public abstract class SubjectUtil
extends java.lang.Object
Constructor and Description |
---|
SubjectUtil() |
Modifier and Type | Method and Description |
---|---|
static java.security.Principal |
getAnonymousRole(javax.security.auth.Subject subject)
Extract the anonymous role from the subject
|
static javax.security.auth.Subject |
getAnonymousSubject()
This method returns the anonymous subject
|
static java.security.Principal |
getAnonymousUser(javax.security.auth.Subject subject)
Extract anoymous user from the subject
|
static java.security.Principal |
getAuthenticatedRole(javax.security.auth.Subject subject)
Extract the authenticated role from the subject
|
static java.security.Principal |
getAuthenticatedUser(javax.security.auth.Subject subject)
Extract authenticated user from the subject.
|
static java.security.Principal |
getAuthenticatedUser(javax.security.auth.Subject subject, boolean checkForAnonUser)
Extract authenticated user from the subject
|
static java.lang.String |
getAuthenticatedUserUniqueID(javax.security.auth.Subject subject)
Extract unique ID of the authenticated user from the subject.
|
static javax.security.auth.Subject |
getCurrentSubject()
Gets the
Subject associated with the current AccessControlContext . |
static java.util.Set<java.security.Principal> |
getEnterpriseRolePrincipals(javax.security.auth.Subject s)
This method returns the set of enterprise role principals based on the application server platform.
|
static java.util.Set<java.security.Principal> |
getJpsPrincipals(javax.security.auth.Subject s, JpsPrincipalType type)
This method returns the set of JPS principals for the given
JpsPrincipalType |
static java.util.Set<PrincipalHolder> |
getRolePrincipalHolder(java.security.Principal principal)
Returns the set of
PrincipalHolder for all direct and indirect granted enterprise roles for this user principal |
static PrincipalHolder |
getRolePrincipalHolder(java.lang.String roleGuid)
Returns the enterprise role
PrincipalHolder object for the given enterprise role GUID |
static java.util.Set<PrincipalHolder> |
getRolePrincipalHolder(javax.security.auth.Subject subject)
Returns the set of
PrincipalHolder for all direct and indirect granted enterprise roles for the user present in this subject |
static java.lang.String |
getUserName(javax.security.auth.Subject s)
This method returns the enterprise user name based on the application server platform.
|
static java.security.Principal |
getUserPrincipal(javax.security.auth.Subject s)
This method returns the enterprise user principal based on the application server platform.
|
static PrincipalHolder |
getUserPrincipalHolder(java.security.Principal principal)
For the given user principal, returns the
PrincipalHolder for this user principal if present, otherwise returns null |
static PrincipalHolder |
getUserPrincipalHolder(java.lang.String userGuid)
Returns the enterprise user
PrincipalHolder object for the given enterprise user GUID |
static PrincipalHolder |
getUserPrincipalHolder(javax.security.auth.Subject subject)
For the given authenticated subject, returns the
PrincipalHolder for user principal in this subejct if present, otherwise returns null |
static java.lang.String |
getUserUniqueIdentifier(javax.security.auth.Subject subject)
Extract unique identifier of the user from the subject.
|
static java.lang.String |
getVirtualUserName(javax.security.auth.Subject subject)
This method returns the virtual user name if the specified subject represents a virtual user.
|
static boolean |
isUserAnonymous(javax.security.auth.Subject subject)
Check if the user is anonymous in the subject
|
static boolean |
isUserAuthenticated(javax.security.auth.Subject subject)
Check if ther user is authenticated
|
static boolean |
isUserInAnonymousRole(javax.security.auth.Subject subject)
Check if the user is in anonymous role
|
static boolean |
isUserInAppRole(javax.security.auth.Subject subject, java.lang.String appRoleName) |
static boolean |
isUserInAuthenticatedRole(javax.security.auth.Subject subject)
Check if the user is in authenticated role
|
static boolean |
isUserInEnterpriseRole(javax.security.auth.Subject subject, java.lang.String enterpriseRoleName) |
static boolean |
isUserVirtual(javax.security.auth.Subject subject)
Checks if the specified subject represents a virtual user.
|
public static javax.security.auth.Subject getCurrentSubject()
Subject
associated with the current AccessControlContext
.
This API simply retrieves the subject from the current AccessControlContext
. It does not convert a non-JPS subject to a JPS subject that contains JPS principals.
a Subject
created using container-specific mechanism can be converted to a JPS subject and associated with the current AccessControlContext
by JPS filter or JPS interceptor is configured. A JPS subject created using JPS login modules can be associated with the current AccessControlContext
using JPS SubjectSecurity
Subject
associated with the current AccessControlContext
, or null
if no Subject
is associated with the current AccessControlContext
public static boolean isUserAnonymous(javax.security.auth.Subject subject)
subject
- - incoming subjectpublic static boolean isUserAuthenticated(javax.security.auth.Subject subject)
subject
- - incoming subjectpublic static boolean isUserInAuthenticatedRole(javax.security.auth.Subject subject)
subject
- - incoming subjectpublic static boolean isUserInAnonymousRole(javax.security.auth.Subject subject)
subject
- - incoming subjectpublic static boolean isUserInAppRole(javax.security.auth.Subject subject, java.lang.String appRoleName)
public static boolean isUserInEnterpriseRole(javax.security.auth.Subject subject, java.lang.String enterpriseRoleName)
public static java.security.Principal getAnonymousUser(javax.security.auth.Subject subject)
subject
- - incoming subjectpublic static boolean isUserVirtual(javax.security.auth.Subject subject)
subject
- the specified subjectpublic static java.lang.String getVirtualUserName(javax.security.auth.Subject subject)
subject
- the specified subjectpublic static java.security.Principal getAuthenticatedUser(javax.security.auth.Subject subject)
getUserPrincipal(Subject s)
.subject
- - incoming subjectpublic static java.lang.String getAuthenticatedUserUniqueID(javax.security.auth.Subject subject) throws JpsException
getUserName(Subject s)
.
If the property oracle.security.jps.policy.useGuid is set true and the GUID value is non-null, then this method returns the GUID of the authenticated user.
Else if the property oracle.security.jps.policy.useGuid is set false and the unique name value is non-null, then this method returns the Unique Name of the authenticated user.
In either of the above 2 cases, or if it is a non <href>JpsUser</href> principal, the simple name is returned.
subject
- - incoming subjectJpsException
- - if there is an error during this operationpublic static java.security.Principal getAuthenticatedUser(javax.security.auth.Subject subject, boolean checkForAnonUser)
subject
- - incoming subjectcheckForAnonUser
- - whether to check for anonymous user or notpublic static java.lang.String getUserUniqueIdentifier(javax.security.auth.Subject subject) throws JpsException
The User is obtained from the Subject in the following order:
subject
contains an Authenticated User and an Anonymous User then an exception is thrown.subject
contains an Authenticated User then this user is used.subject
does not contain an Authenticated User and it contains an Anonymous User, then the anonymous user is used.subject
does not contain any User Principals (Authenticated or Anonymous), then an Exception is thrown.The unique identifier is obtained from the user in the following order:
subject
- to retrieve the user's unique identifier fromJpsException
- if there was an error while retreiving the unique identifier.java.lang.IllegalArgumentException
- if the subject
is null
or if
subject
contains an JpsAnonymous
Principal type and an Authenticated User Principal, or if
the subject
does not contain any Principals
public static java.security.Principal getAnonymousRole(javax.security.auth.Subject subject)
subject
- - incoming subjectpublic static java.security.Principal getAuthenticatedRole(javax.security.auth.Subject subject)
subject
- - incoming subjectpublic static java.security.Principal getUserPrincipal(javax.security.auth.Subject s)
s
- - incoming subjectpublic static java.util.Set<java.security.Principal> getEnterpriseRolePrincipals(javax.security.auth.Subject s)
s
- - incoming subjectpublic static java.lang.String getUserName(javax.security.auth.Subject s)
s
- - incoming subjectpublic static java.util.Set<java.security.Principal> getJpsPrincipals(javax.security.auth.Subject s, JpsPrincipalType type)
JpsPrincipalType
s
- - incoming subjecttype
- - the JpsPrincipalType
JpsPrincipalType
Also this method is only for design time usage and not supposed to be used at runtime. Use getUserPrincipal
and getEnterpriseRolePrincipals
APIs instead.public static javax.security.auth.Subject getAnonymousSubject()
public static PrincipalHolder getUserPrincipalHolder(javax.security.auth.Subject subject)
PrincipalHolder
for user principal in this subejct if present, otherwise returns nullsubject
- - The authenticated subject that has the user principalPrincipalHolder
for the user present in this subject if found, otherwise returns nullpublic static PrincipalHolder getUserPrincipalHolder(java.security.Principal principal)
PrincipalHolder
for this user principal if present, otherwise returns nullprincipal
- - The user principalPrincipalHolder
for this user principal if found, otherwise returns nullpublic static java.util.Set<PrincipalHolder> getRolePrincipalHolder(javax.security.auth.Subject subject)
PrincipalHolder
for all direct and indirect granted enterprise roles for the user present in this subjectsubject
- - The subject that has user to get the set of PrincipalHolder
for all direct and indirect granted enterprise rolesPrincipalHolder
if found, otherwise returns empty setpublic static java.util.Set<PrincipalHolder> getRolePrincipalHolder(java.security.Principal principal)
PrincipalHolder
for all direct and indirect granted enterprise roles for this user principalprincipal
- - The user principal to get the set of PrincipalHolder
for all the direct and indirect granted enterprise roles for this userPrincipalHolder
if found, otherwise returns empty setpublic static PrincipalHolder getUserPrincipalHolder(java.lang.String userGuid)
PrincipalHolder
object for the given enterprise user GUIDuserGuid
- - The GUID for enterprise userPrincipalHolder
object if found, otherwise returns nullpublic static PrincipalHolder getRolePrincipalHolder(java.lang.String roleGuid)
PrincipalHolder
object for the given enterprise role GUIDroleGuid
- - The GUID for enterprise rolePrincipalHolder
object if found, otherwise returns null