JaasSecurityDomainIdentityLoginModule

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS (src) NEXT CLASS (src)

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jboss.resource.security
Class JaasSecurityDomainIdentityLoginModule

java.lang.Object
  org.jboss.security.auth.spi.AbstractServerLoginModule (src) 
      org.jboss.resource.security.AbstractPasswordCredentialLoginModule (src) 
          org.jboss.resource.security.JaasSecurityDomainIdentityLoginModule

All Implemented Interfaces:: javax.security.auth.spi.LoginModule

public class JaasSecurityDomainIdentityLoginModule
extends AbstractPasswordCredentialLoginModule (src)

A login module for statically defining a data source username and password that uses a password that has been ecrypted by a JaasSecurityDomain. The base64 format of the data source password may be generated using the PBEUtils command: java -cp jbosssx.jar org.jboss.security.plugins.PBEUtils salt count domain-password data-source-password salt : the Salt attribute from the JaasSecurityDomain count : the IterationCount attribute from the JaasSecurityDomain domain-password : the plaintext password that maps to the KeyStorePass attribute from the JaasSecurityDomain data-source-password : the plaintext password for the data source that should be encrypted with the JaasSecurityDomain password for example: java -cp jbosssx.jar org.jboss.security.plugins.PBEUtils abcdefgh 13 master '' Encoded password: E5gtGMKcXPP A sample login-config.xml configuration entry would be: sa E5gtGMKcXPP jboss.jca:service=LocalTxCM,name=DefaultDS jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword

Field Summary

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule (src)

callbackHandler, loginOk, options, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass

Constructor Summary
`JaasSecurityDomainIdentityLoginModule()`

Method Summary
`boolean`	`abort()` Method to abort the authentication process (phase 2).
`boolean`	`commit()` Method to commit the authentication process (phase 2).
`protected java.security.Principal`	`getIdentity()` Overriden by subclasses to return the Principal that corresponds to the user primary identity.
`protected java.security.acl.Group[]`	`getRoleSets()` Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user.
`void`	`initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler handler, java.util.Map sharedState, java.util.Map options)` Initialize the login module.
`boolean`	`login()` Return false if there is no mcf, else return super.login().

Methods inherited from class org.jboss.resource.security.AbstractPasswordCredentialLoginModule (src)

getMcf, getServer, logout, removeCredentials

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule (src)

createGroup, createIdentity, getUnauthenticatedIdentity, getUseFirstPass

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JaasSecurityDomainIdentityLoginModule

public JaasSecurityDomainIdentityLoginModule()

Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler handler,
                       java.util.Map sharedState,
                       java.util.Map options)

Description copied from class: AbstractServerLoginModule (src)

Initialize the login module. This stores the subject, callbackHandler and sharedState and options for the login session. Subclasses should override if they need to process their own options. A call to super.initialize(...) must be made in the case of an override.

Specified by:: initialize in interface javax.security.auth.spi.LoginModule
Overrides:: initialize in class AbstractPasswordCredentialLoginModule (src)

login

public boolean login()
              throws javax.security.auth.login.LoginException

Description copied from class: AbstractPasswordCredentialLoginModule (src)

Return false if there is no mcf, else return super.login(). Override to provide custom authentication.

Specified by:: login in interface javax.security.auth.spi.LoginModule
Overrides:: login in class AbstractPasswordCredentialLoginModule (src)

Returns:: false if there is no mcf, else return super.login().
Throws:: javax.security.auth.login.LoginException - if an error occurs

commit

public boolean commit()
               throws javax.security.auth.login.LoginException

Description copied from class: AbstractServerLoginModule (src)

Method to commit the authentication process (phase 2). If the login method completed successfully as indicated by loginOk == true, this method adds the getIdentity() value to the subject getPrincipals() Set. It also adds the members of each Group returned by getRoleSets() to the subject getPrincipals() Set.

Specified by:: commit in interface javax.security.auth.spi.LoginModule
Overrides:: commit in class AbstractServerLoginModule (src)

Returns:: true always.
Throws:: javax.security.auth.login.LoginException
See Also:: javax.security.auth.Subject;, java.security.acl.Group;

abort

public boolean abort()

Description copied from class: AbstractServerLoginModule (src)

Method to abort the authentication process (phase 2).

Specified by:: abort in interface javax.security.auth.spi.LoginModule
Overrides:: abort in class AbstractServerLoginModule (src)

Returns:: true alaways

getIdentity

protected java.security.Principal getIdentity()

Description copied from class: AbstractServerLoginModule (src)

Overriden by subclasses to return the Principal that corresponds to the user primary identity.

Specified by:: getIdentity in class AbstractServerLoginModule (src)

getRoleSets

protected java.security.acl.Group[] getRoleSets()
                                         throws javax.security.auth.login.LoginException

Description copied from class: AbstractServerLoginModule (src)

Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user. Subclasses should create at least a Group named "Roles" that contains the roles assigned to the user. A second common group is "CallerPrincipal" that provides the application identity of the user rather than the security domain identity.