org.jboss.security
Class AltClientLoginModule

java.lang.Object
  org.jboss.security.AltClientLoginModule

All Implemented Interfaces:

javax.security.auth.spi.LoginModule

public class AltClientLoginModule

extends java.lang.Object

implements javax.security.auth.spi.LoginModule

A simple implementation of LoginModule for use by JBoss clients for the establishment of the caller identity and credentials. This simply sets the SecurityAssociation principal to the value of the NameCallback filled in by the CallbackHandler, and the SecurityAssociation credential to the value of the PasswordCallback filled in by the CallbackHandler. This is a variation of the original ClientLoginModule that does not set the SecurityAssociation information until commit and that uses the Subject principal over a SimplePrincipal if available. It has the following options:

• multi-threaded=[true|false] When the multi-threaded option is set to true, the SecurityAssociation.setServer() so that each login thread has its own principal and credential storage.
• password-stacking=tryFirstPass|useFirstPass When password-stacking option is set, this module first looks for a shared username and password using "javax.security.auth.login.name" and "javax.security.auth.login.password" respectively. This allows a module configured prior to this one to establish a valid username and password that should be passed to JBoss.

AltClientLoginModule

public AltClientLoginModule()

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map sharedState,
                       java.util.Map options)

Initialize this LoginModule.

Specified by:

initialize in interface javax.security.auth.spi.LoginModule

login

public boolean login()
              throws javax.security.auth.login.LoginException

Method to authenticate a Subject (phase 1).

Specified by:

login in interface javax.security.auth.spi.LoginModule

Throws:

javax.security.auth.login.LoginException

commit

public boolean commit()
               throws javax.security.auth.login.LoginException

Method to commit the authentication process (phase 2). This is where the SecurityAssociation information is set. The principal is obtained from: The shared state javax.security.auth.login.name property when useFirstPass is true. If the value is a Principal it is used as is, else a SimplePrincipal using the value.toString() as its name is used. If useFirstPass the username obtained from the callback handler is used to build the SimplePrincipal. Both may be overriden if the resulting authenticated Subject principals set it not empty.

Specified by:

commit in interface javax.security.auth.spi.LoginModule

Throws:

javax.security.auth.login.LoginException

abort

public boolean abort()
              throws javax.security.auth.login.LoginException

Method to abort the authentication process (phase 2).

Specified by:

abort in interface javax.security.auth.spi.LoginModule

Throws:

javax.security.auth.login.LoginException

logout

public boolean logout()
               throws javax.security.auth.login.LoginException

Specified by:

logout in interface javax.security.auth.spi.LoginModule

Throws:

javax.security.auth.login.LoginException