org.jboss.security.srp.jaas
Class SRPCacheLoginModule
java.lang.Object
org.jboss.security.srp.jaas.SRPCacheLoginModule
- All Implemented Interfaces:
- LoginModule
public class SRPCacheLoginModule
- extends Object
- implements LoginModule
A server side login module that validates a username and
session client challenge response against the cache of authentication
info maintained by the SRPService mbean. This module needs
a CallbackHandler that supplies the user principal and
credential via the SecurityAssociationCallback object.
module options:
cacheJndiName, the JNDI name of the CachePolicy of
information managed by the SRPSerice.
domainName,
- Version:
- $Revision: 57210 $
- Author:
- Scott.Stark@jboss.org
|
Method Summary |
boolean |
abort()
|
boolean |
commit()
All login modules have completed the login() phase, commit if we
succeeded. |
void |
initialize(Subject subject,
CallbackHandler handler,
Map sharedState,
Map options)
Initialize the login module. |
boolean |
login()
Access the user Principal object and credentials by passing a
SecurityAssociationCallback object to the registered CallbackHandler. |
boolean |
logout()
Remove the userPrincipal, clientChallenge and sessionKey associated
with the subject during commit(). |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SRPCacheLoginModule
public SRPCacheLoginModule()
initialize
public void initialize(Subject subject,
CallbackHandler handler,
Map sharedState,
Map options)
- Initialize the login module.
- Specified by:
initialize in interface LoginModule
- Parameters:
subject, - the subject to authenticatehandler, - the app CallbackHandler used to obtain username & passwordsharedState, - used to propagate the authenticated principal and
credential hash.options, - the login module options. These include:
cacheJndiName: the JNDI name of the CachePolicy of
information managed by the SRPSerice.
domainName: the security domain name.
login
public boolean login()
throws LoginException
- Access the user Principal object and credentials by passing a
SecurityAssociationCallback object to the registered CallbackHandler. This
method then validates the user by looking up the cache information using
the Principal object as the key and compares the cache credential against the
the credential obtained from the SecurityAssociationCallback. The
login credential should be the M1 verifcation challenge byte[].
- Specified by:
login in interface LoginModule
- Returns:
- true is login succeeds, false if login does not apply.
- Throws:
LoginException, - thrown on login failure.
LoginException
commit
public boolean commit()
throws LoginException
- All login modules have completed the login() phase, commit if we
succeeded. This entails adding the princial to the subject Principals set.
It also adds the client challenge response to the PublicCredentials set
and the private session key to the PrivateCredentials set as a SecretKeySpec.
- Specified by:
commit in interface LoginModule
- Returns:
- false, if the login() failed, true if the commit succeeds.
- Throws:
LoginException, - thrown on failure to add the principal.
LoginException
abort
public boolean abort()
throws LoginException
- Specified by:
abort in interface LoginModule
- Throws:
LoginException
logout
public boolean logout()
throws LoginException
- Remove the userPrincipal, clientChallenge and sessionKey associated
with the subject during commit().
- Specified by:
logout in interface LoginModule
- Returns:
- true always.
- Throws:
LoginException, - thrown on exception during remove of the Principal
added during the commit.
LoginException
Copyright © 2002 JBoss Group, LLC. All Rights Reserved.