org.mmbase.security.classsecurity
Class ClassAuthentication

java.lang.Object
  extended by org.mmbase.security.classsecurity.ClassAuthentication

public class ClassAuthentication
extends Object

Provides the static utility methods to authenticate by class. This means that the strack trace of the current Thread is explored, to assign a certain user/rank and produce a Cloud object for the calling code (See ContextProvider). Which code contains what user, is configured in the resource security/<classauthentication.xml> (it basicly conects certain classes to users). Multiple of those sources can be available (any jar can provide one). In case a class matches multiple entries in one of these XML, the can be assigned weight (and resources have a weight too, see ResourceLoader), and the 'heaviest' matching entry prevails. Most Authentication implementations support the 'authentication type' 'class', which is then implemented using classCheck(String) or classCheck(String, Map). In case an existing authentication implementation does not support class authentication by itself (all implementations in the MMBase repository do), it may be emulated using ClassAuthenticationWrapper.

Since:
MMBase-1.8
Version:
$Id: ClassAuthentication.java 41989 2010-04-20 16:45:39Z michiel $
Author:
Michiel Meeuwissen
See Also:
ClassAuthenticationWrapper

Nested Class Summary
static class ClassAuthentication.Login
          A structure to hold the login information.
static class ClassAuthentication.LoginResult
           
 
Field Summary
static String DTD_CLASSSECURITY_1_0
           
static String PUBLIC_ID_CLASSSECURITY_1_0
           
(package private) static ResourceWatcher watcher
           
 
Method Summary
static ClassAuthentication.Login classCheck(String application)
           
static ClassAuthentication.LoginResult classCheck(String application, Map<String,?> properties)
          Checks wether the (indirectly) calling class is authenticated by the ClassAuthenticationWrapper (using a stack trace).
protected static void load(String configFile)
          Reads the configuration file and instantiates and loads the wrapped Authentication.
(package private) static void stopWatching()
          Stop watchin the config file, if there is watched one.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

PUBLIC_ID_CLASSSECURITY_1_0

public static final String PUBLIC_ID_CLASSSECURITY_1_0
See Also:
Constant Field Values

DTD_CLASSSECURITY_1_0

public static final String DTD_CLASSSECURITY_1_0
See Also:
Constant Field Values

watcher

static ResourceWatcher watcher
Method Detail

stopWatching

static void stopWatching()
Stop watchin the config file, if there is watched one. This is needed when security configuration switched to ClassAuthenticationWrapper (which will not happen very often).


load

protected static void load(String configFile)
                    throws SecurityException
Reads the configuration file and instantiates and loads the wrapped Authentication.

Throws:
SecurityException

classCheck

public static ClassAuthentication.LoginResult classCheck(String application,
                                                         Map<String,?> properties)
Checks wether the (indirectly) calling class is authenticated by the ClassAuthenticationWrapper (using a stack trace). This method can be called from an Authentication implementation, e.g. to implement the 'class' application itself (if the authentication implementation does understand the concept itself, then passwords can be avoided in the wrappers' configuration file).

Parameters:
application - Only checks this 'authentication application'. Can be null to check for every application.
Returns:
A Login object if yes, null if not.
Since:
MMBase-1.9

classCheck

public static ClassAuthentication.Login classCheck(String application)


MMBase 2.0-SNAPSHOT - null