init

java/javax/security/auth/message/AuthException.java

@@ -0,0 +1,30 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message;
+
+import javax.security.auth.login.LoginException;
+
+public class AuthException extends LoginException {
+    private static final long serialVersionUID = -1156951780670243758L;
+
+    public AuthException() {
+    }
+
+    public AuthException(String msg) {
+        super(msg);
+    }
+}

java/javax/security/auth/message/AuthStatus.java

@@ -0,0 +1,37 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message;
+
+public class AuthStatus {
+
+    public static final AuthStatus SUCCESS = new AuthStatus("SUCCESS");
+    public static final AuthStatus FAILURE = new AuthStatus("FAILURE");
+    public static final AuthStatus SEND_SUCCESS = new AuthStatus("SEND_SUCCESS");
+    public static final AuthStatus SEND_FAILURE = new AuthStatus("SEND_FAILURE");
+    public static final AuthStatus SEND_CONTINUE = new AuthStatus("SEND_CONTINUE");
+
+    private final String name;
+
+    private AuthStatus(String name) {
+        this.name = name;
+    }
+
+    @Override
+    public String toString() {
+        return name;
+    }
+}

java/javax/security/auth/message/ClientAuth.java

@@ -0,0 +1,30 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message;
+
+import javax.security.auth.Subject;
+
+public interface ClientAuth {
+
+    AuthStatus secureRequest(MessageInfo messageInfo, Subject clientSubject) throws AuthException;
+
+    AuthStatus validateResponse(MessageInfo messageInfo, Subject clientSubject,
+            Subject serviceSubject) throws AuthException;
+
+    void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException;
+}
+

java/javax/security/auth/message/MessageInfo.java

@@ -0,0 +1,33 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message;
+
+import java.util.Map;
+
+public interface MessageInfo {
+
+    Object getRequestMessage();
+
+    Object getResponseMessage();
+
+    void setRequestMessage(Object request);
+
+    void setResponseMessage(Object response);
+
+    @SuppressWarnings("rawtypes") // JASPIC API uses raw types
+    Map getMap();
+}

java/javax/security/auth/message/MessagePolicy.java

@@ -0,0 +1,85 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message;
+
+public class MessagePolicy {
+
+    private final TargetPolicy[] targetPolicies;
+    private final boolean mandatory;
+
+    public MessagePolicy(TargetPolicy[] targetPolicies, boolean mandatory) {
+        if (targetPolicies == null) {
+            throw new IllegalArgumentException("targetPolicies is null");
+        }
+        this.targetPolicies = targetPolicies;
+        this.mandatory = mandatory;
+    }
+
+    public boolean isMandatory() {
+        return mandatory;
+    }
+
+    public TargetPolicy[] getTargetPolicies() {
+        if (targetPolicies.length == 0) {
+            return null;
+        }
+        return targetPolicies;
+    }
+
+    public static interface ProtectionPolicy {
+
+        static String AUTHENTICATE_SENDER = "#authenticateSender";
+        static String AUTHENTICATE_CONTENT = "#authenticateContent";
+        static String AUTHENTICATE_RECIPIENT = "#authenticateRecipient";
+
+        String getID();
+    }
+
+    public static interface Target {
+
+        Object get(MessageInfo messageInfo);
+
+        void remove(MessageInfo messageInfo);
+
+        void put(MessageInfo messageInfo, Object data);
+    }
+
+    public static class TargetPolicy {
+
+        private final Target[] targets;
+        private final ProtectionPolicy protectionPolicy;
+
+        public TargetPolicy(Target[] targets, ProtectionPolicy protectionPolicy) {
+            if (protectionPolicy == null) {
+                throw new IllegalArgumentException("protectionPolicy is null");
+            }
+            this.targets = targets;
+            this.protectionPolicy = protectionPolicy;
+        }
+
+        public Target[] getTargets() {
+            if (targets == null || targets.length == 0) {
+                return null;
+            }
+            return targets;
+        }
+
+        public ProtectionPolicy getProtectionPolicy() {
+            return protectionPolicy;
+        }
+    }
+}

java/javax/security/auth/message/ServerAuth.java

@@ -0,0 +1,29 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message;
+
+import javax.security.auth.Subject;
+
+public interface ServerAuth {
+
+    AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject,
+            Subject serviceSubject) throws AuthException;
+
+    AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException;
+
+    void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException;
+}

java/javax/security/auth/message/callback/CallerPrincipalCallback.java

@@ -0,0 +1,57 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.callback;
+
+import java.security.Principal;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+
+/**
+ * Callback that enables an authentication module to inform the runtime of the
+ * call principal or name of the caller principal.
+ */
+public class CallerPrincipalCallback implements Callback {
+
+    private final Subject subject;
+    private final Principal principal;
+    private final String name;
+
+    public CallerPrincipalCallback(Subject subject, Principal principal) {
+        this.subject = subject;
+        this.principal = principal;
+        this.name = null;
+    }
+
+    public CallerPrincipalCallback(Subject subject, String name) {
+        this.subject = subject;
+        this.principal = null;
+        this.name = name;
+    }
+
+    public Subject getSubject() {
+        return subject;
+    }
+
+    public Principal getPrincipal() {
+        return principal;
+    }
+
+    public String getName() {
+        return name;
+    }
+}

java/javax/security/auth/message/callback/CertStoreCallback.java

@@ -0,0 +1,41 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.callback;
+
+import java.security.cert.CertStore;
+
+import javax.security.auth.callback.Callback;
+
+/**
+ * Callback that enables a runtime to inform authentication modules of the
+ * CertStore to use.
+ */
+public class CertStoreCallback implements Callback {
+
+    private CertStore certStore;
+
+    public CertStoreCallback() {
+    }
+
+    public void setCertStore(CertStore certStore) {
+        this.certStore = certStore;
+    }
+
+    public CertStore getCertStore() {
+        return certStore;
+    }
+}

java/javax/security/auth/message/callback/GroupPrincipalCallback.java

@@ -0,0 +1,43 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.callback;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+
+/**
+ * Callback that enables an authentication module to inform the runtime of the
+ * groups a user is in.
+ */
+public class GroupPrincipalCallback implements Callback {
+
+    private final Subject subject;
+    private final String[] groups;
+
+    public GroupPrincipalCallback(Subject subject, String[] groups) {
+        this.subject = subject;
+        this.groups = groups;
+    }
+
+    public Subject getSubject() {
+        return subject;
+    }
+
+    public String[] getGroups() {
+        return groups;
+    }
+}

java/javax/security/auth/message/callback/PasswordValidationCallback.java

@@ -0,0 +1,65 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.callback;
+
+import java.util.Arrays;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+
+/**
+ * Callback that enables an authentication module to supply a user name and
+ * password (to a runtime?) and determine if the result of validation.
+ */
+public class PasswordValidationCallback implements Callback {
+
+    private final Subject subject;
+    private final String username;
+    private char[] password;
+    private boolean result;
+
+    public PasswordValidationCallback(Subject subject, String username, char[] password) {
+        this.subject = subject;
+        this.username = username;
+        this.password = password;
+    }
+
+    public Subject getSubject() {
+        return subject;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public char[] getPassword() {
+        return password;
+    }
+
+    public void clearPassword() {
+        Arrays.fill(password, (char) 0);
+        password = new char[0];
+    }
+
+    public void setResult(boolean result) {
+        this.result = result;
+    }
+
+    public boolean getResult() {
+        return result;
+    }
+}

java/javax/security/auth/message/callback/PrivateKeyCallback.java

@@ -0,0 +1,123 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.callback;
+
+import java.math.BigInteger;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.x500.X500Principal;
+
+/**
+ * Callback that enables an authentication module to request a certificate chain
+ * and private key from the runtime. The information specifying the chain and
+ * key may be an alias, a digest, a subject key, or an issuer ID. Other request
+ * types may be supported.
+ */
+public class PrivateKeyCallback implements Callback {
+
+    private final Request request;
+    private Certificate[] chain;
+    private PrivateKey key;
+
+    public PrivateKeyCallback(Request request) {
+        this.request = request;
+    }
+
+    public Request getRequest() {
+        return request;
+    }
+
+    public void setKey(PrivateKey key, Certificate[] chain) {
+        this.key = key;
+        this.chain = chain;
+    }
+
+    public PrivateKey getKey() {
+        return key;
+    }
+
+    public Certificate[] getChain() {
+        return chain;
+    }
+
+    public static interface Request {
+    }
+
+    public static class AliasRequest implements Request {
+
+        private final String alias;
+
+        public AliasRequest(String alias) {
+            this.alias = alias;
+        }
+
+        public String getAlias() {
+            return alias;
+        }
+    }
+
+    public static class DigestRequest implements Request {
+        private final byte[] digest;
+        private final String algorithm;
+
+        public DigestRequest(byte[] digest, String algorithm) {
+            this.digest = digest;
+            this.algorithm = algorithm;
+        }
+
+        public byte[] getDigest() {
+            return digest;
+        }
+
+        public String getAlgorithm() {
+            return algorithm;
+        }
+    }
+
+    public static class SubjectKeyIDRequest implements Request {
+
+        private final byte[] subjectKeyID;
+
+        public SubjectKeyIDRequest(byte[] subjectKeyID) {
+            this.subjectKeyID = subjectKeyID;
+        }
+
+        public byte[] getSubjectKeyID() {
+            return subjectKeyID;
+        }
+    }
+
+    public static class IssuerSerialNumRequest implements Request {
+        private final X500Principal issuer;
+        private final BigInteger serialNum;
+
+        public IssuerSerialNumRequest(X500Principal issuer, BigInteger serialNum) {
+            this.issuer = issuer;
+            this.serialNum = serialNum;
+        }
+
+        public X500Principal getIssuer() {
+            return issuer;
+        }
+
+        public BigInteger getSerialNum() {
+            return serialNum;
+        }
+    }
+}

java/javax/security/auth/message/callback/SecretKeyCallback.java

@@ -0,0 +1,62 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.callback;
+
+import javax.crypto.SecretKey;
+import javax.security.auth.callback.Callback;
+
+/**
+ * A callback enabling an authentication module to request a secret key from the
+ * runtime, by supplying an alias. Other request types may also be supported.
+ */
+public class SecretKeyCallback implements Callback {
+
+    private final Request request;
+    private SecretKey key;
+
+    public SecretKeyCallback(Request request) {
+        this.request = request;
+    }
+
+    public Request getRequest() {
+        return request;
+    }
+
+    public void setKey(SecretKey key) {
+        this.key = key;
+    }
+
+    public SecretKey getKey() {
+        return key;
+    }
+
+    public static interface Request {
+    }
+
+    public static class AliasRequest implements Request {
+
+        private final String alias;
+
+        public AliasRequest(String alias) {
+            this.alias = alias;
+        }
+
+        public String getAlias() {
+            return alias;
+        }
+    }
+}

java/javax/security/auth/message/callback/TrustStoreCallback.java

@@ -0,0 +1,38 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.callback;
+
+import java.security.KeyStore;
+
+import javax.security.auth.callback.Callback;
+
+/**
+ * A Callback enabling an authentication module to request a truststore from the
+ * runtime.
+ */
+public class TrustStoreCallback implements Callback {
+
+    private KeyStore trustStore;
+
+    public void setTrustStore(KeyStore trustStore) {
+        this.trustStore = trustStore;
+    }
+
+    public KeyStore getTrustStore() {
+        return trustStore;
+    }
+}

java/javax/security/auth/message/config/AuthConfig.java

@@ -0,0 +1,32 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.config;
+
+import javax.security.auth.message.MessageInfo;
+
+public interface AuthConfig {
+
+    String getMessageLayer();
+
+    String getAppContext();
+
+    String getAuthContextID(MessageInfo messageInfo);
+
+    void refresh();
+
+    boolean isProtected();
+}

java/javax/security/auth/message/config/AuthConfigFactory.java

@@ -0,0 +1,153 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.config;
+
+import java.security.AccessController;
+import java.security.Permission;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.security.Security;
+import java.security.SecurityPermission;
+import java.util.Map;
+
+public abstract class AuthConfigFactory {
+
+    public static final String DEFAULT_FACTORY_SECURITY_PROPERTY =
+            "authconfigprovider.factory";
+    public static final String GET_FACTORY_PERMISSION_NAME =
+            "getProperty.authconfigprovider.factory";
+    public static final String SET_FACTORY_PERMISSION_NAME =
+            "setProperty.authconfigprovider.factory";
+    public static final String PROVIDER_REGISTRATION_PERMISSION_NAME =
+            "setProperty.authconfigfactory.provider";
+
+    public static final SecurityPermission getFactorySecurityPermission =
+            new SecurityPermission(GET_FACTORY_PERMISSION_NAME);
+
+    public static final SecurityPermission setFactorySecurityPermission =
+            new SecurityPermission(SET_FACTORY_PERMISSION_NAME);
+
+    public static final SecurityPermission providerRegistrationSecurityPermission =
+            new SecurityPermission(PROVIDER_REGISTRATION_PERMISSION_NAME);
+
+    private static final String DEFAULT_JASPI_AUTHCONFIGFACTORYIMPL =
+            "org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl";
+
+    private static volatile AuthConfigFactory factory;
+
+    public AuthConfigFactory() {
+    }
+
+    public static AuthConfigFactory getFactory() {
+        checkPermission(getFactorySecurityPermission);
+        if (factory != null) {
+            return factory;
+        }
+
+        synchronized (AuthConfigFactory.class) {
+            if (factory == null) {
+                final String className = getFactoryClassName();
+                try {
+                    factory = AccessController.doPrivileged(
+                            new PrivilegedExceptionAction<AuthConfigFactory>() {
+                        @Override
+                        public AuthConfigFactory run() throws ReflectiveOperationException,
+                                IllegalArgumentException, SecurityException {
+                            // Load this class with the same class loader as used for
+                            // this class. Note that the Thread context class loader
+                            // should not be used since that would trigger a memory leak
+                            // in container environments.
+                            Class<?> clazz = Class.forName(className);
+                            return (AuthConfigFactory) clazz.getConstructor().newInstance();
+                        }
+                    });
+                } catch (PrivilegedActionException e) {
+                    Exception inner = e.getException();
+                    if (inner instanceof InstantiationException) {
+                        throw (SecurityException) new SecurityException("AuthConfigFactory error:" +
+                                inner.getCause().getMessage()).initCause(inner.getCause());
+                    } else {
+                        throw (SecurityException) new SecurityException(
+                                "AuthConfigFactory error: " + inner).initCause(inner);
+                    }
+                }
+            }
+        }
+
+        return factory;
+    }
+
+    public static synchronized void setFactory(AuthConfigFactory factory) {
+        checkPermission(setFactorySecurityPermission);
+        AuthConfigFactory.factory = factory;
+    }
+
+    public abstract AuthConfigProvider getConfigProvider(String layer, String appContext,
+            RegistrationListener listener);
+
+    @SuppressWarnings("rawtypes") // JASPIC API uses raw types
+    public abstract String registerConfigProvider(String className, Map properties, String layer,
+            String appContext, String description);
+
+    public abstract String registerConfigProvider(AuthConfigProvider provider, String layer,
+            String appContext, String description);
+
+    public abstract boolean removeRegistration(String registrationID);
+
+    public abstract String[] detachListener(RegistrationListener listener, String layer,
+            String appContext);
+
+    public abstract String[] getRegistrationIDs(AuthConfigProvider provider);
+
+    public abstract RegistrationContext getRegistrationContext(String registrationID);
+
+    public abstract void refresh();
+
+    private static void checkPermission(Permission permission) {
+        SecurityManager securityManager = System.getSecurityManager();
+        if (securityManager != null) {
+            securityManager.checkPermission(permission);
+        }
+    }
+
+    private static String getFactoryClassName() {
+        String className = AccessController.doPrivileged(new PrivilegedAction<String>() {
+            @Override
+            public String run() {
+                return Security.getProperty(DEFAULT_FACTORY_SECURITY_PROPERTY);
+            }
+        });
+
+        if (className != null) {
+            return className;
+        }
+
+        return DEFAULT_JASPI_AUTHCONFIGFACTORYIMPL;
+    }
+
+    public static interface RegistrationContext {
+
+        String getMessageLayer();
+
+        String getAppContext();
+
+        String getDescription();
+
+        boolean isPersistent();
+    }
+}

java/javax/security/auth/message/config/AuthConfigProvider.java

@@ -0,0 +1,31 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.config;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+
+public interface AuthConfigProvider {
+
+    ClientAuthConfig getClientAuthConfig(String layer, String appContext, CallbackHandler handler)
+            throws AuthException;
+
+    ServerAuthConfig getServerAuthConfig(String layer, String appContext, CallbackHandler handler)
+            throws AuthException;
+
+    void refresh();
+}

java/javax/security/auth/message/config/ClientAuthConfig.java

@@ -0,0 +1,29 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.config;
+
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+
+public interface ClientAuthConfig extends AuthConfig {
+
+    @SuppressWarnings("rawtypes") // JASPIC API uses raw types
+    ClientAuthContext getAuthContext(String authContextID, Subject clientSubject, Map properties)
+            throws AuthException;
+}

java/javax/security/auth/message/config/ClientAuthContext.java

@@ -0,0 +1,22 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.config;
+
+import javax.security.auth.message.ClientAuth;
+
+public interface ClientAuthContext extends ClientAuth {
+}

java/javax/security/auth/message/config/RegistrationListener.java

@@ -0,0 +1,22 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.config;
+
+public interface RegistrationListener {
+
+    void notify(String layer, String appContext);
+}

java/javax/security/auth/message/config/ServerAuthConfig.java

@@ -0,0 +1,29 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.config;
+
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.message.AuthException;
+
+public interface ServerAuthConfig extends AuthConfig {
+
+    @SuppressWarnings("rawtypes") // JASPIC API uses raw types
+    ServerAuthContext getAuthContext(String authContextID, Subject serviceSubject, Map properties)
+            throws AuthException;
+}

java/javax/security/auth/message/config/ServerAuthContext.java

@@ -0,0 +1,22 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.config;
+
+import javax.security.auth.message.ServerAuth;
+
+public interface ServerAuthContext extends ServerAuth {
+}

java/javax/security/auth/message/module/ClientAuthModule.java

@@ -0,0 +1,34 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.module;
+
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.ClientAuth;
+import javax.security.auth.message.MessagePolicy;
+
+public interface ClientAuthModule extends ClientAuth {
+
+    @SuppressWarnings("rawtypes") // JASPIC API uses raw types
+    void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
+            CallbackHandler handler, Map options) throws AuthException;
+
+    @SuppressWarnings("rawtypes") // JASPIC API uses raw types
+    Class[] getSupportedMessageTypes();
+}

java/javax/security/auth/message/module/ServerAuthModule.java

@@ -0,0 +1,34 @@
+/**
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package javax.security.auth.message.module;
+
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.ServerAuth;
+
+public interface ServerAuthModule extends ServerAuth {
+
+    @SuppressWarnings("rawtypes") // JASPIC API uses raw types
+    void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy,
+            CallbackHandler handler, Map options) throws AuthException;
+
+    @SuppressWarnings("rawtypes") // JASPIC API uses raw types
+    Class[] getSupportedMessageTypes();
+}