AbstractServerLoginModule

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS (src)

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jboss.security.auth.spi
Class AbstractServerLoginModule

java.lang.Object
  org.jboss.security.auth.spi.AbstractServerLoginModule

All Implemented Interfaces:: javax.security.auth.spi.LoginModule

Direct Known Subclasses:: AbstractPasswordCredentialLoginModule (src) , BaseCertLoginModule (src) , DeploymentRolesLoginModule (src) , IdentityLoginModule (src) , UsernamePasswordLoginModule (src)

public abstract class AbstractServerLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule

This class implements the common functionality required for a JAAS server side LoginModule and implements the JBossSX standard Subject usage pattern of storing identities and roles. Subclass this module to create your own custom LoginModule and override the login(), getRoleSets() and getIdentity() methods.

You may also wish to override

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)

In which case the first line of your initialize() method should be:

    super.initialize(subject, callbackHandler, sharedState, options);

You may also wish to override

    public boolean login() throws LoginException

In which case the last line of your login() method should be

    return super.login();

Field Summary
`protected javax.security.auth.callback.CallbackHandler`	`callbackHandler`
`protected Logger (src)`	`log`
`protected boolean`	`loginOk` Flag indicating if the login phase succeeded.
`protected java.util.Map`	`options`
`protected java.lang.String`	`principalClassName` An optional custom Principal class implementation
`protected java.util.Map`	`sharedState`
`protected javax.security.auth.Subject`	`subject`
`protected java.security.Principal`	`unauthenticatedIdentity` the principal to use when a null username and password are seen
`protected boolean`	`useFirstPass` Flag indicating if the shared credential should be used

Constructor Summary
`AbstractServerLoginModule()`

Method Summary
`boolean`	`abort()` Method to abort the authentication process (phase 2).
`boolean`	`commit()` Method to commit the authentication process (phase 2).
`protected java.security.acl.Group`	`createGroup(java.lang.String name, java.util.Set principals)` Find or create a Group with the given name.
`protected java.security.Principal`	`createIdentity(java.lang.String username)` Utility method to create a Principal for the given username.
`protected abstract java.security.Principal`	`getIdentity()` Overriden by subclasses to return the Principal that corresponds to the user primary identity.
`protected abstract java.security.acl.Group[]`	`getRoleSets()` Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user.
`protected java.security.Principal`	`getUnauthenticatedIdentity()`
`protected boolean`	`getUseFirstPass()`
`void`	`initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)` Initialize the login module.
`boolean`	`login()` Looks for javax.security.auth.login.name and javax.security.auth.login.password values in the sharedState map if the useFirstPass option was true and returns true if they exist.
`boolean`	`logout()` Remove the user identity and roles added to the Subject during commit.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

subject

protected javax.security.auth.Subject subject

callbackHandler

protected javax.security.auth.callback.CallbackHandler callbackHandler

sharedState

protected java.util.Map sharedState

options

protected java.util.Map options

log

protected Logger (src)  log

useFirstPass

protected boolean useFirstPass

Flag indicating if the shared credential should be used

loginOk

protected boolean loginOk

Flag indicating if the login phase succeeded. Subclasses that override the login method must set this to true on successful completion of login

principalClassName

protected java.lang.String principalClassName

An optional custom Principal class implementation

unauthenticatedIdentity

protected java.security.Principal unauthenticatedIdentity

the principal to use when a null username and password are seen

Constructor Detail

AbstractServerLoginModule

public AbstractServerLoginModule()

Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map sharedState,
                       java.util.Map options)

Initialize the login module. This stores the subject, callbackHandler and sharedState and options for the login session. Subclasses should override if they need to process their own options. A call to super.initialize(...) must be made in the case of an override.

Specified by:: initialize in interface javax.security.auth.spi.LoginModule

Parameters:: subject - the Subject to update after a successful login.; callbackHandler - the CallbackHandler that will be used to obtain the the user identity and credentials.; sharedState - a Map shared between all configured login module instances; options - the parameters passed to the login module.

login

public boolean login()
              throws javax.security.auth.login.LoginException

Looks for javax.security.auth.login.name and javax.security.auth.login.password values in the sharedState map if the useFirstPass option was true and returns true if they exist. If they do not or are null this method returns false. Note that subclasses that override the login method must set the loginOk ivar to true if the login succeeds in order for the commit phase to populate the Subject. This implementation sets loginOk to true if the login() method returns true, otherwise, it sets loginOk to false.

Specified by:: login in interface javax.security.auth.spi.LoginModule

Throws:: javax.security.auth.login.LoginException

commit

public boolean commit()
               throws javax.security.auth.login.LoginException

Method to commit the authentication process (phase 2). If the login method completed successfully as indicated by loginOk == true, this method adds the getIdentity() value to the subject getPrincipals() Set. It also adds the members of each Group returned by getRoleSets() to the subject getPrincipals() Set.

Specified by:: commit in interface javax.security.auth.spi.LoginModule

Returns:: true always.
Throws:: javax.security.auth.login.LoginException
See Also:: javax.security.auth.Subject;, java.security.acl.Group;

abort

public boolean abort()
              throws javax.security.auth.login.LoginException

Method to abort the authentication process (phase 2).

Specified by:: abort in interface javax.security.auth.spi.LoginModule

Returns:: true alaways
Throws:: javax.security.auth.login.LoginException

logout

public boolean logout()
               throws javax.security.auth.login.LoginException

Remove the user identity and roles added to the Subject during commit.

Specified by:: logout in interface javax.security.auth.spi.LoginModule

Returns:: true always.
Throws:: javax.security.auth.login.LoginException

getIdentity

protected abstract java.security.Principal getIdentity()

Overriden by subclasses to return the Principal that corresponds to the user primary identity.

getRoleSets

protected abstract java.security.acl.Group[] getRoleSets()
                                                  throws javax.security.auth.login.LoginException

Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user. Subclasses should create at least a Group named "Roles" that contains the roles assigned to the user. A second common group is "CallerPrincipal" that provides the application identity of the user rather than the security domain identity.

Returns:: Group[] containing the sets of roles
Throws:: javax.security.auth.login.LoginException

getUseFirstPass

protected boolean getUseFirstPass()

getUnauthenticatedIdentity

protected java.security.Principal getUnauthenticatedIdentity()

createGroup

protected java.security.acl.Group createGroup(java.lang.String name,
                                              java.util.Set principals)

Find or create a Group with the given name. Subclasses should use this method to locate the 'Roles' group or create additional types of groups.

Returns:: A named Group from the principals set.

createIdentity

protected java.security.Principal createIdentity(java.lang.String username)
                                          throws java.lang.Exception

Utility method to create a Principal for the given username. This creates an instance of the principalClassName type if this option was specified using the class constructor matching: ctor(String). If principalClassName was not specified, a SimplePrincipal is created.

Parameters:: username - the name of the principal
Returns:: the principal instance
Throws:: java.lang.Exception - thrown if the custom principal type cannot be created.