org.modeshape.jcr.security

Class JaasProvider

java.lang.Object

org.modeshape.jcr.security.JaasProvider

All Implemented Interfaces:

AuthenticationProvider

public class JaasProvider
extends Object
implements AuthenticationProvider

An implementation of AuthenticationProvider that uses a supplied JAAS policy to perform all authentication and role-based authorization.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	JaasProvider.SubjectResolver An extension point for the JaasProvider class that allows for custom logic for finding the current JAAS Subject, if not already available via the Subject.getSubject(AccessController.getContext()) method.

Constructor Summary

Constructors

Constructor and Description
JaasProvider(String policyName) Create a JAAS provider for authentication and authorization, using the supplied name for the login configuration.

Method Summary

Modifier and Type	Method and Description
ExecutionContext	authenticate(Credentials credentials, String repositoryName, String workspaceName, ExecutionContext repositoryContext, Map<String,Object> sessionAttributes) Authenticate the user that is using the supplied credentials.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JaasProvider

public JaasProvider(String policyName)
             throws LoginException

Create a JAAS provider for authentication and authorization, using the supplied name for the login configuration.

Parameters:

policyName - the name that will be used for the login context

Throws:

LoginException - if the caller-specified name does not appear in the Configuration and there is no Configuration entry for "other", or if the auth.login.defaultCallbackHandler security property was set, but the implementation class could not be loaded.

Method Detail

authenticate

public ExecutionContext authenticate(Credentials credentials,
                                     String repositoryName,
                                     String workspaceName,
                                     ExecutionContext repositoryContext,
                                     Map<String,Object> sessionAttributes)

Description copied from interface: AuthenticationProvider

Authenticate the user that is using the supplied credentials. If the supplied credentials are authenticated, this method should construct an ExecutionContext that reflects the authenticated environment, including the context's valid security context that will be used for authorization throughout.

Note that each provider is handed a map into which it can place name-value pairs that will be used in the Session attributes of the Session that results from this authentication attempt. ModeShape will ignore any attributes if this provider does not authenticate the credentials.

Specified by:

authenticate in interface AuthenticationProvider

Parameters:

credentials - the user's JCR credentials, which may be an AnonymousCredentials if authenticating as an anonymous user

repositoryName - the name of the JCR repository; never null

workspaceName - the name of the JCR workspace; never null

repositoryContext - the execution context of the repository, which may be wrapped by this method

sessionAttributes - the map of name-value pairs that will be placed into the Session attributes; never null

Returns:

the execution context for the authenticated user, or null if this provider could not authenticate the user