/** * Create a new configuration which is the same as this configuration, but which uses the given identity * credentials to acquire the credential required for authentication. * * @param credentials the credentials to use * @return the new configuration */ public AuthenticationConfiguration useCredentials(CredentialSource credentials) { return new AuthenticationConfiguration(this, SET_CRED_SOURCE, credentials == null ? CredentialSource.NONE : credentials); }
/** * Use provider based discovery to load available {@link SaslClientFactory} implementations. * * @return the new configuration. */ public AuthenticationConfiguration useSaslClientFactoryFromProviders() { return new AuthenticationConfiguration(this, SET_SASL_FAC_SUP, null); }
/** * Use the given sasl client factory supplier to obtain the {@link SaslClientFactory} to use. * * @param saslClientFactory the sasl client factory supplier to use. * @return the new configuration. */ public AuthenticationConfiguration useSaslClientFactory(final Supplier<SaslClientFactory> saslClientFactory) { return new AuthenticationConfiguration(this, SET_SASL_FAC_SUP, saslClientFactory); }
/** * Create a new configuration which is the same as this configuration, but which adds or replaces every item in the * {@code other} configuration with that item, overwriting any corresponding such item in this configuration. * * @param other the other authentication configuration * @return the merged authentication configuration */ public AuthenticationConfiguration with(AuthenticationConfiguration other) { return new AuthenticationConfiguration(this, other); }
/** * Set the SASL mechanism selector for this authentication configuration. * * @param saslMechanismSelector the SASL mechanism selector, or {@code null} to clear the current selector * @return the new configuration */ public AuthenticationConfiguration setSaslMechanismSelector(SaslMechanismSelector saslMechanismSelector) { if (Objects.equals(this.saslMechanismSelector, saslMechanismSelector)) { return this; } return new AuthenticationConfiguration(this, SET_SASL_SELECTOR, saslMechanismSelector); }
/** * Use the given security provider supplier to locate security implementations. * * @param providerSupplier the provider supplier * @return the new configuration */ public AuthenticationConfiguration useProviders(Supplier<Provider[]> providerSupplier) { if (Objects.equals(this.providerSupplier, providerSupplier)) { return this; } return new AuthenticationConfiguration(this, SET_PROVIDER_SUPPLIER, providerSupplier); }
/** * Create a new configuration which is the same as this configuration, but which captures the caller's access * control context to be used in authentication decisions. * * @return the new configuration */ public AuthenticationConfiguration withCapturedAccessControlContext() { return new AuthenticationConfiguration(this, SET_ACCESS_CTXT, getContext()); }
/** * Create a new configuration which is the same as this configuration, but uses the given realm for authentication. * * @param realm the realm to use, or {@code null} to accept the default realm always * @return the new configuration */ public AuthenticationConfiguration useRealm(String realm) { if (Objects.equals(realm, this.setRealm)) { return this; } else { return new AuthenticationConfiguration(this, SET_REALM, realm); } }
/** * Create a new configuration which is the same as this configuration, but which attempts to authorize to the given * principal after authentication. Only mechanisms which support an authorization principal of the given type will * be selected. * * @param principal the principal to use, or {@code null} to not request authorization in the new configuration * @return the new configuration */ public AuthenticationConfiguration useAuthorizationPrincipal(Principal principal) { if (Objects.equals(principal, setAuthzPrincipal)) { return this; } else { return new AuthenticationConfiguration(this, SET_AUTHZ_PRINCIPAL, principal); } }
/** * Create a new configuration which is the same as this configuration, but which forwards the authentication name * from the current identity of the given security domain. * * @param securityDomain the security domain * @return the new configuration */ public AuthenticationConfiguration useForwardedAuthenticationIdentity(SecurityDomain securityDomain) { if (Objects.equals(authenticationNameForwardSecurityDomain, securityDomain)) { return this; } else { return new AuthenticationConfiguration(this, SET_ACCESS_CTXT, securityDomain != null ? getContext() : null, SET_FWD_AUTH_NAME_DOMAIN, securityDomain); } }
/** * Create a new configuration which is the same as this configuration, but which forwards the authorization name * from the current identity of the given security domain. * * @param securityDomain the security domain * @return the new configuration */ public AuthenticationConfiguration useForwardedAuthorizationIdentity(SecurityDomain securityDomain) { if (Objects.equals(authorizationNameForwardSecurityDomain, securityDomain)) { return this; } else { return new AuthenticationConfiguration(this, SET_ACCESS_CTXT, securityDomain != null ? getContext() : null, SET_FWD_AUTHZ_NAME_DOMAIN, securityDomain); } }
/** * Create a new configuration which is the same as this configuration, but which forwards the authentication * credentials from the current identity of the given security domain. * * @param securityDomain the security domain * @return the new configuration */ public AuthenticationConfiguration useForwardedAuthenticationCredentials(SecurityDomain securityDomain) { if (Objects.equals(authenticationCredentialsForwardSecurityDomain, securityDomain)) { return this; } else { return new AuthenticationConfiguration(this, SET_ACCESS_CTXT, securityDomain != null ? getContext() : null, SET_FWD_AUTH_CRED_DOMAIN, securityDomain); } }
/** * Create a new configuration which is the same as this configuration, but which specifies a different protocol to be passed to the authentication mechanisms. * * @param saslProtocol the protocol to pass to the authentication mechanisms. * @return the new configuration */ public AuthenticationConfiguration useSaslProtocol(String saslProtocol) { if (saslProtocol == null || saslProtocol.isEmpty()) { saslProtocol = null; } if (Objects.equals(this.saslProtocol, saslProtocol)) { return this; } else { return new AuthenticationConfiguration(this, SET_SASL_PROTOCOL, saslProtocol); } }
/** * Create a new configuration which is the same as this configuration, but which uses the given trust manager * for trust verification. * * @param trustManager the trust manager to use or {@code null} if the default trust manager should be used * @return the new configuration */ public AuthenticationConfiguration useTrustManager(X509TrustManager trustManager) { return trustManager == null ? new AuthenticationConfiguration(this, SET_TRUST_MGR_FAC, null) : new AuthenticationConfiguration(this, SET_TRUST_MGR_FAC, new FixedSecurityFactory<>(trustManager)); }
/** * Create a new configuration which is the same as this configuration, but rewrites the user name using <em>only</em> * the given name rewriter. Any name rewriters on this configuration are ignored for the new configuration. * * @param rewriter the name rewriter * @return the new configuration */ public AuthenticationConfiguration rewriteUserOnlyWith(NameRewriter rewriter) { if (rewriter == null) { return this; } return new AuthenticationConfiguration(this, SET_PRINCIPAL_RW, rewriter.asPrincipalRewriter()); }
/** * Create a new configuration which is the same as this configuration, but which connects to a different port. * * @param port the port to connect to, or -1 to not override the port * @return the new configuration * @deprecated This configuration is not supported by most providers and will be removed in a future release. */ @Deprecated public AuthenticationConfiguration usePort(int port) { if (port < -1 || port > 65535) throw log.invalidPortNumber(port); if (port == setPort) return this; return new AuthenticationConfiguration(this, port); }
/** * Create a new configuration which is the same as this configuration, but which uses the given principal to authenticate. * * @param principal the principal to use (must not be {@code null}) * @return the new configuration */ public AuthenticationConfiguration usePrincipal(Principal principal) { Assert.checkNotNullParam("principal", principal); if (Objects.equals(this.principal, principal)) { return this; } return new AuthenticationConfiguration(this, SET_PRINCIPAL, principal); }
/** * Create a new configuration which is the same as this configuration, but which uses the given credential to authenticate. * * @param credential the credential to authenticate * @return the new configuration */ public AuthenticationConfiguration useCredential(Credential credential) { if (credential == null) return this; final CredentialSource credentialSource = this.credentialSource; if (credentialSource == CredentialSource.NONE) { return new AuthenticationConfiguration(this, SET_CRED_SOURCE, IdentityCredentials.NONE.withCredential(credential)); } else if (credentialSource instanceof IdentityCredentials) { return new AuthenticationConfiguration(this, SET_CRED_SOURCE, ((IdentityCredentials) credentialSource).withCredential(credential)); } else { return new AuthenticationConfiguration(this, SET_CRED_SOURCE, credentialSource.with(IdentityCredentials.NONE.withCredential(credential))); } }
/** * Create a new configuration which is the same as this configuration, but which uses the given key manager * to acquire the credential required for authentication. * * @param keyManager the key manager to use * @return the new configuration */ public AuthenticationConfiguration useKeyManagerCredential(X509KeyManager keyManager) { return new AuthenticationConfiguration(this, SET_KEY_MGR_FAC, new FixedSecurityFactory<>(keyManager)); }
/** * Create a new configuration which is the same as this configuration, but which uses the given kerberos security * factory to acquire the GSS credential required for authentication. * * @param kerberosSecurityFactory a reference to the kerberos security factory to be use * @return the new configuration */ @Deprecated public AuthenticationConfiguration useKerberosSecurityFactory(SecurityFactory<Credential> kerberosSecurityFactory) { CredentialSource cs = getCredentialSource(); if (kerberosSecurityFactory != null) { return cs != null ? new AuthenticationConfiguration(this, SET_CRED_SOURCE, cs.with(new FactoryCredentialSource(kerberosSecurityFactory))) : new AuthenticationConfiguration(this, SET_CRED_SOURCE, new FactoryCredentialSource(kerberosSecurityFactory)); } return this; // cs != null ? new AuthenticationConfiguration(this, SET_CRED_SOURCE, cs.without(GSSKerberosCredential.class)) : this; }