org.modeshape.jcr.security
Class JaasProvider

java.lang.Object
  extended by org.modeshape.jcr.security.JaasProvider
All Implemented Interfaces:
AuthenticationProvider

public class JaasProvider
extends Object
implements AuthenticationProvider

An implementation of AuthenticationProvider that uses a supplied JAAS policy to perform all authentication and role-based authorization.


Nested Class Summary
static interface JaasProvider.SubjectResolver
          An extension point for the JaasProvider class that allows for custom logic for finding the current JAAS Subject, if not already available via the Subject.getSubject(AccessController.getContext()) method.
 
Constructor Summary
JaasProvider(String policyName)
          Create a JAAS provider for authentication and authorization, using the supplied name for the login configuration.
JaasProvider(String policyName, JaasProvider.SubjectResolver subjectResolver)
          Create a JAAS provider for authentication and authorization, using the supplied name for the login configuration.
 
Method Summary
 ExecutionContext authenticate(Credentials credentials, String repositoryName, String workspaceName, ExecutionContext repositoryContext, Map<String,Object> sessionAttributes)
          Authenticate the user that is using the supplied credentials.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

JaasProvider

public JaasProvider(String policyName)
             throws LoginException
Create a JAAS provider for authentication and authorization, using the supplied name for the login configuration.

Parameters:
policyName -
Throws:
LoginException - if the caller-specified name does not appear in the Configuration and there is no Configuration entry for "other", or if the auth.login.defaultCallbackHandler security property was set, but the implementation class could not be loaded.


JaasProvider

public JaasProvider(String policyName,
                    JaasProvider.SubjectResolver subjectResolver)
             throws LoginException
Create a JAAS provider for authentication and authorization, using the supplied name for the login configuration.

Parameters:
policyName -
subjectResolver - the component that can resolve the JAAS subject if not accessible via the AccessControl context; may be null
Throws:
LoginException - if the caller-specified name does not appear in the Configuration and there is no Configuration entry for "other", or if the auth.login.defaultCallbackHandler security property was set, but the implementation class could not be loaded.

Method Detail

authenticate

public ExecutionContext authenticate(Credentials credentials,
                                     String repositoryName,
                                     String workspaceName,
                                     ExecutionContext repositoryContext,
                                     Map<String,Object> sessionAttributes)
Authenticate the user that is using the supplied credentials. If the supplied credentials are authenticated, this method should construct an ExecutionContext that reflects the authenticated environment, including the context's valid security context that will be used for authorization throughout.

Note that each provider is handed a map into which it can place name-value pairs that will be used in the Session attributes of the Session that results from this authentication attempt. ModeShape will ignore any attributes if this provider does not authenticate the credentials.

Specified by:
authenticate in interface AuthenticationProvider
Parameters:
credentials - the user's JCR credentials, which may be an AnonymousCredentials if authenticating as an anonymous user
repositoryName - the name of the JCR repository; never null
workspaceName - the name of the JCR workspace; never null
repositoryContext - the execution context of the repository, which may be wrapped by this method
sessionAttributes - the map of name-value pairs that will be placed into the Session attributes; never null
Returns:
the execution context for the authenticated user, or null if this provider could not authenticate the user
See Also:
AuthenticationProvider.authenticate(javax.jcr.Credentials, java.lang.String, java.lang.String, org.modeshape.graph.ExecutionContext, java.util.Map)


Copyright © 2008-2011 JBoss, a division of Red Hat. All Rights Reserved.