SRPLoginModule

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS (src) NEXT CLASS (src)

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jboss.security.srp.jaas
Class SRPLoginModule

java.lang.Object
  org.jboss.security.srp.jaas.SRPLoginModule

All Implemented Interfaces:: javax.security.auth.spi.LoginModule

public class SRPLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule

A login module that uses the SRP protocol documented in RFC2945 to authenticate a username & password in a secure fashion without using an encrypted channel. The supported configuration options include:

principalClassName: the fully qualified class name of the java.security.Principal implementation to use. The implementation must provide a public constructor that accepts a single String argument representing the name of the principal. If not specified this defaults to org.jboss.security.SimplePrincipal.
srpServerJndiName: the JNDI name of the SRPServerInterface object to use for communicating with the SRP authentication server. If both srpServerJndiName and srpServerRmiUrl options are specified, the srpServerJndiName is tried before srpServerRmiUrl.
srpServerRmiUrl: the RMI protocol URL string for the location of the SRPServerInterface proxy to use for communicating with the SRP authentication server.

This product uses the 'Secure Remote Password' cryptographic authentication system developed by Tom Wu (tjw@CS.Stanford.EDU).

Constructor Summary
`SRPLoginModule()` Creates new SRPLoginModule

Method Summary
`boolean`	`abort()`
`boolean`	`commit()` All login modules have completed the login() phase, comit if we succeeded.
`void`	`initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler handler, java.util.Map sharedState, java.util.Map options)`
`boolean`	`login()` This is where the SRP protocol exchange occurs.
`boolean`	`logout()` Remove the userPrincipal associated with the subject.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SRPLoginModule

public SRPLoginModule()

Creates new SRPLoginModule

Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler handler,
                       java.util.Map sharedState,
                       java.util.Map options)

Specified by:: initialize in interface javax.security.auth.spi.LoginModule

Parameters:: subject - - the subject to authenticate; handler - - the app CallbackHandler used to obtain username & password; sharedState - - used to propagate the authenticated principal and credential hash.; options - - the login module options. These include: principalClassName: the java.security.Principal class name implimentation to use. srpServerJndiName: the jndi name of the SRPServerInterface implimentation to use. This is tried before srpServerRmiUrl. srpServerRmiUrl: the rmi url for the SRPServerInterface implimentation to use. externalRandomA: a true/false flag indicating if the random component of the client public key A should come from the user callback. hasAuxChallenge: A true/false flag indicating an that a string will be sent to the server as an additional challenge for the server to validate. If the client session supports an encryption cipher then a temporary cipher will be created and the challenge object sent as a SealedObject. multipleSessions: a true/false flag indicating if a given client may have multiple SRP login session active simultaneously.

login

public boolean login()
              throws javax.security.auth.login.LoginException

This is where the SRP protocol exchange occurs.

Specified by:: login in interface javax.security.auth.spi.LoginModule

Returns:: true is login succeeds, false if login does not apply.
Throws:: javax.security.auth.login.LoginException - thrown on login failure.

commit

public boolean commit()
               throws javax.security.auth.login.LoginException

All login modules have completed the login() phase, comit if we succeeded. This entails adding an instance of principalClassName to the subject principals set and the private session key to the PrivateCredentials set.

Specified by:: commit in interface javax.security.auth.spi.LoginModule

Returns:: false, if the login() failed, true if the commit succeeds.
Throws:: javax.security.auth.login.LoginException - thrown on failure to create a Principal.

abort

public boolean abort()
              throws javax.security.auth.login.LoginException

Specified by:: abort in interface javax.security.auth.spi.LoginModule

Throws:: javax.security.auth.login.LoginException

logout

public boolean logout()
               throws javax.security.auth.login.LoginException

Remove the userPrincipal associated with the subject.

Specified by:: logout in interface javax.security.auth.spi.LoginModule

Returns:: true always.
Throws:: javax.security.auth.login.LoginException - thrown on exception during remove of the Principal added during the commit.

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS (src) NEXT CLASS (src)

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jboss.security.srp.jaas Class SRPLoginModule

SRPLoginModule

initialize

login

commit

abort

logout

org.jboss.security.srp.jaas
Class SRPLoginModule