org.jboss.security.auth.spi
Class BaseCertLoginModule

java.lang.Object
  org.jboss.security.auth.spi.AbstractServerLoginModule (src) 
      org.jboss.security.auth.spi.BaseCertLoginModule

All Implemented Interfaces:

javax.security.auth.spi.LoginModule

Direct Known Subclasses:

CertRolesLoginModule (src) , DatabaseCertLoginModule (src)

public class BaseCertLoginModule

extends AbstractServerLoginModule (src)

Base Login Module that uses X509Certificates as credentials for authentication. This login module uses X509Certificates as a credential. It takes the cert as an object and checks to see if the alias in the truststore/keystore contains the same certificate. Subclasses of this module should implement the getRoleSets() method defined by AbstractServerLoginModule. Much of this module was patterned after the UserNamePasswordLoginModule.

BaseCertLoginModule

public BaseCertLoginModule()

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map sharedState,
                       java.util.Map options)

Override the super version to pickup the following options after first calling the super method. option: securityDomain - the name of the SecurityDomain to obtain the trust and keystore from. option: verifier - the class name of the X509CertificateVerifier to use for verification of the login certificate

Specified by:

initialize in interface javax.security.auth.spi.LoginModule

Overrides:

initialize in class AbstractServerLoginModule (src)

Parameters:

subject - the Subject to update after a successful login.

callbackHandler - the CallbackHandler that will be used to obtain the the user identity and credentials.

sharedState - a Map shared between all configured login module instances

options - the parameters passed to the login module.

See Also:

SecurityDomain (src) , X509CertificateVerifier (src)

login

public boolean login()
              throws javax.security.auth.login.LoginException

Perform the authentication of the username and password.

Specified by:

login in interface javax.security.auth.spi.LoginModule

Overrides:

login in class AbstractServerLoginModule (src)

Throws:

javax.security.auth.login.LoginException

commit

public boolean commit()
               throws javax.security.auth.login.LoginException

Override to add the X509Certificate to the public credentials

Specified by:

commit in interface javax.security.auth.spi.LoginModule

Overrides:

commit in class AbstractServerLoginModule (src)

Returns:

Throws:

javax.security.auth.login.LoginException

See Also:

javax.security.auth.Subject;, java.security.acl.Group;

getRoleSets

protected java.security.acl.Group[] getRoleSets()
                                         throws javax.security.auth.login.LoginException

Subclasses need to override this to provide the roles for authorization

Specified by:

getRoleSets in class AbstractServerLoginModule (src)

Returns:

Throws:

javax.security.auth.login.LoginException

getIdentity

protected java.security.Principal getIdentity()

Description copied from class: AbstractServerLoginModule (src)

Overriden by subclasses to return the Principal that corresponds to the user primary identity.

Specified by:

getIdentity in class AbstractServerLoginModule (src)

getCredentials

protected java.lang.Object getCredentials()

getUsername

protected java.lang.String getUsername()

getAliasAndCert

protected java.lang.Object[] getAliasAndCert()
                                      throws javax.security.auth.login.LoginException

Throws:

javax.security.auth.login.LoginException

validateCredential

protected boolean validateCredential(java.lang.String alias,
                                     java.security.cert.X509Certificate cert)