org.jboss.security.srp.jaas
Class SRPCacheLoginModule
java.lang.Object
org.jboss.security.srp.jaas.SRPCacheLoginModule
- All Implemented Interfaces:
- javax.security.auth.spi.LoginModule
- public class SRPCacheLoginModule
- extends java.lang.Object
- implements javax.security.auth.spi.LoginModule
A server side login module that validates a username and
session client challenge response against the cache of authentication
info maintained by the SRPService mbean. This module needs
a CallbackHandler that supplies the user principal and
credential via the SecurityAssociationCallback object.
module options:
cacheJndiName, the JNDI name of the CachePolicy of
information managed by the SRPSerice.
domainName,
|
Method Summary |
boolean |
abort()
|
boolean |
commit()
All login modules have completed the login() phase, commit if we
succeeded. |
void |
initialize(javax.security.auth.Subject subject,
javax.security.auth.callback.CallbackHandler handler,
java.util.Map sharedState,
java.util.Map options)
Initialize the login module. |
boolean |
login()
Access the user Principal object and credentials by passing a
SecurityAssociationCallback object to the registered CallbackHandler. |
boolean |
logout()
Remove the userPrincipal, clientChallenge and sessionKey associated
with the subject during commit(). |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SRPCacheLoginModule
public SRPCacheLoginModule()
initialize
public void initialize(javax.security.auth.Subject subject,
javax.security.auth.callback.CallbackHandler handler,
java.util.Map sharedState,
java.util.Map options)
- Initialize the login module.
- Specified by:
initialize in interface javax.security.auth.spi.LoginModule
login
public boolean login()
throws javax.security.auth.login.LoginException
- Access the user Principal object and credentials by passing a
SecurityAssociationCallback object to the registered CallbackHandler. This
method then validates the user by looking up the cache information using
the Principal object as the key and compares the cache credential against the
the credential obtained from the SecurityAssociationCallback. The
login credential should be the M1 verifcation challenge byte[].
- Specified by:
login in interface javax.security.auth.spi.LoginModule
- Returns:
- true is login succeeds, false if login does not apply.
- Throws:
LoginException, - thrown on login failure.
javax.security.auth.login.LoginException
commit
public boolean commit()
throws javax.security.auth.login.LoginException
- All login modules have completed the login() phase, commit if we
succeeded. This entails adding the princial to the subject Principals set.
It also adds the client challenge response to the PublicCredentials set
and the private session key to the PrivateCredentials set as a SecretKeySpec.
- Specified by:
commit in interface javax.security.auth.spi.LoginModule
- Returns:
- false, if the login() failed, true if the commit succeeds.
- Throws:
LoginException, - thrown on failure to add the principal.
javax.security.auth.login.LoginException
abort
public boolean abort()
throws javax.security.auth.login.LoginException
- Specified by:
abort in interface javax.security.auth.spi.LoginModule
- Throws:
javax.security.auth.login.LoginException
logout
public boolean logout()
throws javax.security.auth.login.LoginException
- Remove the userPrincipal, clientChallenge and sessionKey associated
with the subject during commit().
- Specified by:
logout in interface javax.security.auth.spi.LoginModule
- Returns:
- true always.
- Throws:
LoginException, - thrown on exception during remove of the Principal
added during the commit.
javax.security.auth.login.LoginException