org.jboss.web.tomcat.security
Class HttpServletRequestLoginModule
java.lang.Object
org.jboss.security.auth.spi.AbstractServerLoginModule (src)
org.jboss.security.auth.spi.UsernamePasswordLoginModule (src)
org.jboss.web.tomcat.security.HttpServletRequestLoginModule
- All Implemented Interfaces:
- javax.security.auth.spi.LoginModule
- public abstract class HttpServletRequestLoginModule
- extends UsernamePasswordLoginModule (src)
An abstract subclass of UsernamePasswordLoginModule that makes the
HttpServletRequest from the client attempting to login available to the Login
Module.
You could invoke the getHttpServletRequest() inside your getUsersPassword()
method implementation, allowing you to access information from the
HttpServletRequest from the client, to perform things like denying access to
certain IP addresses, or to disallow a maximun number of login retries per IP
address, inserting attempts into a database.
- See Also:
getHttpServletRequest()
|
Field Summary |
protected HttpServletRequest |
request
Client's HttpServletRequest. |
|
Method Summary |
protected HttpServletRequest |
getHttpServletRequest()
Obtains the HttpServletRequest of the user attempting to authenticate
using the JACC HttpServletRequest policy context handler. |
protected abstract java.security.acl.Group[] |
getRoleSets()
Overriden by subclasses to return the Groups that correspond to the
to the role sets assigned to the user. |
protected abstract java.lang.String |
getUsersPassword()
Get the expected password for the current username available via the
getUsername() method. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
request
protected HttpServletRequest request
- Client's HttpServletRequest.
HttpServletRequestLoginModule
public HttpServletRequestLoginModule()
getHttpServletRequest
protected HttpServletRequest getHttpServletRequest()
throws PolicyContextException (src)
- Obtains the HttpServletRequest of the user attempting to authenticate
using the JACC HttpServletRequest policy context handler.
You could use this information to deny access when a number of login
retries per IP address has been attempted.
- Returns:
- the IP address of the user attempting to authenticate.
- Throws:
PolicyContextException (src)
getUsersPassword
protected abstract java.lang.String getUsersPassword()
throws javax.security.auth.login.LoginException
- Get the expected password for the current username available via the
getUsername() method. This is called from within the login() method after
the CallbackHandler has returned the username and candidate password.
You could use getHttpServletRequest() inside this method.
- Specified by:
getUsersPassword in class UsernamePasswordLoginModule (src)
- Returns:
- the valid password String
- Throws:
javax.security.auth.login.LoginException- See Also:
UsernamePasswordLoginModule.getUsersPassword()
getRoleSets
protected abstract java.security.acl.Group[] getRoleSets()
throws javax.security.auth.login.LoginException
- Description copied from class:
AbstractServerLoginModule (src)
- Overriden by subclasses to return the Groups that correspond to the
to the role sets assigned to the user. Subclasses should create at
least a Group named "Roles" that contains the roles assigned to the user.
A second common group is "CallerPrincipal" that provides the application
identity of the user rather than the security domain identity.
- Specified by:
getRoleSets in class AbstractServerLoginModule (src)
- Returns:
- Group[] containing the sets of roles
- Throws:
javax.security.auth.login.LoginException- See Also:
AbstractServerLoginModule.getRoleSets()