org.mmbase.security.classsecurity
Class ClassAuthentication

java.lang.Object
  org.mmbase.security.classsecurity.ClassAuthentication

public class ClassAuthentication
extends Object

Provides the static utility methods to authenticate by class. This means that the strack trace of the current Thread is explored, to assign a certain user/rank and produce a Cloud object for the calling code (See ContextProvider). Which code contains what user, is configured in the resource security/<classauthentication.xml> (it basicly conects certain classes to users). Multiple of those sources can be available (any jar can provide one). In case a class matches multiple entries in one of these XML, the can be assigned weight (and resources have a weight too, see ResourceLoader), and the 'heaviest' matching entry prevails. Most Authentication implementations support the 'authentication type' 'class', which is then implemented using classCheck(String) or classCheck(String, Map). In case an existing authentication implementation does not support class authentication by itself (all implementations in the MMBase repository do), it may be emulated using ClassAuthenticationWrapper.

Since:

MMBase-1.8

Version:

$Id: ClassAuthentication.java 41989 2010-04-20 16:45:39Z michiel $

Author:

Michiel Meeuwissen

See Also:

ClassAuthenticationWrapper

Nested Class Summary

static class	ClassAuthentication.Login A structure to hold the login information.
static class	ClassAuthentication.LoginResult

Field Summary

static String	DTD_CLASSSECURITY_1_0
static String	PUBLIC_ID_CLASSSECURITY_1_0
(package private) static ResourceWatcher	watcher

Method Summary

static ClassAuthentication.Login	classCheck(String application)
static ClassAuthentication.LoginResult	classCheck(String application, Map<String,?> properties) Checks wether the (indirectly) calling class is authenticated by the ClassAuthenticationWrapper (using a stack trace).
protected static void	load(String configFile) Reads the configuration file and instantiates and loads the wrapped Authentication.
(package private) static void	stopWatching() Stop watchin the config file, if there is watched one.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PUBLIC_ID_CLASSSECURITY_1_0

public static final String PUBLIC_ID_CLASSSECURITY_1_0

See Also:

Constant Field Values

DTD_CLASSSECURITY_1_0

public static final String DTD_CLASSSECURITY_1_0

See Also:

Constant Field Values

watcher

static ResourceWatcher watcher

Method Detail

stopWatching

static void stopWatching()

Stop watchin the config file, if there is watched one. This is needed when security configuration switched to ClassAuthenticationWrapper (which will not happen very often).

load

protected static void load(String configFile)
                    throws SecurityException

Reads the configuration file and instantiates and loads the wrapped Authentication.

Throws:

SecurityException

classCheck

public static ClassAuthentication.LoginResult classCheck(String application,
                                                         Map<String,?> properties)

Checks wether the (indirectly) calling class is authenticated by the ClassAuthenticationWrapper (using a stack trace). This method can be called from an Authentication implementation, e.g. to implement the 'class' application itself (if the authentication implementation does understand the concept itself, then passwords can be avoided in the wrappers' configuration file).

Parameters:

application - Only checks this 'authentication application'. Can be null to check for every application.

Returns:

A Login object if yes, null if not.

Since:

MMBase-1.9

classCheck

public static ClassAuthentication.Login classCheck(String application)