You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by lh...@apache.org on 2009/03/26 01:19:15 UTC
svn commit: r758476 [2/4] - in /incubator/jsecurity/trunk: ./
core/src/main/java/org/apache/ki/ core/src/main/java/org/apache/ki/aop/
core/src/main/java/org/apache/ki/authc/
core/src/main/java/org/apache/ki/authc/credential/
core/src/main/java/org/apac...
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/codec/CodecSupport.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/codec/CodecSupport.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/codec/CodecSupport.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/codec/CodecSupport.java Thu Mar 26 00:19:03 2009
@@ -35,12 +35,12 @@
public abstract class CodecSupport {
/**
- * Apache Ki's default preferred Character encoding, equal to <b><code>UTF-8</code></b>.
+ * Ki's default preferred Character encoding, equal to <b><code>UTF-8</code></b>.
*/
public static final String PREFERRED_ENCODING = "UTF-8";
/**
- * Converts the specified character array to a byte array using the Apache Ki's preferred encoding (UTF-8).
+ * Converts the specified character array to a byte array using the Ki's preferred encoding (UTF-8).
* <p/>
* This is a convenience method equivalent to calling the {@link #toBytes(String,String)} method with a
* a wrapping String and {@link CodecSupport#PREFERRED_ENCODING PREFERRED_ENCODING}, i.e.
@@ -72,11 +72,11 @@
}
/**
- * Converts the specified source argument to a byte array with Apache Ki's
+ * Converts the specified source argument to a byte array with Ki's
* {@link CodecSupport#PREFERRED_ENCODING PREFERRED_ENCODING}.
*
* @param source the string to convert to a byte array.
- * @return the bytes representing the specified string under Apache Ki's {@link CodecSupport#PREFERRED_ENCODING PREFERRED_ENCODING}.
+ * @return the bytes representing the specified string under Ki's {@link CodecSupport#PREFERRED_ENCODING PREFERRED_ENCODING}.
*/
public static byte[] toBytes(String source) {
return toBytes(source, PREFERRED_ENCODING);
@@ -102,7 +102,7 @@
}
/**
- * Converts the specified byte array to a string using Apache Ki's {@link CodecSupport#PREFERRED_ENCODING PREFERRED_ENCODING}.
+ * Converts the specified byte array to a string using Ki's {@link CodecSupport#PREFERRED_ENCODING PREFERRED_ENCODING}.
*
* @param bytes the byte array to turn into a String.
* @return the specified byte array as an encoded String ({@link CodecSupport#PREFERRED_ENCODING PREFERRED_ENCODING}).
@@ -129,7 +129,7 @@
}
/**
- * Returns the specified byte array as a character array using Apache Ki's {@link CodecSupport#PREFERRED_ENCODING PREFERRED_ENCODING}.
+ * Returns the specified byte array as a character array using Ki's {@link CodecSupport#PREFERRED_ENCODING PREFERRED_ENCODING}.
*
* @param bytes the byte array to convert to a char array
* @return the specified byte array encoded as a character array ({@link CodecSupport#PREFERRED_ENCODING PREFERRED_ENCODING}).
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/codec/Hex.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/codec/Hex.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/codec/Hex.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/codec/Hex.java Thu Mar 26 00:19:03 2009
@@ -23,7 +23,7 @@
*
* <p>This class was borrowed from Apache Commons Codec SVN repository (rev. 560660 ) with modifications
* to enable Hex conversion without a full dependency on Commons Codec. We didn't want to reinvent the wheel of
- * great work they've done, but also didn't want to force every Apache Ki user to depend on the commons-codec.jar</p>
+ * great work they've done, but also didn't want to force every Ki user to depend on the commons-codec.jar</p>
*
* <p>As per the Apache 2.0 license, the original copyright notice and all author and copyright information have
* remained in tact.</p>
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/codec/package-info.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/codec/package-info.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/codec/package-info.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/codec/package-info.java Thu Mar 26 00:19:03 2009
@@ -17,7 +17,7 @@
* under the License.
*/
/**
- * Components for encoding and decoding of data across multiple formats, especially useful in Apache Ki's
+ * Components for encoding and decoding of data across multiple formats, especially useful in Ki's
* cryptography and web functionality.
*/
package org.apache.ki.codec;
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/Configuration.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/Configuration.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/Configuration.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/Configuration.java Thu Mar 26 00:19:03 2009
@@ -22,7 +22,7 @@
/**
- * A <code>Configuration</code> is responsible for 'wiring' together all the Apache Ki components for an
+ * A <code>Configuration</code> is responsible for 'wiring' together all the Ki components for an
* application, such as the {@link org.apache.ki.mgt.SecurityManager SecurityManager}, and any of its
* dependencies.
* <p/>
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/ConfigurationException.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/ConfigurationException.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/ConfigurationException.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/ConfigurationException.java Thu Mar 26 00:19:03 2009
@@ -21,7 +21,7 @@
import org.apache.ki.KiException;
/**
- * Root exception indicating there was a problem parsing or processing the Apache Ki configuration.
+ * Root exception indicating there was a problem parsing or processing the Ki configuration.
*
* @author Les Hazlewood
* @since 0.9
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/IniConfiguration.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/IniConfiguration.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/IniConfiguration.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/IniConfiguration.java Thu Mar 26 00:19:03 2009
@@ -96,11 +96,11 @@
} else {
if (ignoreResourceNotFound) {
if (log.isDebugEnabled()) {
- log.debug("Apache Ki resource [" + configUrl + "] not found. Ignoring since " +
+ log.debug("Ki resource [" + configUrl + "] not found. Ignoring since " +
"'ignoreResourceNotFound' is set to true.");
}
} else {
- throw new ConfigurationException("Apache Ki resource [" + configUrl + "] specified as a 'configUrl' " +
+ throw new ConfigurationException("Ki resource [" + configUrl + "] specified as a 'configUrl' " +
"cannot be found. If you want to fall back on default configuration specified " +
"via the 'config' parameter, then set 'ignoreResourceNotFound' to true.");
}
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/ReflectionBuilder.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/ReflectionBuilder.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/ReflectionBuilder.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/ReflectionBuilder.java Thu Mar 26 00:19:03 2009
@@ -34,7 +34,7 @@
/**
* Object builder that uses reflection and Apache Commons BeanUtils to build objects given a
- * map of "property values". Typically these come from the Apache Ki INI configuration and are used
+ * map of "property values". Typically these come from the Ki INI configuration and are used
* to construct or modify the SecurityManager, its dependencies, and web-based security filters.
*
* @author Les Hazlewood
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/package-info.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/package-info.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/package-info.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/config/package-info.java Thu Mar 26 00:19:03 2009
@@ -1,22 +1,22 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/**
- * Components that support configuring Apache Ki in any application.
- */
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+/**
+ * Components that support configuring Ki in any application.
+ */
package org.apache.ki.config;
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/BlowfishCipher.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/BlowfishCipher.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/BlowfishCipher.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/BlowfishCipher.java Thu Mar 26 00:19:03 2009
@@ -33,15 +33,15 @@
/**
- * Apache Ki's default symmetric block Cipher using the Blowfish algorithm. As it is a symmetric Cipher, it uses the
+ * Ki's default symmetric block Cipher using the Blowfish algorithm. As it is a symmetric Cipher, it uses the
* same <tt>Key</tt> to both encrypt and decrypt data. If one is not provided via the {@link #setKey setKey} method,
* a default one will be used, BUT NOTE:
*
- * <p>Because Apache Ki is an open-source project, if anyone knew that you were using Apache Ki's default
+ * <p>Because Ki is an open-source project, if anyone knew that you were using Ki's default
* <code>Key</code>, they could download/view the source, and with enough effort, reconstruct the <code>Key</code>
* and decode encrypted data at will.
*
- * <p>Apache Ki only really uses Ciphers to encrypt user ids and session ids, so if that information is not critical
+ * <p>Ki only really uses Ciphers to encrypt user ids and session ids, so if that information is not critical
* to you and you think the default key still makes things 'sufficiently difficult', then you can ignore this issue.
*
* <p>However, if you do feel this constitutes sensitive information, it is recommended that you provide your own
@@ -70,7 +70,7 @@
//The following KEY_BYTES String was created by running
//System.out.println( Base64.encode( generateNewKey().getEncoded() ) ); and copying-n-pasting the output here.
//You should run the same and set the resulting output as a property of this class instead of using
- //Apache Ki's default Key for proper security.
+ //Ki's default Key for proper security.
private static final byte[] KEY_BYTES = Base64.decode("jJ9Kg1BAevbvhSg3vBfwfQ==");
private static final Key DEFAULT_CIPHER_KEY = new SecretKeySpec(KEY_BYTES, ALGORITHM);
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/Cipher.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/Cipher.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/Cipher.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/Cipher.java Thu Mar 26 00:19:03 2009
@@ -40,9 +40,9 @@
* data shared between two parties, the same Key must also be shared and may be compromised.
*
* <p>Note that a symmetric cipher is perfectly fine to use if you just want to encode data in a format no one else
- * can understand and you never give away the key. Apache Ki uses a symmetric cipher when using certain
+ * can understand and you never give away the key. Ki uses a symmetric cipher when using certain
* HTTP Cookies for example - because it is often undesireable to have user's identity stored in a plain-text cookie,
- * that identity can be converted via a symmetric cipher. Since the the same exact Apache Ki application will receive
+ * that identity can be converted via a symmetric cipher. Since the the same exact Ki application will receive
* the cookie, it can decrypt it via the same <tt>Key</tt> and there is no potential for discovery since that Key
* is never shared with anyone.
*
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/hash/AbstractHash.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/hash/AbstractHash.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/hash/AbstractHash.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/hash/AbstractHash.java Thu Mar 26 00:19:03 2009
@@ -28,7 +28,7 @@
import org.apache.ki.codec.Hex;
/**
- * Provides a base for all Apache Ki Hash algorithms with support for salts and multiple hash iterations.
+ * Provides a base for all Ki Hash algorithms with support for salts and multiple hash iterations.
*
* <p>Read <a href="http://www.owasp.org/index.php/Hashing_Java" target="blank">http://www.owasp.org/index.php/Hashing_Java</a> for a
* good article on the benefits of hashing, including what a 'salt' is as well as why it and multiple hash iterations
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/package-info.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/package-info.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/package-info.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/crypto/package-info.java Thu Mar 26 00:19:03 2009
@@ -21,6 +21,6 @@
* add additional convenient behavior.
* <p/>
* The most important interface in this package is the {@link org.apache.ki.crypto.Cipher Cipher} interface, which
- * allows other Apache Ki components to encrypt and decrypt potentially sensitive data.
+ * allows other Ki components to encrypt and decrypt potentially sensitive data.
*/
package org.apache.ki.crypto;
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/io/Serializer.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/io/Serializer.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/io/Serializer.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/io/Serializer.java Thu Mar 26 00:19:03 2009
@@ -23,7 +23,7 @@
* of objects to files, HTTP cookies, or other mechanism.
* <p/>
* A <code>Serializer</code> should only do conversion, never change the data, such as encoding/decoding or
- * encryption. These orthoganal concerns are handled elsewhere by Apache Ki, for example, via
+ * encryption. These orthoganal concerns are handled elsewhere by Ki, for example, via
* {@link org.apache.ki.codec.CodecSupport CodecSupport} and {@link org.apache.ki.crypto.Cipher Cipher}s.
* @author Les Hazlewood
* @since 0.9
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/JndiCallback.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/JndiCallback.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/JndiCallback.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/JndiCallback.java Thu Mar 26 00:19:03 2009
@@ -34,7 +34,7 @@
* <p>Note that this interface is an exact copy of the Spring Framework's identically named interface from
* their 2.5.4 distribution - we didn't want to re-invent the wheel, but not require a full dependency on the
* Spring framework, nor does Spring make available only its JNDI classes in a small jar, or we would have used that.
- * Since Apache Ki is also Apache 2.0 licensed, all regular licenses and conditions and authors have remained in tact.
+ * Since Ki is also Apache 2.0 licensed, all regular licenses and conditions and authors have remained in tact.
*
* @author Rod Johnson
* @see JndiTemplate
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/JndiLocator.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/JndiLocator.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/JndiLocator.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/JndiLocator.java Thu Mar 26 00:19:03 2009
@@ -31,7 +31,7 @@
* <p>Note that this implementation is an almost exact combined copy of the Spring Framework's 'JndiAccessor' and
* 'JndiLocatorSupport' classes from their 2.5.4 distribution - we didn't want to re-invent the wheel, but not require
* a full dependency on the Spring framework, nor does Spring make available only its JNDI classes in a small jar, or
- * we would have used that. Since Apache Ki is also Apache 2.0 licensed, all regular licenses and conditions and
+ * we would have used that. Since Ki is also Apache 2.0 licensed, all regular licenses and conditions and
* authors have remained in tact.
*
* @author Juergen Hoeller
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/JndiTemplate.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/JndiTemplate.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/JndiTemplate.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/JndiTemplate.java Thu Mar 26 00:19:03 2009
@@ -37,7 +37,7 @@
* <p>Note that this implementation is an almost exact copy of the Spring Framework's identically named class from
* their 2.5.4 distribution - we didn't want to re-invent the wheel, but not require a full dependency on the
* Spring framework, nor does Spring make available only its JNDI classes in a small jar, or we would have used that.
- * Since Apache Ki is also Apache 2.0 licensed, all regular licenses and conditions and authors have remained in tact.
+ * Since Ki is also Apache 2.0 licensed, all regular licenses and conditions and authors have remained in tact.
*
* @author Rod Johnson
* @author Juergen Hoeller
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/package-info.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/package-info.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/package-info.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/jndi/package-info.java Thu Mar 26 00:19:03 2009
@@ -1,22 +1,22 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-/**
- * Enables accessing objects located in JNDI that might be useful when configuring a Apache Ki-enabled application.
- */
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+/**
+ * Enables accessing objects located in JNDI that might be useful when configuring a Ki-enabled application.
+ */
package org.apache.ki.jndi;
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/AuthenticatingSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/AuthenticatingSecurityManager.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/AuthenticatingSecurityManager.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/AuthenticatingSecurityManager.java Thu Mar 26 00:19:03 2009
@@ -32,7 +32,7 @@
/**
- * Apache Ki support of a {@link SecurityManager} class hierarchy that delegates all
+ * Ki support of a {@link SecurityManager} class hierarchy that delegates all
* authentication operations to a wrapped {@link Authenticator Authenticator} instance. That is, this class
* implements all the <tt>Authenticator</tt> methods in the {@link SecurityManager SecurityManager}
* interface, but in reality, those methods are merely passthrough calls to the underlying 'real'
@@ -40,7 +40,7 @@
*
* <p>All other <tt>SecurityManager</tt> (authorization, session, etc) methods are left to be implemented by subclasses.
*
- * <p>In keeping with the other classes in this hierarchy and Apache Ki's desire to minimize configuration whenever
+ * <p>In keeping with the other classes in this hierarchy and Ki's desire to minimize configuration whenever
* possible, suitable default instances for all dependencies are created upon instantiation.
*
* @author Les Hazlewood
@@ -125,7 +125,7 @@
* interface in order for these listeners to be applied. If it does not implement this interface, it is
* considered a configuration error and an exception will be thrown.
*
- * <p>All of Apache Ki's <tt>Authenticator</tt> implementations implement the
+ * <p>All of Ki's <tt>Authenticator</tt> implementations implement the
* <tt>AuthenticationListenerRegistrar</tt> interface, so you would only need
* to worry about an exception being thrown if you provided your own Authenticator instance and did not
* implement it.
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/AuthorizingSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/AuthorizingSecurityManager.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/AuthorizingSecurityManager.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/AuthorizingSecurityManager.java Thu Mar 26 00:19:03 2009
@@ -32,7 +32,7 @@
/**
- * Apache Ki support of a {@link SecurityManager} class hierarchy that delegates all
+ * Ki support of a {@link SecurityManager} class hierarchy that delegates all
* authorization (access control) operations to a wrapped {@link Authorizer Authorizer} instance. That is,
* this class implements all the <tt>Authorizer</tt> methods in the {@link SecurityManager SecurityManager}
* interface, but in reality, those methods are merely passthrough calls to the underlying 'real'
@@ -41,7 +41,7 @@
* <p>All remaining <tt>SecurityManager</tt> methods not covered by this class or its parents (mostly Session support)
* are left to be implemented by subclasses.
*
- * <p>In keeping with the other classes in this hierarchy and Apache Ki's desire to minimize configuration whenever
+ * <p>In keeping with the other classes in this hierarchy and Ki's desire to minimize configuration whenever
* possible, suitable default instances for all dependencies will be created upon instantiation.
*
* @author Les Hazlewood
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/DefaultSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/DefaultSecurityManager.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/DefaultSecurityManager.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/DefaultSecurityManager.java Thu Mar 26 00:19:03 2009
@@ -1,505 +1,505 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.ki.mgt;
-
-import java.io.Serializable;
-import java.net.InetAddress;
-import java.util.Collection;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-import org.apache.ki.authc.AuthenticationException;
-import org.apache.ki.authc.AuthenticationInfo;
-import org.apache.ki.authc.AuthenticationToken;
-import org.apache.ki.authc.Authenticator;
-import org.apache.ki.authc.LogoutAware;
-import org.apache.ki.authz.AuthorizationException;
-import org.apache.ki.authz.Authorizer;
-import org.apache.ki.crypto.Cipher;
-import org.apache.ki.realm.Realm;
-import org.apache.ki.session.InvalidSessionException;
-import org.apache.ki.session.Session;
-import org.apache.ki.session.mgt.DelegatingSession;
-import org.apache.ki.subject.PrincipalCollection;
-import org.apache.ki.subject.Subject;
-import org.apache.ki.util.ThreadContext;
-
-
-/**
- * <p>The Apache Ki framework's default concrete implementation of the {@link SecurityManager} interface,
- * based around a collection of {@link org.apache.ki.realm.Realm}s. This implementation delegates its
- * authentication, authorization, and session operations to wrapped {@link Authenticator}, {@link Authorizer}, and
- * {@link org.apache.ki.session.mgt.SessionManager SessionManager} instances respectively via superclass
- * implementation.</p>
- *
- * <p>To greatly reduce and simplify configuration, this implementation (and its superclasses) will
- * create suitable defaults for all of its required dependencies, <em>except</em> the required one or more
- * {@link Realm Realm}s. Because <code>Realm</code> implementations usually interact with an application's data model,
- * they are almost always application specific; you will want to specify at least one custom
- * <tt>Realm</tt> implementation that 'knows' about your application's data/security model
- * (via {@link #setRealm} or one of the overloaded constructors). All other attributes in this class hierarchy
- * will have suitable defaults for most enterprise applications.</p>
- *
- * <p><b>RememberMe notice</b>: This class supports the ability to configure a
- * {@link #setRememberMeManager RememberMeManager}
- * for <tt>RememberMe</tt> identity services for login/logout, BUT, a default instance <em>will not</em> be created
- * for this attribute at startup.
- *
- * <p>Because RememberMe services are inherently client tier-specific and
- * therefore aplication-dependent, if you want <tt>RememberMe</tt> services enabled, you will have to specify an
- * instance yourself via the {@link #setRememberMeManager(RememberMeManager) setRememberMeManager}
- * mutator. However if you're reading this JavaDoc with the
- * expectation of operating in a Web environment, take a look at the
- * {@link org.apache.ki.web.DefaultWebSecurityManager DefaultWebSecurityManager} implementation, which
- * <em>does</em> support <tt>RememberMe</tt> services by default at startup.
- *
- * @author Les Hazlewood
- * @author Jeremy Haile
- * @see org.apache.ki.web.DefaultWebSecurityManager
- * @since 0.2
- */
-public class DefaultSecurityManager extends SessionsSecurityManager {
-
- //TODO - complete JavaDoc
-
- private static final Log log = LogFactory.getLog(DefaultSecurityManager.class);
-
- protected RememberMeManager rememberMeManager;
-
- protected SubjectFactory subjectFactory;
-
- protected SubjectBinder subjectBinder;
-
- /**
- * Default no-arg constructor.
- */
- public DefaultSecurityManager() {
- super();
- this.subjectFactory = new DefaultSubjectFactory(this);
- this.subjectBinder = new SessionSubjectBinder();
- }
-
- /**
- * Supporting constructor for a single-realm application.
- *
- * @param singleRealm the single realm used by this SecurityManager.
- */
- public DefaultSecurityManager(Realm singleRealm) {
- this();
- setRealm(singleRealm);
- }
-
- /**
- * Supporting constructor for multiple {@link #setRealms realms}.
- *
- * @param realms the realm instances backing this SecurityManager.
- */
- public DefaultSecurityManager(Collection<Realm> realms) {
- this();
- setRealms(realms);
- }
-
- public SubjectFactory getSubjectFactory() {
- return subjectFactory;
- }
-
- public void setSubjectFactory(SubjectFactory subjectFactory) {
- this.subjectFactory = subjectFactory;
- if (this.subjectFactory instanceof SecurityManagerAware) {
- ((SecurityManagerAware) this.subjectFactory).setSecurityManager(this);
- }
- }
-
- public SubjectBinder getSubjectBinder() {
- return subjectBinder;
- }
-
- public void setSubjectBinder(SubjectBinder subjectBinder) {
- this.subjectBinder = subjectBinder;
- }
-
- public RememberMeManager getRememberMeManager() {
- return rememberMeManager;
- }
-
- public void setRememberMeManager(RememberMeManager rememberMeManager) {
- this.rememberMeManager = rememberMeManager;
- }
-
- private AbstractRememberMeManager getRememberMeManagerForCipherAttributes() {
- if (!(this.rememberMeManager instanceof AbstractRememberMeManager)) {
- String msg = "The convenience passthrough methods for setting remember me cipher attributes " +
- "are only available when the underlying RememberMeManager implementation is a subclass of " +
- AbstractRememberMeManager.class.getName() + ".";
- throw new IllegalStateException(msg);
- }
- return (AbstractRememberMeManager) this.rememberMeManager;
- }
-
- public void setRememberMeCipher(Cipher cipher) {
- getRememberMeManagerForCipherAttributes().setCipher(cipher);
- }
-
- public void setRememberMeCipherKey(byte[] bytes) {
- getRememberMeManagerForCipherAttributes().setCipherKey(bytes);
- }
-
- public void setRememberMeCipherKeyHex(String hex) {
- getRememberMeManagerForCipherAttributes().setCipherKeyHex(hex);
- }
-
- public void setRememberMeCipherKeyBase64(String base64) {
- getRememberMeManagerForCipherAttributes().setCipherKeyBase64(base64);
- }
-
- public void setRememberMeEncryptionCipherKey(byte[] bytes) {
- getRememberMeManagerForCipherAttributes().setEncryptionCipherKey(bytes);
- }
-
- public void setRememberMeEncryptionCipherKeyHex(String hex) {
- getRememberMeManagerForCipherAttributes().setEncryptionCipherKeyHex(hex);
- }
-
- public void setRememberMeEncryptionCipherKeyBase64(String base64) {
- getRememberMeManagerForCipherAttributes().setEncryptionCipherKeyBase64(base64);
- }
-
- public void setRememberMeDecryptionCipherKey(byte[] bytes) {
- getRememberMeManagerForCipherAttributes().setDecryptionCipherKey(bytes);
- }
-
- public void setRememberMeDecryptionCipherKeyHex(String hex) {
- getRememberMeManagerForCipherAttributes().setDecryptionCipherKeyHex(hex);
- }
-
- public void setRememberMeDecryptionCipherKeyBase64(String base64) {
- getRememberMeManagerForCipherAttributes().setDecryptionCipherKeyBase64(base64);
- }
-
- protected Subject createSubject() {
- Subject subject = null;
-
- Serializable sessionId = ThreadContext.getSessionId();
- if (sessionId != null) {
- try {
- subject = getSubjectBySessionId(sessionId);
- } catch (InvalidSessionException e) {
- if (log.isDebugEnabled()) {
- log.debug("Session id referenced on the current thread [" + sessionId + "] is invalid. " +
- "Ignoring and creating a new Subject instance to continue. This message can be " +
- "safely ignored.", e);
- }
- } catch (AuthorizationException e) {
- if (log.isWarnEnabled()) {
- log.warn("Session id referenced on the current thread [" + sessionId + "] is not allowed to be " +
- "referenced. Ignoring and creating a Subject instance without a session to continue.", e);
- }
- }
- }
-
- if (subject == null) {
- PrincipalCollection principals = getRememberedIdentity();
- return getSubjectFactory().createSubject(principals, null, false, null);
- }
-
- return subject;
- }
-
- /**
- * Creates a <tt>Subject</tt> instance for the user represented by the given method arguments.
- *
- * @param token the <tt>AuthenticationToken</tt> submitted for the successful authentication.
- * @param info the <tt>AuthenticationInfo</tt> of a newly authenticated user.
- * @return the <tt>Subject</tt> instance that represents the user and session data for the newly
- * authenticated user.
- */
- protected Subject createSubject(AuthenticationToken token, AuthenticationInfo info) {
- return getSubjectFactory().createSubject(token, info, getSubject(false));
- }
-
- /**
- * Binds a <tt>Subject</tt> instance created after authentication to the application for later use.
- *
- * <p>The default implementation merely binds the argument to the thread local via the {@link ThreadContext}.
- * Should be overridden by subclasses for environment-specific binding (e.g. web environment, etc).
- *
- * @param subject the <tt>Subject</tt> instance created after authentication to be bound to the application
- * for later use.
- */
- protected void bind(Subject subject) {
- getSubjectBinder().bind(subject);
- }
-
- private void assertCreation(Subject subject) throws IllegalStateException {
- if (subject == null) {
- String msg = "Programming error - please verify that you have overridden the " +
- getClass().getName() + ".createSubject( AuthenticationInfo info ) method to return " +
- "a non-null Subject instance";
- throw new IllegalStateException(msg);
- }
- }
-
- protected void rememberMeSuccessfulLogin(AuthenticationToken token, AuthenticationInfo info) {
- RememberMeManager rmm = getRememberMeManager();
- if (rmm != null) {
- try {
- rmm.onSuccessfulLogin(token, info);
- } catch (Exception e) {
- if (log.isWarnEnabled()) {
- String msg = "Delegate RememberMeManager instance of type [" + rmm.getClass().getName() +
- "] threw an exception during onSuccessfulLogin. RememberMe services will not be " +
- "performed for account [" + info + "].";
- log.warn(msg, e);
- }
- }
- } else {
- if (log.isDebugEnabled()) {
- log.debug("This " + getClass().getName() + " instance does not have a " +
- "[" + RememberMeManager.class.getName() + "] instance configured. RememberMe services " +
- "will not be performed for account [" + info + "].");
- }
- }
- }
-
- protected void rememberMeFailedLogin(AuthenticationToken token, AuthenticationException ex) {
- RememberMeManager rmm = getRememberMeManager();
- if (rmm != null) {
- try {
- rmm.onFailedLogin(token, ex);
- } catch (Exception e) {
- if (log.isWarnEnabled()) {
- String msg = "Delegate RememberMeManager instance of type [" + rmm.getClass().getName() +
- "] threw an exception during onFailedLogin for AuthenticationToken [" +
- token + "].";
- log.warn(msg, e);
- }
- }
- }
- }
-
- protected void rememberMeLogout(PrincipalCollection subjectPrincipals) {
- RememberMeManager rmm = getRememberMeManager();
- if (rmm != null) {
- try {
- rmm.onLogout(subjectPrincipals);
- } catch (Exception e) {
- if (log.isWarnEnabled()) {
- String msg = "Delegate RememberMeManager instance of type [" + rmm.getClass().getName() +
- "] threw an exception during onLogout for subject with principals [" +
- subjectPrincipals + "]";
- log.warn(msg, e);
- }
- }
- }
- }
-
- /**
- * First authenticates the <tt>AuthenticationToken</tt> argument, and if successful, constructs a
- * <tt>Subject</tt> instance representing the authenticated account's identity.
- *
- * <p>Once constructed, the <tt>Subject</tt> instance is then {@link #bind bound} to the application for
- * subsequent access before being returned to the caller.
- *
- * @param token the authenticationToken to process for the login attempt.
- * @return a Subject representing the authenticated user.
- * @throws AuthenticationException if there is a problem authenticating the specified <tt>token</tt>.
- */
- public Subject login(AuthenticationToken token) throws AuthenticationException {
- AuthenticationInfo info;
- try {
- info = authenticate(token);
- onSuccessfulLogin(token, info);
- } catch (AuthenticationException ae) {
- try {
- onFailedLogin(token, ae);
- } catch (Exception e) {
- if (log.isInfoEnabled()) {
- log.info("onFailedLogin(AuthenticationToken,AuthenticationException) method threw an " +
- "exception. Logging and propagating original AuthenticationException.", e);
- }
- }
- throw ae; //propagate
- }
- Subject subject = createSubject(token, info);
- assertCreation(subject);
- bind(subject);
- return subject;
- }
-
- protected void onSuccessfulLogin(AuthenticationToken token, AuthenticationInfo info) {
- rememberMeSuccessfulLogin(token, info);
- }
-
- protected void onFailedLogin(AuthenticationToken token, AuthenticationException ae) {
- rememberMeFailedLogin(token, ae);
- }
-
- protected void beforeLogout(PrincipalCollection subjectIdentifier) {
- rememberMeLogout(subjectIdentifier);
- }
-
- protected Subject getSubject(PrincipalCollection principals) {
- //Method arg is ignored at the moment - retrieve from the environment if it exists:
- return getSubject(false);
- }
-
- public void logout(PrincipalCollection principals) {
-
- Subject subject;
-
- if (principals != null) {
- beforeLogout(principals);
- Authenticator authc = getAuthenticator();
- if (authc instanceof LogoutAware) {
- ((LogoutAware) authc).onLogout(principals);
- }
- subject = getSubject(principals);
- } else {
- subject = getSubject(false);
- }
-
- try {
- unbind(subject);
- } catch (Exception e) {
- if (log.isDebugEnabled()) {
- String msg = "Unable to cleanly unbind Subject. Ignoring (logging out).";
- log.debug(msg, e);
- }
- } finally {
- try {
- stopSession(subject);
- } catch (Exception e) {
- if (log.isDebugEnabled()) {
- String msg = "Unable to cleanly stop Session for Subject [" + subject.getPrincipal() + "] " +
- "Ignoring (logging out).";
- log.debug(msg, e);
- }
- }
-
- }
- }
-
- protected void stopSession(Subject subject) {
- Session s = subject.getSession(false);
- if (s != null) {
- try {
- s.stop();
- } catch (InvalidSessionException ise) {
- //ignored - we're invalidating, and have no further need of the session anyway
- //log just in case someone wants to know:
- if (log.isTraceEnabled()) {
- log.trace("Session has already been invalidated for subject [" +
- subject.getPrincipal() + "]. Ignoring and continuing logout ...", ise);
- }
- }
- }
- }
-
- protected void unbind(Subject subject) {
- getSubjectBinder().unbind(subject);
- }
-
- protected PrincipalCollection getRememberedIdentity() {
- RememberMeManager rmm = getRememberMeManager();
- if (rmm != null) {
- try {
- return rmm.getRememberedPrincipals();
- } catch (Exception e) {
- if (log.isWarnEnabled()) {
- String msg = "Delegate RememberMeManager instance of type [" + rmm.getClass().getName() +
- "] threw an exception during getRememberedPrincipals().";
- log.warn(msg, e);
- }
- }
- }
- return null;
- }
-
- protected Subject getSubject(boolean create) {
- Subject subject = getSubjectBinder().getSubject();
- if (subject == null && create) {
- subject = createSubject();
- bind(subject);
- }
- return subject;
- }
-
- public Subject getSubject() {
- return getSubject(true);
- }
-
- protected PrincipalCollection getPrincipals(Session session) {
- return (PrincipalCollection) session.getAttribute(SessionSubjectBinder.PRINCIPALS_SESSION_KEY);
- }
-
- protected boolean isAuthenticated(Session session, PrincipalCollection principals) {
- if (principals != null) {
- Boolean authc = (Boolean) session.getAttribute(SessionSubjectBinder.AUTHENTICATED_SESSION_KEY);
- return authc != null && authc;
- }
- return false;
- }
-
- /**
- * Acquires the {@link Subject Subject} that owns the {@link Session Session} with the specified {@code sessionId}.
- *
- * <p><b>Although simple in concept, this method provides incredibly powerful functionality:</b>
- *
- * <p>The ability to reference a {@code Subject} and their server-side session
- * <em>across clients of different mediums</em> such as web applications, Java applets,
- * standalone C# clients over XMLRPC and/or SOAP, and many others. This is a <em>huge</em>
- * benefit in heterogeneous enterprise applications.
- *
- * <p>To maintain session integrity across client mediums, the {@code sessionId} <b>must</b> be transmitted
- * to all client mediums securely (e.g. over SSL) to prevent man-in-the-middle attacks. This
- * is nothing new - all web applications are susceptible to the same problem when transmitting
- * {@code Cookie}s or when using URL rewriting. As long as the
- * {@code sessionId} is transmitted securely, session integrity can be maintained.
- *
- * @param sessionId the id of the session that backs the desired Subject being acquired.
- * @return the {@code Subject} that owns the {@code Session Session} with the specified {@code sessionId}
- * @throws org.apache.ki.session.InvalidSessionException
- * if the session identified by <tt>sessionId</tt> has
- * been stopped, expired, or doesn't exist.
- * @throws org.apache.ki.authz.AuthorizationException
- * if the executor of this method is not allowed to acquire the owning {@code Subject}. The reason
- * for the exception is implementation-specific and could be for any number of reasons. A common
- * reason in many systems would be if one host tried to acquire a {@code Subject} based on a
- * {@code Session} that originated on an entirely different host (although it is not a Apache Ki
- * requirement this scenario is disallowed - its just an example that <em>may</em> throw an Exception in
- * some systems).
- * @see org.apache.ki.authz.HostUnauthorizedException
- * @since 1.0
- */
- private Subject getSubjectBySessionId(Serializable sessionId) throws InvalidSessionException, AuthorizationException {
- if (!isValid(sessionId)) {
- String msg = "Specified id [" + sessionId + "] does not correspond to a valid Session It either " +
- "does not exist or the corresponding session has been stopped or expired.";
- throw new InvalidSessionException(msg, sessionId);
- }
-
- Session existing = new DelegatingSession(this, sessionId);
- PrincipalCollection principals = getPrincipals(existing);
- boolean authenticated = isAuthenticated(existing, principals);
- InetAddress host = existing.getHostAddress();
-
- return getSubjectFactory().createSubject(principals, existing, authenticated, host);
- }
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ki.mgt;
+
+import java.io.Serializable;
+import java.net.InetAddress;
+import java.util.Collection;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.apache.ki.authc.AuthenticationException;
+import org.apache.ki.authc.AuthenticationInfo;
+import org.apache.ki.authc.AuthenticationToken;
+import org.apache.ki.authc.Authenticator;
+import org.apache.ki.authc.LogoutAware;
+import org.apache.ki.authz.AuthorizationException;
+import org.apache.ki.authz.Authorizer;
+import org.apache.ki.crypto.Cipher;
+import org.apache.ki.realm.Realm;
+import org.apache.ki.session.InvalidSessionException;
+import org.apache.ki.session.Session;
+import org.apache.ki.session.mgt.DelegatingSession;
+import org.apache.ki.subject.PrincipalCollection;
+import org.apache.ki.subject.Subject;
+import org.apache.ki.util.ThreadContext;
+
+
+/**
+ * <p>The Ki framework's default concrete implementation of the {@link SecurityManager} interface,
+ * based around a collection of {@link org.apache.ki.realm.Realm}s. This implementation delegates its
+ * authentication, authorization, and session operations to wrapped {@link Authenticator}, {@link Authorizer}, and
+ * {@link org.apache.ki.session.mgt.SessionManager SessionManager} instances respectively via superclass
+ * implementation.</p>
+ *
+ * <p>To greatly reduce and simplify configuration, this implementation (and its superclasses) will
+ * create suitable defaults for all of its required dependencies, <em>except</em> the required one or more
+ * {@link Realm Realm}s. Because <code>Realm</code> implementations usually interact with an application's data model,
+ * they are almost always application specific; you will want to specify at least one custom
+ * <tt>Realm</tt> implementation that 'knows' about your application's data/security model
+ * (via {@link #setRealm} or one of the overloaded constructors). All other attributes in this class hierarchy
+ * will have suitable defaults for most enterprise applications.</p>
+ *
+ * <p><b>RememberMe notice</b>: This class supports the ability to configure a
+ * {@link #setRememberMeManager RememberMeManager}
+ * for <tt>RememberMe</tt> identity services for login/logout, BUT, a default instance <em>will not</em> be created
+ * for this attribute at startup.
+ *
+ * <p>Because RememberMe services are inherently client tier-specific and
+ * therefore aplication-dependent, if you want <tt>RememberMe</tt> services enabled, you will have to specify an
+ * instance yourself via the {@link #setRememberMeManager(RememberMeManager) setRememberMeManager}
+ * mutator. However if you're reading this JavaDoc with the
+ * expectation of operating in a Web environment, take a look at the
+ * {@link org.apache.ki.web.DefaultWebSecurityManager DefaultWebSecurityManager} implementation, which
+ * <em>does</em> support <tt>RememberMe</tt> services by default at startup.
+ *
+ * @author Les Hazlewood
+ * @author Jeremy Haile
+ * @see org.apache.ki.web.DefaultWebSecurityManager
+ * @since 0.2
+ */
+public class DefaultSecurityManager extends SessionsSecurityManager {
+
+ //TODO - complete JavaDoc
+
+ private static final Log log = LogFactory.getLog(DefaultSecurityManager.class);
+
+ protected RememberMeManager rememberMeManager;
+
+ protected SubjectFactory subjectFactory;
+
+ protected SubjectBinder subjectBinder;
+
+ /**
+ * Default no-arg constructor.
+ */
+ public DefaultSecurityManager() {
+ super();
+ this.subjectFactory = new DefaultSubjectFactory(this);
+ this.subjectBinder = new SessionSubjectBinder();
+ }
+
+ /**
+ * Supporting constructor for a single-realm application.
+ *
+ * @param singleRealm the single realm used by this SecurityManager.
+ */
+ public DefaultSecurityManager(Realm singleRealm) {
+ this();
+ setRealm(singleRealm);
+ }
+
+ /**
+ * Supporting constructor for multiple {@link #setRealms realms}.
+ *
+ * @param realms the realm instances backing this SecurityManager.
+ */
+ public DefaultSecurityManager(Collection<Realm> realms) {
+ this();
+ setRealms(realms);
+ }
+
+ public SubjectFactory getSubjectFactory() {
+ return subjectFactory;
+ }
+
+ public void setSubjectFactory(SubjectFactory subjectFactory) {
+ this.subjectFactory = subjectFactory;
+ if (this.subjectFactory instanceof SecurityManagerAware) {
+ ((SecurityManagerAware) this.subjectFactory).setSecurityManager(this);
+ }
+ }
+
+ public SubjectBinder getSubjectBinder() {
+ return subjectBinder;
+ }
+
+ public void setSubjectBinder(SubjectBinder subjectBinder) {
+ this.subjectBinder = subjectBinder;
+ }
+
+ public RememberMeManager getRememberMeManager() {
+ return rememberMeManager;
+ }
+
+ public void setRememberMeManager(RememberMeManager rememberMeManager) {
+ this.rememberMeManager = rememberMeManager;
+ }
+
+ private AbstractRememberMeManager getRememberMeManagerForCipherAttributes() {
+ if (!(this.rememberMeManager instanceof AbstractRememberMeManager)) {
+ String msg = "The convenience passthrough methods for setting remember me cipher attributes " +
+ "are only available when the underlying RememberMeManager implementation is a subclass of " +
+ AbstractRememberMeManager.class.getName() + ".";
+ throw new IllegalStateException(msg);
+ }
+ return (AbstractRememberMeManager) this.rememberMeManager;
+ }
+
+ public void setRememberMeCipher(Cipher cipher) {
+ getRememberMeManagerForCipherAttributes().setCipher(cipher);
+ }
+
+ public void setRememberMeCipherKey(byte[] bytes) {
+ getRememberMeManagerForCipherAttributes().setCipherKey(bytes);
+ }
+
+ public void setRememberMeCipherKeyHex(String hex) {
+ getRememberMeManagerForCipherAttributes().setCipherKeyHex(hex);
+ }
+
+ public void setRememberMeCipherKeyBase64(String base64) {
+ getRememberMeManagerForCipherAttributes().setCipherKeyBase64(base64);
+ }
+
+ public void setRememberMeEncryptionCipherKey(byte[] bytes) {
+ getRememberMeManagerForCipherAttributes().setEncryptionCipherKey(bytes);
+ }
+
+ public void setRememberMeEncryptionCipherKeyHex(String hex) {
+ getRememberMeManagerForCipherAttributes().setEncryptionCipherKeyHex(hex);
+ }
+
+ public void setRememberMeEncryptionCipherKeyBase64(String base64) {
+ getRememberMeManagerForCipherAttributes().setEncryptionCipherKeyBase64(base64);
+ }
+
+ public void setRememberMeDecryptionCipherKey(byte[] bytes) {
+ getRememberMeManagerForCipherAttributes().setDecryptionCipherKey(bytes);
+ }
+
+ public void setRememberMeDecryptionCipherKeyHex(String hex) {
+ getRememberMeManagerForCipherAttributes().setDecryptionCipherKeyHex(hex);
+ }
+
+ public void setRememberMeDecryptionCipherKeyBase64(String base64) {
+ getRememberMeManagerForCipherAttributes().setDecryptionCipherKeyBase64(base64);
+ }
+
+ protected Subject createSubject() {
+ Subject subject = null;
+
+ Serializable sessionId = ThreadContext.getSessionId();
+ if (sessionId != null) {
+ try {
+ subject = getSubjectBySessionId(sessionId);
+ } catch (InvalidSessionException e) {
+ if (log.isDebugEnabled()) {
+ log.debug("Session id referenced on the current thread [" + sessionId + "] is invalid. " +
+ "Ignoring and creating a new Subject instance to continue. This message can be " +
+ "safely ignored.", e);
+ }
+ } catch (AuthorizationException e) {
+ if (log.isWarnEnabled()) {
+ log.warn("Session id referenced on the current thread [" + sessionId + "] is not allowed to be " +
+ "referenced. Ignoring and creating a Subject instance without a session to continue.", e);
+ }
+ }
+ }
+
+ if (subject == null) {
+ PrincipalCollection principals = getRememberedIdentity();
+ return getSubjectFactory().createSubject(principals, null, false, null);
+ }
+
+ return subject;
+ }
+
+ /**
+ * Creates a <tt>Subject</tt> instance for the user represented by the given method arguments.
+ *
+ * @param token the <tt>AuthenticationToken</tt> submitted for the successful authentication.
+ * @param info the <tt>AuthenticationInfo</tt> of a newly authenticated user.
+ * @return the <tt>Subject</tt> instance that represents the user and session data for the newly
+ * authenticated user.
+ */
+ protected Subject createSubject(AuthenticationToken token, AuthenticationInfo info) {
+ return getSubjectFactory().createSubject(token, info, getSubject(false));
+ }
+
+ /**
+ * Binds a <tt>Subject</tt> instance created after authentication to the application for later use.
+ *
+ * <p>The default implementation merely binds the argument to the thread local via the {@link ThreadContext}.
+ * Should be overridden by subclasses for environment-specific binding (e.g. web environment, etc).
+ *
+ * @param subject the <tt>Subject</tt> instance created after authentication to be bound to the application
+ * for later use.
+ */
+ protected void bind(Subject subject) {
+ getSubjectBinder().bind(subject);
+ }
+
+ private void assertCreation(Subject subject) throws IllegalStateException {
+ if (subject == null) {
+ String msg = "Programming error - please verify that you have overridden the " +
+ getClass().getName() + ".createSubject( AuthenticationInfo info ) method to return " +
+ "a non-null Subject instance";
+ throw new IllegalStateException(msg);
+ }
+ }
+
+ protected void rememberMeSuccessfulLogin(AuthenticationToken token, AuthenticationInfo info) {
+ RememberMeManager rmm = getRememberMeManager();
+ if (rmm != null) {
+ try {
+ rmm.onSuccessfulLogin(token, info);
+ } catch (Exception e) {
+ if (log.isWarnEnabled()) {
+ String msg = "Delegate RememberMeManager instance of type [" + rmm.getClass().getName() +
+ "] threw an exception during onSuccessfulLogin. RememberMe services will not be " +
+ "performed for account [" + info + "].";
+ log.warn(msg, e);
+ }
+ }
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("This " + getClass().getName() + " instance does not have a " +
+ "[" + RememberMeManager.class.getName() + "] instance configured. RememberMe services " +
+ "will not be performed for account [" + info + "].");
+ }
+ }
+ }
+
+ protected void rememberMeFailedLogin(AuthenticationToken token, AuthenticationException ex) {
+ RememberMeManager rmm = getRememberMeManager();
+ if (rmm != null) {
+ try {
+ rmm.onFailedLogin(token, ex);
+ } catch (Exception e) {
+ if (log.isWarnEnabled()) {
+ String msg = "Delegate RememberMeManager instance of type [" + rmm.getClass().getName() +
+ "] threw an exception during onFailedLogin for AuthenticationToken [" +
+ token + "].";
+ log.warn(msg, e);
+ }
+ }
+ }
+ }
+
+ protected void rememberMeLogout(PrincipalCollection subjectPrincipals) {
+ RememberMeManager rmm = getRememberMeManager();
+ if (rmm != null) {
+ try {
+ rmm.onLogout(subjectPrincipals);
+ } catch (Exception e) {
+ if (log.isWarnEnabled()) {
+ String msg = "Delegate RememberMeManager instance of type [" + rmm.getClass().getName() +
+ "] threw an exception during onLogout for subject with principals [" +
+ subjectPrincipals + "]";
+ log.warn(msg, e);
+ }
+ }
+ }
+ }
+
+ /**
+ * First authenticates the <tt>AuthenticationToken</tt> argument, and if successful, constructs a
+ * <tt>Subject</tt> instance representing the authenticated account's identity.
+ *
+ * <p>Once constructed, the <tt>Subject</tt> instance is then {@link #bind bound} to the application for
+ * subsequent access before being returned to the caller.
+ *
+ * @param token the authenticationToken to process for the login attempt.
+ * @return a Subject representing the authenticated user.
+ * @throws AuthenticationException if there is a problem authenticating the specified <tt>token</tt>.
+ */
+ public Subject login(AuthenticationToken token) throws AuthenticationException {
+ AuthenticationInfo info;
+ try {
+ info = authenticate(token);
+ onSuccessfulLogin(token, info);
+ } catch (AuthenticationException ae) {
+ try {
+ onFailedLogin(token, ae);
+ } catch (Exception e) {
+ if (log.isInfoEnabled()) {
+ log.info("onFailedLogin(AuthenticationToken,AuthenticationException) method threw an " +
+ "exception. Logging and propagating original AuthenticationException.", e);
+ }
+ }
+ throw ae; //propagate
+ }
+ Subject subject = createSubject(token, info);
+ assertCreation(subject);
+ bind(subject);
+ return subject;
+ }
+
+ protected void onSuccessfulLogin(AuthenticationToken token, AuthenticationInfo info) {
+ rememberMeSuccessfulLogin(token, info);
+ }
+
+ protected void onFailedLogin(AuthenticationToken token, AuthenticationException ae) {
+ rememberMeFailedLogin(token, ae);
+ }
+
+ protected void beforeLogout(PrincipalCollection subjectIdentifier) {
+ rememberMeLogout(subjectIdentifier);
+ }
+
+ protected Subject getSubject(PrincipalCollection principals) {
+ //Method arg is ignored at the moment - retrieve from the environment if it exists:
+ return getSubject(false);
+ }
+
+ public void logout(PrincipalCollection principals) {
+
+ Subject subject;
+
+ if (principals != null) {
+ beforeLogout(principals);
+ Authenticator authc = getAuthenticator();
+ if (authc instanceof LogoutAware) {
+ ((LogoutAware) authc).onLogout(principals);
+ }
+ subject = getSubject(principals);
+ } else {
+ subject = getSubject(false);
+ }
+
+ try {
+ unbind(subject);
+ } catch (Exception e) {
+ if (log.isDebugEnabled()) {
+ String msg = "Unable to cleanly unbind Subject. Ignoring (logging out).";
+ log.debug(msg, e);
+ }
+ } finally {
+ try {
+ stopSession(subject);
+ } catch (Exception e) {
+ if (log.isDebugEnabled()) {
+ String msg = "Unable to cleanly stop Session for Subject [" + subject.getPrincipal() + "] " +
+ "Ignoring (logging out).";
+ log.debug(msg, e);
+ }
+ }
+
+ }
+ }
+
+ protected void stopSession(Subject subject) {
+ Session s = subject.getSession(false);
+ if (s != null) {
+ try {
+ s.stop();
+ } catch (InvalidSessionException ise) {
+ //ignored - we're invalidating, and have no further need of the session anyway
+ //log just in case someone wants to know:
+ if (log.isTraceEnabled()) {
+ log.trace("Session has already been invalidated for subject [" +
+ subject.getPrincipal() + "]. Ignoring and continuing logout ...", ise);
+ }
+ }
+ }
+ }
+
+ protected void unbind(Subject subject) {
+ getSubjectBinder().unbind(subject);
+ }
+
+ protected PrincipalCollection getRememberedIdentity() {
+ RememberMeManager rmm = getRememberMeManager();
+ if (rmm != null) {
+ try {
+ return rmm.getRememberedPrincipals();
+ } catch (Exception e) {
+ if (log.isWarnEnabled()) {
+ String msg = "Delegate RememberMeManager instance of type [" + rmm.getClass().getName() +
+ "] threw an exception during getRememberedPrincipals().";
+ log.warn(msg, e);
+ }
+ }
+ }
+ return null;
+ }
+
+ protected Subject getSubject(boolean create) {
+ Subject subject = getSubjectBinder().getSubject();
+ if (subject == null && create) {
+ subject = createSubject();
+ bind(subject);
+ }
+ return subject;
+ }
+
+ public Subject getSubject() {
+ return getSubject(true);
+ }
+
+ protected PrincipalCollection getPrincipals(Session session) {
+ return (PrincipalCollection) session.getAttribute(SessionSubjectBinder.PRINCIPALS_SESSION_KEY);
+ }
+
+ protected boolean isAuthenticated(Session session, PrincipalCollection principals) {
+ if (principals != null) {
+ Boolean authc = (Boolean) session.getAttribute(SessionSubjectBinder.AUTHENTICATED_SESSION_KEY);
+ return authc != null && authc;
+ }
+ return false;
+ }
+
+ /**
+ * Acquires the {@link Subject Subject} that owns the {@link Session Session} with the specified {@code sessionId}.
+ *
+ * <p><b>Although simple in concept, this method provides incredibly powerful functionality:</b>
+ *
+ * <p>The ability to reference a {@code Subject} and their server-side session
+ * <em>across clients of different mediums</em> such as web applications, Java applets,
+ * standalone C# clients over XMLRPC and/or SOAP, and many others. This is a <em>huge</em>
+ * benefit in heterogeneous enterprise applications.
+ *
+ * <p>To maintain session integrity across client mediums, the {@code sessionId} <b>must</b> be transmitted
+ * to all client mediums securely (e.g. over SSL) to prevent man-in-the-middle attacks. This
+ * is nothing new - all web applications are susceptible to the same problem when transmitting
+ * {@code Cookie}s or when using URL rewriting. As long as the
+ * {@code sessionId} is transmitted securely, session integrity can be maintained.
+ *
+ * @param sessionId the id of the session that backs the desired Subject being acquired.
+ * @return the {@code Subject} that owns the {@code Session Session} with the specified {@code sessionId}
+ * @throws org.apache.ki.session.InvalidSessionException
+ * if the session identified by <tt>sessionId</tt> has
+ * been stopped, expired, or doesn't exist.
+ * @throws org.apache.ki.authz.AuthorizationException
+ * if the executor of this method is not allowed to acquire the owning {@code Subject}. The reason
+ * for the exception is implementation-specific and could be for any number of reasons. A common
+ * reason in many systems would be if one host tried to acquire a {@code Subject} based on a
+ * {@code Session} that originated on an entirely different host (although it is not a Ki
+ * requirement this scenario is disallowed - its just an example that <em>may</em> throw an Exception in
+ * some systems).
+ * @see org.apache.ki.authz.HostUnauthorizedException
+ * @since 1.0
+ */
+ private Subject getSubjectBySessionId(Serializable sessionId) throws InvalidSessionException, AuthorizationException {
+ if (!isValid(sessionId)) {
+ String msg = "Specified id [" + sessionId + "] does not correspond to a valid Session It either " +
+ "does not exist or the corresponding session has been stopped or expired.";
+ throw new InvalidSessionException(msg, sessionId);
+ }
+
+ Session existing = new DelegatingSession(this, sessionId);
+ PrincipalCollection principals = getPrincipals(existing);
+ boolean authenticated = isAuthenticated(existing, principals);
+ InetAddress host = existing.getHostAddress();
+
+ return getSubjectFactory().createSubject(principals, existing, authenticated, host);
+ }
}
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/RealmSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/RealmSecurityManager.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/RealmSecurityManager.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/RealmSecurityManager.java Thu Mar 26 00:19:03 2009
@@ -28,7 +28,7 @@
/**
- * Apache Ki support of a {@link SecurityManager} class hierarchy based around a collection of
+ * Ki support of a {@link SecurityManager} class hierarchy based around a collection of
* {@link org.apache.ki.realm.Realm}s. All actual {@code SecurityManager} method implementations are left to
* subclasses.
*
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SecurityManager.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SecurityManager.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SecurityManager.java Thu Mar 26 00:19:03 2009
@@ -1,105 +1,105 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.ki.mgt;
-
-import org.apache.ki.authc.AuthenticationException;
-import org.apache.ki.authc.AuthenticationToken;
-import org.apache.ki.authc.Authenticator;
-import org.apache.ki.authz.Authorizer;
-import org.apache.ki.session.mgt.SessionManager;
-import org.apache.ki.subject.PrincipalCollection;
-import org.apache.ki.subject.Subject;
-
-
-/**
- * A <tt>SecurityManager</tt> executes all security operations for <em>all</em> Subjects (aka users) across a
- * single application.
- *
- * <p>The interface itself primarily exists as a convenience - it extends the {@link org.apache.ki.authc.Authenticator},
- * {@link Authorizer}, and {@link SessionManager} interfaces, thereby consolidating
- * these behaviors into a single point of reference. For most Apache Ki usages, this simplifies configuration and
- * tends to be a more convenient approach than referencing <code>Authenticator</code>, <code>Authorizer</code>, and
- * <code>SessionManager</code> instances seperately; instead one only needs to interact with a
- * single <tt>SecurityManager</tt> instance.</p>
- *
- * <p>In addition to the above three interfaces, three unique methods are provided by this interface by itself,
- * {@link #login}, {@link #logout} and {@link #getSubject}. A {@link org.apache.ki.subject.Subject Subject} executes
- * authentication, authorization, and session operations for a <em>single</em> user, and as such can only be
- * managed by <tt>A SecurityManager</tt> which is aware of all three functions. The three parent interfaces on the
- * other hand do not 'know' about <tt>Subject</tt>s to ensure a clean separation of concerns.
- *
- * <p><b>Usage Note</b>: In actuality the large majority of application programmers won't interact with a SecurityManager
- * very often, if at all. <em>Most</em> application programmers only care about security operations for the currently
- * executing user.
- *
- * <p>In that case, the application programmer can call the
- * {@link #getSubject() getSubject()} method and then use that returned instance for continued interaction with
- * Apache Ki. If your application code does not have a direct handle to the application's
- * <code>SecurityManager</code>, you can use {@link org.apache.ki.SecurityUtils SecurityUtils} anywhere in your code
- * to achieve the same result.
- *
- * <p>Framework developers on the other hand might find working with an actual SecurityManager useful.
- *
- * @author Les Hazlewood
- * @see org.apache.ki.mgt.DefaultSecurityManager
- * @since 0.2
- */
-public interface SecurityManager extends Authenticator, Authorizer, SessionManager {
-
- /**
- * Logs in a user, returning a Subject instance if the authentication is successful or throwing an
- * <code>AuthenticationException</code> if it is not.
- * <p/>
- * Note that most application developers should probably not call this method directly unless they have a good
- * reason for doing so. The preferred way to log in a Subject is to call
- * <code>{@link org.apache.ki.subject.Subject#login Subject.login(authenticationToken)}</code> (usually after acquiring the
- * Subject by calling {@link org.apache.ki.SecurityUtils#getSubject() SecurityUtils.getSubject()}).
- * <p/>
- * Framework developers on the other hand might find calling this method directly useful in certain cases.
- *
- * @param authenticationToken the token representing the Subject's principal(s) and credential(s)
- * @return an authenticated Subject upon a successful attempt
- * @throws org.apache.ki.authc.AuthenticationException if the login attempt failed.
- * @since 0.9
- */
- Subject login(AuthenticationToken authenticationToken) throws AuthenticationException;
-
- /**
- * Logs out the specified Subject from the system.
- *
- * <p>Note that most application developers should not call this method unless they have a good reason for doing
- * so. The preferred way to logout a Subject is to call <code>{@link org.apache.ki.subject.Subject#logout Subject.logout()}</code>, not
- * the <code>SecurityManager</code> directly.
- * <p/>
- * Framework developers on the other hand might find calling this method directly useful in certain cases.
- *
- * @param subjectIdentifier the identifier of the subject/user to log out.
- * @see #getSubject()
- * @since 0.9
- */
- void logout(PrincipalCollection subjectIdentifier);
-
- /**
- * Returns the <tt>Subject</tt> instance representing the currently executing user.
- *
- * @return the <tt>Subject</tt> instance representing the currently executing user.
- * @since 0.9
- */
- Subject getSubject();
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ki.mgt;
+
+import org.apache.ki.authc.AuthenticationException;
+import org.apache.ki.authc.AuthenticationToken;
+import org.apache.ki.authc.Authenticator;
+import org.apache.ki.authz.Authorizer;
+import org.apache.ki.session.mgt.SessionManager;
+import org.apache.ki.subject.PrincipalCollection;
+import org.apache.ki.subject.Subject;
+
+
+/**
+ * A <tt>SecurityManager</tt> executes all security operations for <em>all</em> Subjects (aka users) across a
+ * single application.
+ *
+ * <p>The interface itself primarily exists as a convenience - it extends the {@link org.apache.ki.authc.Authenticator},
+ * {@link Authorizer}, and {@link SessionManager} interfaces, thereby consolidating
+ * these behaviors into a single point of reference. For most Ki usages, this simplifies configuration and
+ * tends to be a more convenient approach than referencing <code>Authenticator</code>, <code>Authorizer</code>, and
+ * <code>SessionManager</code> instances seperately; instead one only needs to interact with a
+ * single <tt>SecurityManager</tt> instance.</p>
+ *
+ * <p>In addition to the above three interfaces, three unique methods are provided by this interface by itself,
+ * {@link #login}, {@link #logout} and {@link #getSubject}. A {@link org.apache.ki.subject.Subject Subject} executes
+ * authentication, authorization, and session operations for a <em>single</em> user, and as such can only be
+ * managed by <tt>A SecurityManager</tt> which is aware of all three functions. The three parent interfaces on the
+ * other hand do not 'know' about <tt>Subject</tt>s to ensure a clean separation of concerns.
+ *
+ * <p><b>Usage Note</b>: In actuality the large majority of application programmers won't interact with a SecurityManager
+ * very often, if at all. <em>Most</em> application programmers only care about security operations for the currently
+ * executing user.
+ *
+ * <p>In that case, the application programmer can call the
+ * {@link #getSubject() getSubject()} method and then use that returned instance for continued interaction with
+ * Ki. If your application code does not have a direct handle to the application's
+ * <code>SecurityManager</code>, you can use {@link org.apache.ki.SecurityUtils SecurityUtils} anywhere in your code
+ * to achieve the same result.
+ *
+ * <p>Framework developers on the other hand might find working with an actual SecurityManager useful.
+ *
+ * @author Les Hazlewood
+ * @see org.apache.ki.mgt.DefaultSecurityManager
+ * @since 0.2
+ */
+public interface SecurityManager extends Authenticator, Authorizer, SessionManager {
+
+ /**
+ * Logs in a user, returning a Subject instance if the authentication is successful or throwing an
+ * <code>AuthenticationException</code> if it is not.
+ * <p/>
+ * Note that most application developers should probably not call this method directly unless they have a good
+ * reason for doing so. The preferred way to log in a Subject is to call
+ * <code>{@link org.apache.ki.subject.Subject#login Subject.login(authenticationToken)}</code> (usually after acquiring the
+ * Subject by calling {@link org.apache.ki.SecurityUtils#getSubject() SecurityUtils.getSubject()}).
+ * <p/>
+ * Framework developers on the other hand might find calling this method directly useful in certain cases.
+ *
+ * @param authenticationToken the token representing the Subject's principal(s) and credential(s)
+ * @return an authenticated Subject upon a successful attempt
+ * @throws org.apache.ki.authc.AuthenticationException if the login attempt failed.
+ * @since 0.9
+ */
+ Subject login(AuthenticationToken authenticationToken) throws AuthenticationException;
+
+ /**
+ * Logs out the specified Subject from the system.
+ *
+ * <p>Note that most application developers should not call this method unless they have a good reason for doing
+ * so. The preferred way to logout a Subject is to call <code>{@link org.apache.ki.subject.Subject#logout Subject.logout()}</code>, not
+ * the <code>SecurityManager</code> directly.
+ * <p/>
+ * Framework developers on the other hand might find calling this method directly useful in certain cases.
+ *
+ * @param subjectIdentifier the identifier of the subject/user to log out.
+ * @see #getSubject()
+ * @since 0.9
+ */
+ void logout(PrincipalCollection subjectIdentifier);
+
+ /**
+ * Returns the <tt>Subject</tt> instance representing the currently executing user.
+ *
+ * @return the <tt>Subject</tt> instance representing the currently executing user.
+ * @since 0.9
+ */
+ Subject getSubject();
}
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SecurityManagerAware.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SecurityManagerAware.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SecurityManagerAware.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SecurityManagerAware.java Thu Mar 26 00:19:03 2009
@@ -21,7 +21,7 @@
/**
* Interface providing a callback method that allows an implementation of this interface to receive a reference to
* the {@link org.apache.ki.mgt.SecurityManager SecurityManager} if they require one. This is mostly used by core implementation classes
- * for framework code and is rarely necessary for software developers enabling Apache Ki in their applications.
+ * for framework code and is rarely necessary for software developers enabling Ki in their applications.
*
* @author Les Hazlewood
* @since 1.0
Modified: incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SessionSubjectBinder.java
URL: http://svn.apache.org/viewvc/incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SessionSubjectBinder.java?rev=758476&r1=758475&r2=758476&view=diff
==============================================================================
--- incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SessionSubjectBinder.java (original)
+++ incubator/jsecurity/trunk/core/src/main/java/org/apache/ki/mgt/SessionSubjectBinder.java Thu Mar 26 00:19:03 2009
@@ -54,8 +54,8 @@
* end of request/thread execution, and a new one is created on the next request/method invocation as per step #1.</li>
* </ol>
* <p/>
- * Indeed this is exactly how Apache Ki's default behavior works in enterprise server and web-based environments. It is
- * enabled in the <code>Apache KiFilter</code> for web-based environments as well as remote-method-invocation-based
+ * Indeed this is exactly how Ki's default behavior works in enterprise server and web-based environments. It is
+ * enabled in the <code>KiFilter</code> for web-based environments as well as remote-method-invocation-based
* components for non-web environments.
*
* @author Les Hazlewood