Skip navigation links

Oracle Fusion Middleware Oracle Platform Security Services API Reference
11g Release 1 (11.1.1)

E14650-01


oracle.security.jps.util
Class SubjectUtil

java.lang.Object
  extended by oracle.security.jps.util.SubjectUtil


public abstract class SubjectUtil
extends java.lang.Object

Constructor Summary
SubjectUtil()
           

 

Method Summary
static java.security.Principal getAnonymousRole(javax.security.auth.Subject subject)
          Extract the anonymous role from the subject
static javax.security.auth.Subject getAnonymousSubject()
          This method returns the anonymous subject
static java.security.Principal getAnonymousUser(javax.security.auth.Subject subject)
          Extract anoymous user from the subject
static java.security.Principal getAuthenticatedRole(javax.security.auth.Subject subject)
          Extract the authenticated role from the subject
static java.security.Principal getAuthenticatedUser(javax.security.auth.Subject subject)
          Extract authenticated user from the subject.
static java.security.Principal getAuthenticatedUser(javax.security.auth.Subject subject, boolean checkForAnonUser)
          Extract authenticated user from the subject
static java.lang.String getAuthenticatedUserUniqueID(javax.security.auth.Subject subject)
          Extract unique ID of the authenticated user from the subject.
static javax.security.auth.Subject getCurrentSubject()
          Return current Subject based on which authZ is determined.
static java.util.Set<java.security.Principal> getEnterpriseRolePrincipals(javax.security.auth.Subject s)
          This method returns the set of enterprise role principals based on the application server platform.
static java.util.Set<java.security.Principal> getJpsPrincipals(javax.security.auth.Subject s, JpsPrincipalType type)
          This method returns the set of JPS principals for the given JpsPrincipalType
static java.util.Set<PrincipalHolder> getRolePrincipalHolder(java.security.Principal principal)
          Returns the set of PrincipalHolder for all direct and indirect granted enterprise roles for this user principal
static PrincipalHolder getRolePrincipalHolder(java.lang.String roleGuid)
          Returns the enterprise role PrincipalHolder object for the given enterprise role GUID
static java.util.Set<PrincipalHolder> getRolePrincipalHolder(javax.security.auth.Subject subject)
          Returns the set of PrincipalHolder for all direct and indirect granted enterprise roles for the user present in this subject
static java.lang.String getUserName(javax.security.auth.Subject s)
          This method returns the enterprise user name based on the application server platform.
static java.security.Principal getUserPrincipal(javax.security.auth.Subject s)
          This method returns the enterprise user principal based on the application server platform.
static PrincipalHolder getUserPrincipalHolder(java.security.Principal principal)
          For the given user principal, returns the PrincipalHolder for this user principal if present, otherwise returns null
static PrincipalHolder getUserPrincipalHolder(java.lang.String userGuid)
          Returns the enterprise user PrincipalHolder object for the given enterprise user GUID
static PrincipalHolder getUserPrincipalHolder(javax.security.auth.Subject subject)
          For the given authenticated subject, returns the PrincipalHolder for user principal in this subejct if present, otherwise returns null
static java.lang.String getUserUniqueIdentifier(javax.security.auth.Subject subject)
          Extract unique identifier of the user from the subject.
static boolean isUserAnonymous(javax.security.auth.Subject subject)
          Check if the user is anonymous in the subject
static boolean isUserAuthenticated(javax.security.auth.Subject subject)
          Check if ther user is authenticated
static boolean isUserInAnonymousRole(javax.security.auth.Subject subject)
          Check if the user is in anonymous role
static boolean isUserInAuthenticatedRole(javax.security.auth.Subject subject)
          Check if the user is in authenticated role

 

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

 

Constructor Detail

SubjectUtil

public SubjectUtil()

Method Detail

getCurrentSubject

public static javax.security.auth.Subject getCurrentSubject()
Return current Subject based on which authZ is determined. This is a wrapper as Subject can be obtained in various ways in different containers.
Returns:
Subject - current Subject

isUserAnonymous

public static boolean isUserAnonymous(javax.security.auth.Subject subject)
Check if the user is anonymous in the subject
Parameters:
subject - - incoming subject
Returns:
true - if user is anonymous, false otherwise.

isUserAuthenticated

public static boolean isUserAuthenticated(javax.security.auth.Subject subject)
Check if ther user is authenticated
Parameters:
subject - - incoming subject
Returns:
true - if user is authenticated, false otherwise

isUserInAuthenticatedRole

public static boolean isUserInAuthenticatedRole(javax.security.auth.Subject subject)
Check if the user is in authenticated role
Parameters:
subject - - incoming subject
Returns:
true - if ther user is in authenticated role, false otherwise

isUserInAnonymousRole

public static boolean isUserInAnonymousRole(javax.security.auth.Subject subject)
Check if the user is in anonymous role
Parameters:
subject - - incoming subject
Returns:
true - if the user is anonymous, false otherwise

getAnonymousUser

public static java.security.Principal getAnonymousUser(javax.security.auth.Subject subject)
Extract anoymous user from the subject
Parameters:
subject - - incoming subject
Returns:
anonymous principal or null if not found

getAuthenticatedUser

public static java.security.Principal getAuthenticatedUser(javax.security.auth.Subject subject)
Extract authenticated user from the subject. This method only returns the authenticated JPS User principal. For platform specific user use getUserPrincipal(Subject s).
Parameters:
subject - - incoming subject
Returns:
authenticated user principal return a principal of type JpsUser else return a principal of type "jps.user.principal.class.name" else return the first principal in the subject or null if subject has no principals

getAuthenticatedUserUniqueID

public static java.lang.String getAuthenticatedUserUniqueID(javax.security.auth.Subject subject)
                                                     throws JpsException
Extract unique ID of the authenticated user from the subject. Currently, this method only returns the unique name of the authenticated JPS User principal. For platform specific user name use getUserName(Subject s).

If the property oracle.security.jps.policy.useGuid is set true and the GUID value is non-null, then this method returns the GUID of the authenticated user.

Else if the property oracle.security.jps.policy.useGuid is set false and the unique name value is non-null, then this method returns the Unique Name of the authenticated user.

In either of the above 2 cases, or if it is a non <href>JpsUser</href> principal, the simple name is returned.

Parameters:
subject - - incoming subject
Returns:
returns the Unique ID of the authenticated user
Throws:
JpsException - - if there is an error during this operation

getAuthenticatedUser

public static java.security.Principal getAuthenticatedUser(javax.security.auth.Subject subject,
                                                           boolean checkForAnonUser)
Extract authenticated user from the subject
Parameters:
subject - - incoming subject
checkForAnonUser - - whether to check for anonymous user or not
Returns:
authenticated user principal return a principal of type JpsUser else return a principal of type "jps.user.principal.class.name" else return the first principal in the subject or null if subject has no principals

getUserUniqueIdentifier

public static java.lang.String getUserUniqueIdentifier(javax.security.auth.Subject subject)
                                                throws JpsException
Extract unique identifier of the user from the subject. <p/>

The User is obtained from the Subject in the following order:

  1. If the subject contains an Authenticated User and an Anonymous User then an exception is thrown.
  2. If the subject contains an Authenticated User then this user is used.
  3. If the subject does not contain an Authenticated User and it contains an Anonymous User, then the anonymous user is used.
  4. If the subject does not contain any User Principals (Authenticated or Anonymous), then an Exception is thrown.

The unique identifier is obtained from the user in the following order:

  1. If the GUID is non-null, then the GUID is returned.
  2. If the Unique Name is non-null, then the Unique Name is returned.
  3. Otherwise the simple name of the user Principal is returned.
NOTES: The authenticated user is determined as described here (see getAuthenticatedUser(javax.security.auth.Subject)).
Parameters:
subject - to retrieve the user's unique identifier from
Returns:
returns the Unique Identifier of the user
Throws:
JpsException - if there was an error while retreiving the unique identifier.
java.lang.IllegalArgumentException - if the subject is null or if

subject contains an JpsAnonymous Principal type and an Authenticated User Principal, or if

the subject does not contain any Principals


getAnonymousRole

public static java.security.Principal getAnonymousRole(javax.security.auth.Subject subject)
Extract the anonymous role from the subject
Parameters:
subject - - incoming subject
Returns:
return anonymous role or null if not found

getAuthenticatedRole

public static java.security.Principal getAuthenticatedRole(javax.security.auth.Subject subject)
Extract the authenticated role from the subject
Parameters:
subject - - incoming subject
Returns:
return authneticated role or null if not found

getUserPrincipal

public static java.security.Principal getUserPrincipal(javax.security.auth.Subject s)
This method returns the enterprise user principal based on the application server platform. For example on WebLogic, this API will return the WLSUser principal.
Parameters:
s - - incoming subject
Returns:
enterprise user principal from the subject

getEnterpriseRolePrincipals

public static java.util.Set<java.security.Principal> getEnterpriseRolePrincipals(javax.security.auth.Subject s)
This method returns the set of enterprise role principals based on the application server platform. For example on WebLogic, this API will return the set if WLSGroup principals.
Parameters:
s - - incoming subject
Returns:
the set of enterprise role principals

getUserName

public static java.lang.String getUserName(javax.security.auth.Subject s)
This method returns the enterprise user name based on the application server platform. For example on WebLogic, this API will return the name of WLSUser.
Parameters:
s - - incoming subject
Returns:
user name from the subject

getJpsPrincipals

public static java.util.Set<java.security.Principal> getJpsPrincipals(javax.security.auth.Subject s,
                                                                      JpsPrincipalType type)
This method returns the set of JPS principals for the given JpsPrincipalType
Parameters:
s - - incoming subject
type - - the JpsPrincipalType
Returns:
the set of principals of JpsPrincipalType Also this method is only for design time usage and not supposed to be used at runtime. Use getUserPrincipal and getEnterpriseRolePrincipals APIs instead.

getAnonymousSubject

public static javax.security.auth.Subject getAnonymousSubject()
This method returns the anonymous subject
Returns:
- the anonymous subject

getUserPrincipalHolder

public static PrincipalHolder getUserPrincipalHolder(javax.security.auth.Subject subject)
For the given authenticated subject, returns the PrincipalHolder for user principal in this subejct if present, otherwise returns null
Parameters:
subject - - The authenticated subject that has the user principal
Returns:
- the PrincipalHolder for the user present in this subject if found, otherwise returns null

getUserPrincipalHolder

public static PrincipalHolder getUserPrincipalHolder(java.security.Principal principal)
For the given user principal, returns the PrincipalHolder for this user principal if present, otherwise returns null
Parameters:
principal - - The user principal
Returns:
- the PrincipalHolder for this user principal if found, otherwise returns null

getRolePrincipalHolder

public static java.util.Set<PrincipalHolder> getRolePrincipalHolder(javax.security.auth.Subject subject)
Returns the set of PrincipalHolder for all direct and indirect granted enterprise roles for the user present in this subject
Parameters:
subject - - The subject that has user to get the set of PrincipalHolder for all direct and indirect granted enterprise roles
Returns:
the set of PrincipalHolder if found, otherwise returns empty set

getRolePrincipalHolder

public static java.util.Set<PrincipalHolder> getRolePrincipalHolder(java.security.Principal principal)
Returns the set of PrincipalHolder for all direct and indirect granted enterprise roles for this user principal
Parameters:
principal - - The user principal to get the set of PrincipalHolder for all the direct and indirect granted enterprise roles for this user
Returns:
the set of PrincipalHolder if found, otherwise returns empty set

getUserPrincipalHolder

public static PrincipalHolder getUserPrincipalHolder(java.lang.String userGuid)
Returns the enterprise user PrincipalHolder object for the given enterprise user GUID
Parameters:
userGuid - - The GUID for enterprise user
Returns:
the enterprise user PrincipalHolder object if found, otherwise returns null

getRolePrincipalHolder

public static PrincipalHolder getRolePrincipalHolder(java.lang.String roleGuid)
Returns the enterprise role PrincipalHolder object for the given enterprise role GUID
Parameters:
roleGuid - - The GUID for enterprise role
Returns:
the enterprise role PrincipalHolder object if found, otherwise returns null

Skip navigation links

Oracle Fusion Middleware Oracle Platform Security Services API Reference
11g Release 1 (11.1.1)

E14650-01


Copyright © 2009, Oracle. All rights reserved.