Merge pull request #233 from pdowler/master

IdentityManager.getSecurityMethods()
opencadc · Oct 25, 2023 · 392d199 · 392d199
2 parents 68568d9 + 405ce0a
commit 392d199
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 1 deletion.
diff --git a/cadc-util/build.gradle b/cadc-util/build.gradle
@@ -16,7 +16,7 @@ sourceCompatibility = 1.8
 
 group = 'org.opencadc'
 
-version = '1.9.11'
+version = '1.10.0'
 
 description = 'OpenCADC core utility library'
 def git_url = 'https://github.com/opencadc/core'

diff --git a/cadc-util/src/main/java/ca/nrc/cadc/auth/IdentityManager.java b/cadc-util/src/main/java/ca/nrc/cadc/auth/IdentityManager.java
@@ -69,6 +69,8 @@
 
 package ca.nrc.cadc.auth;
 
+import java.net.URI;
+import java.util.Set;
 import javax.security.auth.Subject;
 
 /**
@@ -77,6 +79,18 @@
  * @author pdowler
  */
 public interface IdentityManager {
+
+    /**
+     * Get the set of authentication methods supported by the
+     * validate() method. Constants for the identifers are
+     * available in the <code>Standards</code> class in the
+     * <code>cadc-registry</code> library and derived from the
+     * IVOA SSO standard.
+     * 
+     * @return set of security method identifiers
+     */
+    public Set<URI> getSecurityMethods();
+
     /**
      * Parse and validate any principals in the subject.
      * Some principals, such as X500Principal, do not require validation

diff --git a/cadc-util/src/main/java/ca/nrc/cadc/auth/NoOpIdentityManager.java b/cadc-util/src/main/java/ca/nrc/cadc/auth/NoOpIdentityManager.java
@@ -67,6 +67,10 @@
 
 package ca.nrc.cadc.auth;
 
+import java.net.URI;
+import java.util.Collections;
+import java.util.Set;
+import java.util.TreeSet;
 import javax.security.auth.Subject;
 import org.apache.log4j.Logger;
 
@@ -80,6 +84,12 @@ public class NoOpIdentityManager implements IdentityManager {
 
     public NoOpIdentityManager() { 
     }
+
+    @Override
+    public Set<URI> getSecurityMethods() {
+        return Collections.EMPTY_SET;
+    }
+
 
     @Override
     public Subject validate(Subject subject) throws NotAuthenticatedException {

diff --git a/cadc-util/src/main/java/ca/nrc/cadc/auth/X500IdentityManager.java b/cadc-util/src/main/java/ca/nrc/cadc/auth/X500IdentityManager.java
@@ -69,9 +69,11 @@
 
 package ca.nrc.cadc.auth;
 
+import java.net.URI;
 import java.security.Principal;
 import java.util.HashSet;
 import java.util.Set;
+import java.util.TreeSet;
 import javax.security.auth.Subject;
 import javax.security.auth.x500.X500Principal;
 
@@ -86,6 +88,7 @@
  */
 public class X500IdentityManager implements IdentityManager {
 
+
     @Override
     public Subject validate(Subject subject) throws NotAuthenticatedException {
         return subject;
@@ -121,4 +124,10 @@ public Subject toSubject(Object owner) {
         return new Subject(false, pset, new HashSet(), new HashSet());
     }
 
+    @Override
+    public Set<URI> getSecurityMethods() {
+        Set<URI> ret = new TreeSet<>();
+        ret.add(URI.create("ivo://ivoa.net/sso#tls-with-certificate"));
+        return ret;
+    }
 }