001 /**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.geronimo.security.jaas.server;
018
019 import java.security.Principal;
020 import java.util.Collection;
021 import java.util.Map;
022 import java.util.Set;
023 import javax.security.auth.callback.Callback;
024 import javax.security.auth.login.LoginException;
025
026 import org.apache.geronimo.common.GeronimoSecurityException;
027 import org.apache.geronimo.management.geronimo.LoginService;
028
029
030 /**
031 * Interface used to connect to the JaasLoginService via remoting, etc. This
032 * may no longer be necessary?
033 *
034 * @version $Rev: 487175 $ $Date: 2006-12-14 03:10:31 -0800 (Thu, 14 Dec 2006) $
035 */
036 public interface JaasLoginServiceMBean extends LoginService {
037 /**
038 * Starts a new authentication process on behalf of an end user. The
039 * returned session id will identify that user throughout the user's interaction
040 * with the server. On the server side, that means maintaining the
041 * Subject and Principals for the user.
042 *
043 * @return The <code>JaasSessionId</code> used as an argument for the rest of the
044 * methods in this class.
045 */
046 public JaasSessionId connectToRealm(String realmName);
047
048 /**
049 * Gets the login module configuration for the specified realm. The
050 * caller needs that in order to perform the authentication process.
051 */
052 public JaasLoginModuleConfiguration[] getLoginConfiguration(JaasSessionId sessionHandle) throws LoginException;
053
054 /**
055 * Retrieves callbacks for a server side login module. When the client
056 * is going through the configured login modules, if a specific login
057 * module is client-side, it will be handled directly. If it is
058 * server-side, the client gets the callbacks (using this method),
059 * populates them, and sends them back to the server.
060 */
061 public Callback[] getServerLoginCallbacks(JaasSessionId sessionHandle, int loginModuleIndex) throws LoginException;
062
063 /**
064 * Returns populated callbacks for a server side login module. When the
065 * client is going through the configured login modules, if a specific
066 * login module is client-side, it will be handled directly. If it is
067 * server-side, the client gets the callbacks, populates them, and sends
068 * them back to the server (using this method).
069 */
070 public boolean performLogin(JaasSessionId sessionHandle, int loginModuleIndex, Callback[] results) throws LoginException;
071
072 /**
073 * Indicates that the overall login succeeded, and some principals were
074 * generated by a client-side login module. This method needs to be called
075 * once for each client-side login module, to specify Principals for each
076 * module.
077 */
078 public boolean performCommit(JaasSessionId sessionHandle, int loginModuleIndex) throws LoginException;
079
080 /**
081 * Indicates that the overall login succeeded. All login modules that were
082 * touched should have been logged in and committed before calling this.
083 *
084 * @param sessionHandle the handle to the login session
085 * @return the identifier principal
086 * @throws LoginException if the handle is no longer valid.
087 */
088 public Principal loginSucceeded(JaasSessionId sessionHandle) throws LoginException;
089
090 /**
091 * Indicates that the overall login failed, and the server should release
092 * any resources associated with the user ID.
093 */
094 public void loginFailed(JaasSessionId sessionHandle);
095
096 /**
097 * Indicates that the client has logged out, and the server should release
098 * any resources associated with the user ID.
099 */
100 public void logout(JaasSessionId sessionHandle) throws LoginException;
101
102 /**
103 * Syncs the shared state that's on the client with the shared state that
104 * is on the server.
105 *
106 * @param sessionHandle
107 * @param sharedState the shared state that is on the client
108 * @return the sync'd shared state that is on the server
109 */
110 public Map syncShareState(JaasSessionId sessionHandle, Map sharedState) throws LoginException;
111
112 /**
113 * Syncs the set of principals that are on the client with the set of principals that
114 * are on the server.
115 *
116 * @param sessionHandle
117 * @param principals the set of principals that are on the client side
118 * @return the sync'd set of principals that are on the server
119 */
120 public Set syncPrincipals(JaasSessionId sessionHandle, Set principals) throws LoginException;
121
122 /**
123 * Indicates that the overall login failed. This method needs to be called
124 * once for each client-side login module.
125 */
126 public boolean performAbort(JaasSessionId sessionHandle, int lmIndex) throws LoginException;
127 }