getAppContext();
+
+ /**
+ * Get the description from the registration context
+ *
+ * @return The description String from the registration, or null if no description string was included in the
+ * registration.
+ */
+ String getDescription();
+
+ /**
+ * Get the persisted status from the registration context.
+ *
+ * @return A boolean indicating whether the registration is the result of a className based registration, or an
+ * instance-based (for example, self-) registration. Only registrations performed using the five argument
+ *
- * The implementation of this method returns a ClientAuthConfig instance that describes the configuration of
- * ClientAuthModules at a given message layer, and for use in an identified application context.
- *
- * @param layer A String identifying the message layer for the returned ClientAuthConfig object. This argument must not
- * be null.
- *
- * @param appContext A String that identifies the messaging context for the returned ClientAuthConfig object. This
- * argument must not be null.
- *
- * @param handler A CallbackHandler to be passed to the ClientAuthModules encapsulated by ClientAuthContext objects
- * derived from the returned ClientAuthConfig. This argument may be null, in which case the implementation may assign a
- * default handler to the configuration. The CallbackHandler assigned to the configuration must support the Callback
- * objects required to be supported by the profile of this specification being followed by the messaging runtime. The
- * CallbackHandler instance must be initialized with any application context needed to process the required callbacks on
- * behalf of the corresponding application.
- *
- * @return A ClientAuthConfig Object that describes the configuration of ClientAuthModules at the message layer and
- * messaging context identified by the layer and appContext arguments. This method does not return null.
- *
- * @exception AuthException If this provider does not support the assignment of a default CallbackHandler to the
- * returned ClientAuthConfig.
- *
- * @exception SecurityException If the caller does not have permission to retrieve the configuration.
- */
- ClientAuthConfig getClientAuthConfig(String layer, String appContext, CallbackHandler handler) throws AuthException;
+ /**
+ * Get an instance of ClientAuthConfig from this provider.
+ *
+ *
+ * The implementation of this method returns a ClientAuthConfig instance that describes the configuration of
+ * ClientAuthModules at a given message layer, and for use in an identified application context.
+ *
+ * @param layer A String identifying the message layer for the returned ClientAuthConfig object. This argument must not
+ * be null.
+ *
+ * @param appContext A String that identifies the messaging context for the returned ClientAuthConfig object. This
+ * argument must not be null.
+ *
+ * @param handler A CallbackHandler to be passed to the ClientAuthModules encapsulated by ClientAuthContext objects
+ * derived from the returned ClientAuthConfig. This argument may be null, in which case the implementation may assign a
+ * default handler to the configuration. The CallbackHandler assigned to the configuration must support the Callback
+ * objects required to be supported by the profile of this specification being followed by the messaging runtime. The
+ * CallbackHandler instance must be initialized with any application context needed to process the required callbacks on
+ * behalf of the corresponding application.
+ *
+ * @return A ClientAuthConfig Object that describes the configuration of ClientAuthModules at the message layer and
+ * messaging context identified by the layer and appContext arguments. This method does not return null.
+ *
+ * @exception AuthException If this provider does not support the assignment of a default CallbackHandler to the
+ * returned ClientAuthConfig.
+ *
+ * @exception SecurityException If the caller does not have permission to retrieve the configuration.
+ */
+ ClientAuthConfig getClientAuthConfig(String layer, String appContext, CallbackHandler handler) throws AuthException;
- /**
- * Get an instance of ServerAuthConfig from this provider.
- *
- *
- * The implementation of this method returns a ServerAuthConfig instance that describes the configuration of
- * ServerAuthModules at a given message layer, and for a particular application context.
- *
- * @param layer A String identifying the message layer for the returned ServerAuthConfig object. This argument must not
- * be null.
- *
- * @param appContext A String that identifies the messaging context for the returned ServerAuthConfig object. This
- * argument must not be null.
- *
- * @param handler A CallbackHandler to be passed to the ServerAuthModules encapsulated by ServerAuthContext objects
- * derived from the returned ServerAuthConfig. This argument may be null, in which case the implementation may assign a
- * default handler to the configuration. The CallbackHandler assigned to the configuration must support the Callback
- * objects required to be supported by the profile of this specification being followed by the messaging runtime. The
- * CallbackHandler instance must be initialized with any application context needed to process the required callbacks on
- * behalf of the corresponding application.
- *
- * @return A ServerAuthConfig Object that describes the configuration of ServerAuthModules at a given message layer, and
- * for a particular application context. This method does not return null.
- *
- * @exception AuthException If this provider does not support the assignment of a default CallbackHandler to the
- * returned ServerAuthConfig.
- *
- * @exception SecurityException If the caller does not have permission to retrieve the configuration.
- */
- ServerAuthConfig getServerAuthConfig(String layer, String appContext, CallbackHandler handler) throws AuthException;
+ /**
+ * Get an instance of ServerAuthConfig from this provider.
+ *
+ *
+ * The implementation of this method returns a ServerAuthConfig instance that describes the configuration of
+ * ServerAuthModules at a given message layer, and for a particular application context.
+ *
+ * @param layer A String identifying the message layer for the returned ServerAuthConfig object. This argument must not
+ * be null.
+ *
+ * @param appContext A String that identifies the messaging context for the returned ServerAuthConfig object. This
+ * argument must not be null.
+ *
+ * @param handler A CallbackHandler to be passed to the ServerAuthModules encapsulated by ServerAuthContext objects
+ * derived from the returned ServerAuthConfig. This argument may be null, in which case the implementation may assign a
+ * default handler to the configuration. The CallbackHandler assigned to the configuration must support the Callback
+ * objects required to be supported by the profile of this specification being followed by the messaging runtime. The
+ * CallbackHandler instance must be initialized with any application context needed to process the required callbacks on
+ * behalf of the corresponding application.
+ *
+ * @return A ServerAuthConfig Object that describes the configuration of ServerAuthModules at a given message layer, and
+ * for a particular application context. This method does not return null.
+ *
+ * @exception AuthException If this provider does not support the assignment of a default CallbackHandler to the
+ * returned ServerAuthConfig.
+ *
+ * @exception SecurityException If the caller does not have permission to retrieve the configuration.
+ */
+ ServerAuthConfig getServerAuthConfig(String layer, String appContext, CallbackHandler handler) throws AuthException;
- /**
- * Causes a dynamic configuration provider to update its internal state such that any resulting change to its state is
- * reflected in the corresponding authentication context configuration objects previously created by the provider within
- * the current process context.
- *
- * @exception SecurityException If the caller does not have permission to refresh the provider, or if an error occurred
- * during the refresh.
- */
- void refresh();
+ /**
+ * Causes a dynamic configuration provider to update its internal state such that any resulting change to its state is
+ * reflected in the corresponding authentication context configuration objects previously created by the provider within
+ * the current process context.
+ *
+ * @exception SecurityException If the caller does not have permission to refresh the provider, or if an error occurred
+ * during the refresh.
+ */
+ void refresh();
}
diff --git a/api/src/main/java/jakarta/security/auth/message/config/ClientAuthConfig.java b/api/src/main/java/jakarta/security/auth/message/config/ClientAuthConfig.java
index af6e5d7..1f43e8b 100644
--- a/api/src/main/java/jakarta/security/auth/message/config/ClientAuthConfig.java
+++ b/api/src/main/java/jakarta/security/auth/message/config/ClientAuthConfig.java
@@ -44,40 +44,40 @@
*/
public interface ClientAuthConfig extends AuthConfig {
- /**
- * Get a ClientAuthContext instance from this ClientAuthConfig.
- *
- *
- * The implementation of this method returns a ClientAuthContext instance that encapsulates the ClientAuthModules used
- * to secure and validate requests/responses associated with the given authContextID.
- *
- *
- * Specifically, this method accesses this ClientAuthConfig object with the argument authContextID to determine
- * the ClientAuthModules that are to be encapsulated in the returned ClientAuthContext instance.
- *
- *
- * The ClientAuthConfig object establishes the request and response MessagePolicy objects that are passed to the
- * encapsulated modules when they are initialized by the returned ClientAuthContext instance. It is the modules'
- * responsibility to enforce these policies when invoked.
- *
- * @param authContextID An String identifier used to index the provided config, or null. This value must be
- * identical to the value returned by the
+ * The implementation of this method returns a ClientAuthContext instance that encapsulates the ClientAuthModules used
+ * to secure and validate requests/responses associated with the given authContextID.
+ *
+ *
+ * Specifically, this method accesses this ClientAuthConfig object with the argument authContextID to determine
+ * the ClientAuthModules that are to be encapsulated in the returned ClientAuthContext instance.
+ *
+ *
+ * The ClientAuthConfig object establishes the request and response MessagePolicy objects that are passed to the
+ * encapsulated modules when they are initialized by the returned ClientAuthContext instance. It is the modules'
+ * responsibility to enforce these policies when invoked.
+ *
+ * @param authContextID An String identifier used to index the provided config, or null. This value must be
+ * identical to the value returned by the
- * When a
- * The factory detaches the listener from the corresponding registration once the listener has been notified for the
- * registration.
- *
- * The
+ * When a
+ * The factory detaches the listener from the corresponding registration once the listener has been notified for the
+ * registration.
+ *
+ * The
- * The implementation of this method returns a ServerAuthContext instance that encapsulates the ServerAuthModules used
- * to validate requests and secure responses associated with the given authContextID.
- *
- *
- * Specifically, this method accesses this ServerAuthConfig object with the argument authContextID to determine
- * the ServerAuthModules that are to be encapsulated in the returned ServerAuthContext instance.
- *
- *
- * The ServerAuthConfig object establishes the request and response MessagePolicy objects that are passed to the
- * encapsulated modules when they are initialized by the returned ServerAuthContext instance. It is the modules'
- * responsibility to enforce these policies when invoked.
- *
- * @param authContextID An identifier used to index the provided config, or null. This value must be identical to
- * the value returned by the
+ * The implementation of this method returns a ServerAuthContext instance that encapsulates the ServerAuthModules used
+ * to validate requests and secure responses associated with the given authContextID.
+ *
+ *
+ * Specifically, this method accesses this ServerAuthConfig object with the argument authContextID to determine
+ * the ServerAuthModules that are to be encapsulated in the returned ServerAuthContext instance.
+ *
+ *
+ * The ServerAuthConfig object establishes the request and response MessagePolicy objects that are passed to the
+ * encapsulated modules when they are initialized by the returned ServerAuthContext instance. It is the modules'
+ * responsibility to enforce these policies when invoked.
+ *
+ * @param authContextID An identifier used to index the provided config, or null. This value must be identical to
+ * the value returned by the
- * The request policy and the response policy must not both be null.
- *
- * @param requestPolicy The request policy this module must enforce, or null.
- *
- * @param responsePolicy The response policy this module must enforce, or null.
- *
- * @param handler CallbackHandler used to request information.
- *
- * @param options A Map of module-specific configuration properties.
- *
- * @exception AuthException If module initialization fails, including for the case where the options argument contains
- * elements that are not supported by the module.
- */
- void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, Map options) throws AuthException;
+ /**
+ * Initialize this module with request and response message policies to enforce, a CallbackHandler, and any
+ * module-specific configuration properties.
+ *
+ *
+ * The request policy and the response policy must not both be null.
+ *
+ * @param requestPolicy The request policy this module must enforce, or null.
+ *
+ * @param responsePolicy The response policy this module must enforce, or null.
+ *
+ * @param handler CallbackHandler used to request information.
+ *
+ * @param options A Map of module-specific configuration properties.
+ *
+ * @exception AuthException If module initialization fails, including for the case where the options argument contains
+ * elements that are not supported by the module.
+ */
+ void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, Map options) throws AuthException;
- /**
- * Get the one or more Class objects representing the message types supported by the module.
- *
- * @return An array of Class objects where each element defines a message type supported by the module. A module should
- * return an array containing at least one element. An empty array indicates that the module will attempt to support any
- * message type. This method never returns null.
- */
- Class[] getSupportedMessageTypes();
+ /**
+ * Get the one or more Class objects representing the message types supported by the module.
+ *
+ * @return An array of Class objects where each element defines a message type supported by the module. A module should
+ * return an array containing at least one element. An empty array indicates that the module will attempt to support any
+ * message type. This method never returns null.
+ */
+ Class[] getSupportedMessageTypes();
}
diff --git a/api/src/main/java/jakarta/security/auth/message/module/ServerAuthModule.java b/api/src/main/java/jakarta/security/auth/message/module/ServerAuthModule.java
index 8bff390..bb7086a 100644
--- a/api/src/main/java/jakarta/security/auth/message/module/ServerAuthModule.java
+++ b/api/src/main/java/jakarta/security/auth/message/module/ServerAuthModule.java
@@ -41,31 +41,31 @@
*/
public interface ServerAuthModule extends ServerAuth {
- /**
- * Initialize this module with request and response message policies to enforce, a CallbackHandler, and any
- * module-specific configuration properties.
- *
- *
- * The request policy and the response policy must not both be null.
- *
- * @param requestPolicy The request policy this module must enforce, or null.
- *
- * @param responsePolicy The response policy this module must enforce, or null.
- *
- * @param handler CallbackHandler used to request information.
- *
- * @param options A Map of module-specific configuration properties.
- *
- * @exception AuthException If module initialization fails, including for the case where the options argument contains
- * elements that are not supported by the module.
- */
- void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, Map options) throws AuthException;
+ /**
+ * Initialize this module with request and response message policies to enforce, a CallbackHandler, and any
+ * module-specific configuration properties.
+ *
+ *
+ * The request policy and the response policy must not both be null.
+ *
+ * @param requestPolicy The request policy this module must enforce, or null.
+ *
+ * @param responsePolicy The response policy this module must enforce, or null.
+ *
+ * @param handler CallbackHandler used to request information.
+ *
+ * @param options A Map of module-specific configuration properties.
+ *
+ * @exception AuthException If module initialization fails, including for the case where the options argument contains
+ * elements that are not supported by the module.
+ */
+ void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler, Map options) throws AuthException;
- /**
- * Get the one or more Class objects representing the message types supported by the module.
- *
- * @return An array of Class objects, with at least one element defining a message type supported by the module.
- */
- Class[] getSupportedMessageTypes();
+ /**
+ * Get the one or more Class objects representing the message types supported by the module.
+ *
+ * @return An array of Class objects, with at least one element defining a message type supported by the module.
+ */
+ Class[] getSupportedMessageTypes();
}
- *
- * className
- * argument.
- *
- * @param layer A String identifying the message layer for which the registered AuthConfigProvider is to be returned.
- * The value of this argument may be null.
- *
- * @param appContext A String that identifies the application messaging context for which the registered
- * AuthConfigProvider is to be returned. The value of this argument may be null.
- *
- * @param listener The RegistrationListener whose notify
method is to be invoked if the corresponding
- * registration is unregistered or replaced. The value of this argument may be null.
- *
- * @return The implementation of the AuthConfigProvider interface registered at the factory for the layer and
- * appContext, or null if no AuthConfigProvider is selected. An argument listener is attached even if the return value
- * is null.
- */
- public abstract AuthConfigProvider getConfigProvider(String layer, String appContext, RegistrationListener listener);
-
- /**
- * Registers within the factory and records within the factory's persistent declarative representation of provider
- * registrations a provider of ServerAuthConfig and/or ClientAuthConfig objects for a message layer and application
- * context identifier.
- *
- * This method typically constructs an instance of the provider before registering it with the factory. Factories may
- * extend or modify the persisted registrations of existing provider instances, if those instances were registered with
- * ClassName and properties arguments equivalent to those passed in the current call.
- * AuthConfigProviderImpl AuthConfigProviderImpl(Map properties,
- * AuthConfigFactory factory)
.
- *
- * getConfigProvider
to return null when it is
- * called with layer and appContext values for which the resulting registration is the best match.
- *
- * @param properties A Map object containing the initialization properties to be passed to the properties argument of
- * the provider constructor. This argument may be null. When this argument is not null, all the values and keys
- * occurring in the Map must be of type String.
- *
- * @param layer A String identifying the message layer for which the provider will be registered at the factory. A null
- * value may be passed as an argument for this parameter, in which case the provider is registered at all layers.
- *
- * @param appContext A String value that may be used by a runtime to request a configuration object from this provider.
- * A null value may be passed as an argument for this parameter, in which case the provider is registered for all
- * configuration ids (at the indicated layers).
- *
- * @param description A text String describing the provider. This value may be null.
- *
- * @return A String identifier assigned by the factory to the provider registration, and that may be used to remove the
- * registration from the factory.
- *
- * @exception SecurityException If the caller does not have permission to register a provider at the factory, or if the
- * the provider construction (given a non-null className
) or registration fails.
- *
- */
- public abstract String registerConfigProvider(String className, Map properties, String layer, String appContext, String description);
-
- /**
- * Registers within the (in-memory) factory, a provider of ServerAuthConfig and/or ClientAuthConfig objects for a
- * message layer and application context identifier. This method does NOT effect the factory's persistent declarative
- * representation of provider registrations, and is intended to be used by providers to perform self-Registration.
- *
- * getConfigProvider
to return null when it is called with layer and
- * appContext values for which the resulting registration is the best match.
- *
- * @param layer A String identifying the message layer for which the provider will be registered at the factory. A null
- * value may be passed as an argument for this parameter, in which case the provider is registered at all layers.
- *
- * @param appContext A String value that may be used by a runtime to request a configuration object from this provider.
- * A null value may be passed as an argument for this parameter, in which case the provider is registered for all
- * configuration ids (at the indicated layers).
- *
- * @param description A text String describing the provider. This value may be null.
- *
- * @return A String identifier assigned by the factory to the provider registration, and that may be used to remove the
- * registration from the factory.
- *
- * @exception SecurityException If the caller does not have permission to register a provider at the factory, or if the
- * provider registration fails.
- */
- public abstract String registerConfigProvider(AuthConfigProvider provider, String layer, String appContext, String description);
-
- /**
- * Remove the identified provider registration from the factory (and from the persistent declarative representation of
- * provider registrations, if appropriate) and invoke any listeners associated with the removed registration.
- *
- * registerConfigProvider
method are persistent.
- */
- boolean isPersistent();
-
- }
+ private static AuthConfigFactory factory = null;
+
+ /**
+ * The name of the Security property used to define the default AuthConfigFactory implementation class.
+ */
+ public static final String DEFAULT_FACTORY_SECURITY_PROPERTY = "authconfigprovider.factory";
+
+ /**
+ * The name of the Security property used to control operations within the factory.
+ */
+ private static final String PROVIDER_SECURITY_PROPERTY = "authconfigfactory.provider";
+
+ /**
+ * The name of the SecurityPermission required to call getFactory
+ */
+
+ public static final String GET_FACTORY_PERMISSION_NAME = ("getProperty." + DEFAULT_FACTORY_SECURITY_PROPERTY);
+
+ /**
+ * The name of the SecurityPermission required to call setFactory
+ */
+
+ public static final String SET_FACTORY_PERMISSION_NAME = ("setProperty." + DEFAULT_FACTORY_SECURITY_PROPERTY);
+
+ /**
+ * The name of the SecurityPermission to be used to authorize access to the update methods of the factory implementation
+ * class.
+ */
+
+ public static final String PROVIDER_REGISTRATION_PERMISSION_NAME = ("setProperty." + PROVIDER_SECURITY_PROPERTY);
+
+ /**
+ * The SecurityPermission, with name {@link #GET_FACTORY_PERMISSION_NAME}, that is used to authorize access to the
+ * getFactory method.
+ */
+
+ public static final SecurityPermission getFactorySecurityPermission = new SecurityPermission(GET_FACTORY_PERMISSION_NAME);
+
+ /**
+ * The SecurityPermission, with name {@link #SET_FACTORY_PERMISSION_NAME}, that is used to authorize access to the
+ * setFactory method.
+ */
+
+ public static final SecurityPermission setFactorySecurityPermission = new SecurityPermission(SET_FACTORY_PERMISSION_NAME);
+
+ /**
+ * An instance of the SecurityPermission (with name {@link #PROVIDER_REGISTRATION_PERMISSION_NAME}) for use in
+ * authorizing access to the update methods of the factory implementation class.
+ */
+
+ public static final SecurityPermission providerRegistrationSecurityPermission = new SecurityPermission(PROVIDER_REGISTRATION_PERMISSION_NAME);
+
+ /**
+ * Utility method to check for permission to operate on the factory.
+ *
+ * @exception SecurityException if the SecurityManager is enabled and the calling access control context has not been
+ * granted the argument permission.
+ */
+ private static void checkPermission(Permission permission) throws SecurityException {
+ SecurityManager securityManager = System.getSecurityManager();
+ if (securityManager != null) {
+ securityManager.checkPermission(permission);
+ }
+ }
+
+ /**
+ * Get the system-wide AuthConfigFactory implementation.
+ *
+ * setFactory
, it will be returned. Otherwise, an attempt will be made to construct an instance of the
+ * default AuthConfigFactory implementation class. The fully qualified class name of the default factory implementation
+ * class is obtained from the value of the {@link #DEFAULT_FACTORY_SECURITY_PROPERTY} security property. When an
+ * instance of the default factory implementation class is successfully constructed by this method, this method will set
+ * it as the system-wide factory instance.
+ *
+ *
+ *
+ * className
+ * argument.
+ *
+ * @param layer A String identifying the message layer for which the registered AuthConfigProvider is to be returned.
+ * The value of this argument may be null.
+ *
+ * @param appContext A String that identifies the application messaging context for which the registered
+ * AuthConfigProvider is to be returned. The value of this argument may be null.
+ *
+ * @param listener The RegistrationListener whose notify
method is to be invoked if the corresponding
+ * registration is unregistered or replaced. The value of this argument may be null.
+ *
+ * @return The implementation of the AuthConfigProvider interface registered at the factory for the layer and
+ * appContext, or null if no AuthConfigProvider is selected. An argument listener is attached even if the return value
+ * is null.
+ */
+ public abstract AuthConfigProvider getConfigProvider(String layer, String appContext, RegistrationListener listener);
+
+ /**
+ * Registers within the factory and records within the factory's persistent declarative representation of provider
+ * registrations a provider of ServerAuthConfig and/or ClientAuthConfig objects for a message layer and application
+ * context identifier.
+ *
+ * This method typically constructs an instance of the provider before registering it with the factory. Factories may
+ * extend or modify the persisted registrations of existing provider instances, if those instances were registered with
+ * ClassName and properties arguments equivalent to those passed in the current call.
+ * AuthConfigProviderImpl AuthConfigProviderImpl(Map properties,
+ * AuthConfigFactory factory)
.
+ *
+ * getConfigProvider
to return null when it is
+ * called with layer and appContext values for which the resulting registration is the best match.
+ *
+ * @param properties A Map object containing the initialization properties to be passed to the properties argument of
+ * the provider constructor. This argument may be null. When this argument is not null, all the values and keys
+ * occurring in the Map must be of type String.
+ *
+ * @param layer A String identifying the message layer for which the provider will be registered at the factory. A null
+ * value may be passed as an argument for this parameter, in which case the provider is registered at all layers.
+ *
+ * @param appContext A String value that may be used by a runtime to request a configuration object from this provider.
+ * A null value may be passed as an argument for this parameter, in which case the provider is registered for all
+ * configuration ids (at the indicated layers).
+ *
+ * @param description A text String describing the provider. This value may be null.
+ *
+ * @return A String identifier assigned by the factory to the provider registration, and that may be used to remove the
+ * registration from the factory.
+ *
+ * @exception SecurityException If the caller does not have permission to register a provider at the factory, or if the
+ * the provider construction (given a non-null className
) or registration fails.
+ *
+ */
+ public abstract String registerConfigProvider(String className, Map properties, String layer, String appContext, String description);
+
+ /**
+ * Registers within the (in-memory) factory, a provider of ServerAuthConfig and/or ClientAuthConfig objects for a
+ * message layer and application context identifier. This method does NOT effect the factory's persistent declarative
+ * representation of provider registrations, and is intended to be used by providers to perform self-Registration.
+ *
+ * getConfigProvider
to return null when it is called with layer and
+ * appContext values for which the resulting registration is the best match.
+ *
+ * @param layer A String identifying the message layer for which the provider will be registered at the factory. A null
+ * value may be passed as an argument for this parameter, in which case the provider is registered at all layers.
+ *
+ * @param appContext A String value that may be used by a runtime to request a configuration object from this provider.
+ * A null value may be passed as an argument for this parameter, in which case the provider is registered for all
+ * configuration ids (at the indicated layers).
+ *
+ * @param description A text String describing the provider. This value may be null.
+ *
+ * @return A String identifier assigned by the factory to the provider registration, and that may be used to remove the
+ * registration from the factory.
+ *
+ * @exception SecurityException If the caller does not have permission to register a provider at the factory, or if the
+ * provider registration fails.
+ */
+ public abstract String registerConfigProvider(AuthConfigProvider provider, String layer, String appContext, String description);
+
+ /**
+ * Remove the identified provider registration from the factory (and from the persistent declarative representation of
+ * provider registrations, if appropriate) and invoke any listeners associated with the removed registration.
+ *
+ * registerConfigProvider
method are persistent.
+ */
+ boolean isPersistent();
+
+ }
}
diff --git a/api/src/main/java/jakarta/security/auth/message/config/AuthConfigProvider.java b/api/src/main/java/jakarta/security/auth/message/config/AuthConfigProvider.java
index b250b74..4ea790e 100644
--- a/api/src/main/java/jakarta/security/auth/message/config/AuthConfigProvider.java
+++ b/api/src/main/java/jakarta/security/auth/message/config/AuthConfigProvider.java
@@ -78,74 +78,74 @@
*/
public interface AuthConfigProvider {
- /**
- * Get an instance of ClientAuthConfig from this provider.
- *
- * getAuthContextID
method for all MessageInfo
objects
- * passed to the secureRequest
method of the returned ClientAuthContext.
- *
- * @param clientSubject A Subject that represents the source of the service request to be secured by the acquired
- * authentication context. The principals and credentials of the Subject may be used to select or acquire the
- * authentication context. If the Subject is not null, additional Principals or credentials (pertaining to the source of
- * the request) may be added to the Subject. A null value may be passed for this parameter.
- *
- * @param properties A Map object that may be used by the caller to augment the properties that will be passed to the
- * encapsulated modules at module initialization. The null value may be passed for this parameter.
- *
- * @return A ClientAuthContext instance that encapsulates the ClientAuthModules used to secure and validate
- * requests/responses associated with the given authContextID, or null (indicating that no modules are
- * configured).
- *
- * @exception AuthException If this method fails.
- */
- ClientAuthContext getAuthContext(String authContextID, Subject clientSubject, Map properties) throws AuthException;
+ /**
+ * Get a ClientAuthContext instance from this ClientAuthConfig.
+ *
+ * getAuthContextID
method for all MessageInfo
objects
+ * passed to the secureRequest
method of the returned ClientAuthContext.
+ *
+ * @param clientSubject A Subject that represents the source of the service request to be secured by the acquired
+ * authentication context. The principals and credentials of the Subject may be used to select or acquire the
+ * authentication context. If the Subject is not null, additional Principals or credentials (pertaining to the source of
+ * the request) may be added to the Subject. A null value may be passed for this parameter.
+ *
+ * @param properties A Map object that may be used by the caller to augment the properties that will be passed to the
+ * encapsulated modules at module initialization. The null value may be passed for this parameter.
+ *
+ * @return A ClientAuthContext instance that encapsulates the ClientAuthModules used to secure and validate
+ * requests/responses associated with the given authContextID, or null (indicating that no modules are
+ * configured).
+ *
+ * @exception AuthException If this method fails.
+ */
+ ClientAuthContext getAuthContext(String authContextID, Subject clientSubject, Map properties) throws AuthException;
}
diff --git a/api/src/main/java/jakarta/security/auth/message/config/RegistrationListener.java b/api/src/main/java/jakarta/security/auth/message/config/RegistrationListener.java
index caf24ee..8ab3708 100644
--- a/api/src/main/java/jakarta/security/auth/message/config/RegistrationListener.java
+++ b/api/src/main/java/jakarta/security/auth/message/config/RegistrationListener.java
@@ -25,25 +25,25 @@
*/
public interface RegistrationListener {
- /**
- * Notify the listener that a registration with which it was associated was replaced or unregistered.
- *
- * RegistrationListener
is associated with a provider registration within the factory, the factory
- * must call its notify
method when the corresponding registration is unregistered or replaced.
- *
- * detachListerner
method must be called to detach listeners that are no longer in use.
- *
- * @param layer A String identifying the one or more message layers corresponding to the registration for which the
- * listener is being notified.
- *
- * @param appContext A String value identifying the application contexts corresponding to the registration for which the
- * listener is being notified.
- */
- void notify(String layer, String appContext);
+ /**
+ * Notify the listener that a registration with which it was associated was replaced or unregistered.
+ *
+ * RegistrationListener
is associated with a provider registration within the factory, the factory
+ * must call its notify
method when the corresponding registration is unregistered or replaced.
+ *
+ * detachListerner
method must be called to detach listeners that are no longer in use.
+ *
+ * @param layer A String identifying the one or more message layers corresponding to the registration for which the
+ * listener is being notified.
+ *
+ * @param appContext A String value identifying the application contexts corresponding to the registration for which the
+ * listener is being notified.
+ */
+ void notify(String layer, String appContext);
}
diff --git a/api/src/main/java/jakarta/security/auth/message/config/ServerAuthConfig.java b/api/src/main/java/jakarta/security/auth/message/config/ServerAuthConfig.java
index 3b6c824..5543526 100644
--- a/api/src/main/java/jakarta/security/auth/message/config/ServerAuthConfig.java
+++ b/api/src/main/java/jakarta/security/auth/message/config/ServerAuthConfig.java
@@ -44,40 +44,40 @@
*/
public interface ServerAuthConfig extends AuthConfig {
- /**
- * Get a ServerAuthContext instance from this ServerAuthConfig.
- *
- * getAuthContextID
method for all MessageInfo
objects passed to the
- * validateRequest
method of the returned ServerAuthContext.
- *
- * @param serviceSubject A Subject that represents the source of the service response to be secured by the acquired
- * authentication context. The principal and credentials of the Subject may be used to select or acquire the
- * authentication context. If the Subject is not null, additional Principals or credentials (pertaining to the source of
- * the response) may be added to the Subject. A null value may be passed for this parameter.
- *
- * @param properties A Map object that may be used by the caller to augment the properties that will be passed to the
- * encapsulated modules at module initialization. The null value may be passed for this parameter.
- *
- * @return A ServerAuthContext instance that encapsulates the ServerAuthModules used to secure and validate
- * requests/responses associated with the given authContextID, or null (indicating that no modules are
- * configured).
- *
- * @exception AuthException If this method fails.
- */
- ServerAuthContext getAuthContext(String authContextID, Subject serviceSubject, Map properties) throws AuthException;
+ /**
+ * Get a ServerAuthContext instance from this ServerAuthConfig.
+ *
+ * getAuthContextID
method for all MessageInfo
objects passed to the
+ * validateRequest
method of the returned ServerAuthContext.
+ *
+ * @param serviceSubject A Subject that represents the source of the service response to be secured by the acquired
+ * authentication context. The principal and credentials of the Subject may be used to select or acquire the
+ * authentication context. If the Subject is not null, additional Principals or credentials (pertaining to the source of
+ * the response) may be added to the Subject. A null value may be passed for this parameter.
+ *
+ * @param properties A Map object that may be used by the caller to augment the properties that will be passed to the
+ * encapsulated modules at module initialization. The null value may be passed for this parameter.
+ *
+ * @return A ServerAuthContext instance that encapsulates the ServerAuthModules used to secure and validate
+ * requests/responses associated with the given authContextID, or null (indicating that no modules are
+ * configured).
+ *
+ * @exception AuthException If this method fails.
+ */
+ ServerAuthContext getAuthContext(String authContextID, Subject serviceSubject, Map properties) throws AuthException;
}
diff --git a/api/src/main/java/jakarta/security/auth/message/module/ClientAuthModule.java b/api/src/main/java/jakarta/security/auth/message/module/ClientAuthModule.java
index 0a4c93a..e90bc28 100644
--- a/api/src/main/java/jakarta/security/auth/message/module/ClientAuthModule.java
+++ b/api/src/main/java/jakarta/security/auth/message/module/ClientAuthModule.java
@@ -41,33 +41,33 @@
*/
public interface ClientAuthModule extends ClientAuth {
- /**
- * Initialize this module with request and response message policies to enforce, a CallbackHandler, and any
- * module-specific configuration properties.
- *
- *