provider package

Custom providers allow for the customization and extension of security enforcement as needed, by implementing Provider-side interfaces to author custom providers.

Members

All public members of the provider package.

AbstractAttributed class – This class provides an abstract implementation of interface Attributed.
AbstractAttributer class – Abstract implementation of Attributer.
AbstractAuthorizer class – Abstract implementation of Authorizer.
AbstractBootstrapConfiguration class – Abstract class providing core configuration provider services.
AbstractFactoryRetriever class – Common factory retriever base.
AbstractFileConfiguration class – Abstract class providing configuration-file based services.
AbstractLoginModule class – Provides common base implementations for most common LoginModule functions.
AbstractPrincipalContextRetriever class – Abstract class used as a base for context retriever implementations that retrieve the security context from a principal made available through some environmental object.
AbstractProfiler class – An abstract implementation of the Profiler interface.
AbstractRoleMapper class – Base class for implementing RoleMapper providers.
AbstractSecureDataServices class –
AbstractSecureFileConfiguration class – Abstract class for configuring keystore options in order to facilitate subclass to get key information and decrypt and encrypt specified configuration properties.
Attributer interface – This is the interface which Attributer providers must implement.
AttributerRegistration interface – This is the interface to support self registration functions, which Attributer providers can optionally implement.
AttributerRegistration2 interface – This is the interface to support self registration functions, which Attributer providers can optionally implement.
AuditConst interface – Interface that defines the constants for audit record types.
AuditDestination interface – The AuditDestination is the destination to which the audit information should be logged.
AuditFilter interface – An audit filter may be configured by the administrator to filter out undesired events and only log the events that match the specified filter.
AuditFormatter interface – The audit formatter is used to format an audit record from its component parts.
AuditToken interface – An interface that is used to tag audit token classes.
AuthenticationFailureWarningImpl class – Simple implementation for AuthenticationFailureWarning.
Authorizer interface – This is the required interface for authorization providers.
BasicNamed class – This class provides an implementation for Named.
BasicSecIDPrincipal class – Provides a simple Principal base implementation that implements SecIDPrincipal.
BasicSecNamePrincipal class – Provides a simple Principal base implementation that implements SecNamePrincipal.
Bootstrap class – Provides an object bootstrapping function.
CertificateValidation interface – Interface that provides certificate validation functionality.
CertificateValidationException class – An exception thrown by the Certificate Validation module.
ConfigurationParser class – Utility class that provides a tool to parse the internal configuration from the Map<String, String> format into Provider configuration classes for easy access to the configuration properties for the various providers.
ConfigurationProblem class – Represents the configuration problems discovered during configuration validation.
ConfigurationValidationService interface – Validates the supplied internal CSI configuration according to the stored provider metadata and lets the providers themselves validate the supplied configuration by performing runtime checks where possible.
ContextRetriever interface – Authors wishing to create context retrievers must implement this interface in a class with a public, no argument constructor.
ContextRetriever2 interface – Extended version of context retriever interface that allows the factory that was used to retrieve the context to be supplied.
ContextRetrieverPrincipal interface – Principal interface designed to be paired with AbstractPrincipalContextRetriever and its subclasses.
DigitalSignature interface – Interface to be implemented by secure data service providers that support digital signatures.
EncryptionTools class – This class performs specialized encryption/decryption functions for relatively short strings such as passwords.
ExternalConfigurationService interface – A service that will export the CSI configuration to a specified XML format.
FactoryRetriever interface – Concrete factory retrievers must implement this interface in a class with a public, no argument constructor.
MessageDigest interface – Interface to be implemented by secure data service providers that support message digest.
NamedCredentialProvider interface – This is the interface that the providers can implement so that the configuration validation service can retrieve the names of the NamedCredential(s) the provider adds to an authenticated subject so that it can verify if they conflict with the credentials added by other providers.
OptionMapHelper class – Provides some utility methods for retrieving options from a Map where there are default values and different data types involved.
PasswordExpirationWarningImpl class – Simple implementation for PasswordExpirationWarning.
PrefixMap< T > class – Utility class that extends HashMap that expects keys of type String.
Profiler interface – This is the interface that Profile providers must implement.
ProviderConst interface – Constants that are useful in implementing provider interfaces.
ProviderInfo interface – This interface may optionally implemented by providers of the following types:
ProviderServices interface – Interface that providers can use to access common services without interacting with other providers directly.
RoleMapAdministrable interface – Interface to aid in managing role mappings.
RoleMapper interface – Interface for providers that implement Role Mapping functionality.
SecConfigurationValidatingProvider interface – This is the interface that the providers can implement so that the configuration can be validated and the discovered validation errors can be reported prior to actually using the configuration.
SecContextProvider interface – Interface that should be implemented by providers that support the notion of a context (i.e., session) and need to perform specific actions when a context is created/destroyed.
SecIDPrincipal interface – Tagging interface that can be used to identify a custom Principal as one that should be mapped to the ID attribute of a SecSubject.
SecLoginExceptionAuthenticationFailureWarningImpl class – Simple LoginException implementation that implements the AuthenticationFailureWarning interface.
SecLoginExceptionWarningImpl class – Simple LoginException implementation that implements the SecWarning interface.
SecNamePrincipal interface – Tagging interface that can be used to identify a custom Principal as one that should be mapped to the NAME attribute of a SecSubject.
SecProvider interface – Common interface that should be implemented by all security providers (except authentication providers).
SecProviderCapabilities interface – Optional provider interface that allows providers to respond to capability requests.
SecProviderPersistence interface – This interface gives a provider the opportunity to remove elements from the context Map before context serialization occurs and insert them after deserialization.
SecureDataServices interface – Interface to be implemented by secure data service providers.
SecWarningImpl class – Simple implementation for SecWarning.
SynchronizedSecAdminContext class – This class synchronizes access to the supplied SecAdminContext instance.
SynchronizedSecContextImpl class – This class synchronizes access to the supplied SecContext instance.
WarningManager interface – Interface that providers can use to log and add warnings to the SecContext.

Remarks

Authentication Provider Interfaces The provider-side authentication interfaces are primarily based on Java Authentication and Authorization Services (JAAS). The goal of the design is to allow any implementation of the JAAS pluggable authentication module system to alternatively plug into the Security Framework. Specifically, the javax.security.auth.spi.LoginModule interface must be implemented by all authentication providers. The Framework provides a flexible mechanism for defining active authentication providers and their control flags. All of the control flags which are defined in JAAS are fully implemented in the Provider Framework. See the JAAS documentation for a complete discussion of the configuration options available with JAAS login modules.

Authorization Provider Interfaces The authorization provider interfaces are defined by the com.sybase.security.provider.Authorizer interface. There are two primary worker methods, checkRole() and checkAccess(). There are also two security context lifecycle methods, initContext() and destroyContext(), and one provider lifecycle method, init(), all of which are inherited from com.sybase.security.provider.SecContextProvider.

Attribution Providers The attribution providers are a catch-all for several different tasks:

Enumeration of resources, resource types, actions, roles
Retrieval of attributes for resources and subjects

The attribution providers have the same lifecycle methods as the authorization providers. The same rules should be followed with respect to thread-safety; all of the attribution provider methods include a context map which can be used to store state information associated with any given security context.

Profile Providers A profile provider is based on the Profiler interface. A profiler retrieves the profile information given a profile name. Multiple profilers can be configured. There are two supported operations getProfile() and listProfiles(). There are also two security context lifecycle methods, initContext() and destroyContext(), and one provider lifecycle method, init(), all of which are inherited from com.sybase.security.provider.SecProvider. If a profiler does not recognize a profile name then it simply returns null and the getProfile() method calls falls through to the next configured profiler. The listProfiles() method is invoked on all the configured profilers and the aggregate list is returned to the client.