UsernamePasswordLoginModule

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS (src) NEXT CLASS (src)

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jboss.security.auth.spi
Class UsernamePasswordLoginModule

java.lang.Object
  org.jboss.security.auth.spi.AbstractServerLoginModule (src) 
      org.jboss.security.auth.spi.UsernamePasswordLoginModule

All Implemented Interfaces:: javax.security.auth.spi.LoginModule

Direct Known Subclasses:: AnonLoginModule (src) , CustomPrincipalLoginModule (src) , DatabaseServerLoginModule (src) , DynamicLoginModule (src) , HttpServletRequestLoginModule (src) , LdapLoginModule (src) , LoginModulesTestCase.TestLoginModule (src) , LoginModulesUnitTestCase.TestLoginModule (src) , SimpleServerLoginModule (src) , TestLoginModule (src) , UsersLoginModule (src) , UsersRolesLoginModule (src) , XMLLoginModule (src)

public abstract class UsernamePasswordLoginModule
extends AbstractServerLoginModule (src)

An abstract subclass of AbstractServerLoginModule that imposes an identity == String username, credentials == String password view on the login process.

Subclasses override the getUsersPassword() and getRoleSets() methods to return the expected password and roles for the user.

See Also:: getUsername(), getUsersPassword(), AbstractServerLoginModule.getRoleSets(), AbstractServerLoginModule.createIdentity(String)

Field Summary

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule (src)

callbackHandler, log, loginOk, options, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass

Constructor Summary
`UsernamePasswordLoginModule()`

Method Summary
`protected java.lang.String`	`createPasswordHash(java.lang.String username, java.lang.String password)` If hashing is enabled, this method is called from `login()` prior to password validation.
`protected java.lang.Object`	`getCredentials()`
`protected java.security.Principal`	`getIdentity()` Overriden by subclasses to return the Principal that corresponds to the user primary identity.
`protected java.security.Principal`	`getUnauthenticatedIdentity()`
`protected java.lang.String`	`getUsername()`
`protected java.lang.String[]`	`getUsernameAndPassword()` Called by login() to acquire the username and password strings for authentication.
`protected abstract java.lang.String`	`getUsersPassword()` Get the expected password for the current username available via the getUsername() method.
`void`	`initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)` Override the superclass method to look for the following options after first invoking the super version.
`boolean`	`login()` Perform the authentication of the username and password.
`protected boolean`	`validatePassword(java.lang.String inputPassword, java.lang.String expectedPassword)` A hook that allows subclasses to change the validation of the input password against the expected password.

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule (src)

abort, commit, createGroup, createIdentity, getRoleSets, getUseFirstPass, logout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

UsernamePasswordLoginModule

public UsernamePasswordLoginModule()

Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map sharedState,
                       java.util.Map options)

Override the superclass method to look for the following options after first invoking the super version.

Specified by:: initialize in interface javax.security.auth.spi.LoginModule
Overrides:: initialize in class AbstractServerLoginModule (src)

Parameters:: options - :; subject - the Subject to update after a successful login.; callbackHandler - the CallbackHandler that will be used to obtain the the user identity and credentials.; sharedState - a Map shared between all configured login module instances

login

public boolean login()
              throws javax.security.auth.login.LoginException

Perform the authentication of the username and password.

Specified by:: login in interface javax.security.auth.spi.LoginModule
Overrides:: login in class AbstractServerLoginModule (src)

Throws:: javax.security.auth.login.LoginException

getIdentity

protected java.security.Principal getIdentity()

Description copied from class: AbstractServerLoginModule (src)

Overriden by subclasses to return the Principal that corresponds to the user primary identity.

Specified by:: getIdentity in class AbstractServerLoginModule (src)

getUnauthenticatedIdentity

protected java.security.Principal getUnauthenticatedIdentity()

Overrides:: getUnauthenticatedIdentity in class AbstractServerLoginModule (src)

getCredentials

protected java.lang.Object getCredentials()

getUsername

protected java.lang.String getUsername()

getUsernameAndPassword

protected java.lang.String[] getUsernameAndPassword()
                                             throws javax.security.auth.login.LoginException

Called by login() to acquire the username and password strings for authentication. This method does no validation of either.

Returns:: String[], [0] = username, [1] = password
Throws:: javax.security.auth.login.LoginException - thrown if CallbackHandler is not set or fails.

createPasswordHash

protected java.lang.String createPasswordHash(java.lang.String username,
                                              java.lang.String password)

If hashing is enabled, this method is called from login() prior to password validation.

Subclasses may override it to provide customized password hashing, for example by adding user-specific information or salting.

The default version calculates the hash based on the following options:

hashAlgorithm: The digest algorithm to use.
hashEncoding: The format used to store the hashes (base64 or hex)
hashCharset: The encoding used to convert the password to bytes for hashing.
digestCallback: The class name of the org.jboss.security.auth.spi.DigestCallback implementation that includes pre/post digest content like salts.

It will return null if the hash fails for any reason, which will in turn cause validatePassword() to fail.

Parameters:: username - ignored in default version; password - the password string to be hashed
Throws:: java.lang.SecurityException - - thrown if there is a failure to load the digestCallback

validatePassword

protected boolean validatePassword(java.lang.String inputPassword,
                                   java.lang.String expectedPassword)

A hook that allows subclasses to change the validation of the input password against the expected password. This version checks that neither inputPassword or expectedPassword are null that that inputPassword.equals(expectedPassword) is true;

Returns:: true if the inputPassword is valid, false otherwise.

getUsersPassword

protected abstract java.lang.String getUsersPassword()
                                              throws javax.security.auth.login.LoginException

Get the expected password for the current username available via the getUsername() method. This is called from within the login() method after the CallbackHandler has returned the username and candidate password.