AppservPasswordLoginModule (Java EE 5 SDK)

Overview

Package

Class

Tree

Deprecated

Index

Help

Java EE 5 SDK

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.sun.appserv.security
Class AppservPasswordLoginModule

java.lang.Object
  com.sun.appserv.security.AppservPasswordLoginModule

All Implemented Interfaces:: LoginModule

public abstract class AppservPasswordLoginModule
extends Object
implements LoginModule
extends Object
implements LoginModule

Abstract base class for password-based login modules.

Most login modules receive a username and password from the client (possibly through HTTP BASIC auth, or FORM, or other mechanism) and then make (or delegate) an authentication decision based on this data. This class provides common methods for such password-based login modules.

Subclasses need to implement the authenticate() method and later call commitAuthentication().

Field Summary
`protected boolean`	`_commitSucceeded`
`protected com.sun.enterprise.security.auth.realm.Realm`	`_currentRealm`
`protected String[]`	`_groupsList`
`protected Logger`	`_logger`
`protected Map`	`_options`
`protected String`	`_password`
`protected Map`	`_sharedState`
`protected Subject`	`_subject`
`protected boolean`	`_succeeded`
`protected String`	`_username`
`protected com.sun.enterprise.deployment.PrincipalImpl`	`_userPrincipal`
`protected static com.sun.enterprise.util.i18n.StringManager`	`sm`

Constructor Summary
`AppservPasswordLoginModule()`

Method Summary
`boolean`	`abort()` Abort the authentication process.
`protected abstract void`	`authenticateUser()` Perform authentication decision.
`boolean`	`commit()` Commit the authentication.
`void`	`commitUserAuthentication(String[] groups)` This is a convenience method which can be used by subclasses Note that this method is called after the authentication has succeeded.
`Subject`	`getSubject()`
`void`	`initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)` Initialize this login module.
`boolean`	`login()` Perform login.
`boolean`	`logout()` Log out the subject.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

_subject

protected Subject _subject

_sharedState

protected Map _sharedState

_options

protected Map _options

_username

protected String _username

_password

protected String _password

_currentRealm

protected com.sun.enterprise.security.auth.realm.Realm _currentRealm

_succeeded

protected boolean _succeeded

_commitSucceeded

protected boolean _commitSucceeded

_userPrincipal

protected com.sun.enterprise.deployment.PrincipalImpl _userPrincipal

_groupsList

protected String[] _groupsList

_logger

protected Logger _logger

sm

protected static final com.sun.enterprise.util.i18n.StringManager sm

Constructor Detail

AppservPasswordLoginModule

public AppservPasswordLoginModule()

Method Detail

initialize

public final void initialize(Subject subject,
                             CallbackHandler callbackHandler,
                             Map sharedState,
                             Map options)

Initialize this login module.

Specified by:: initialize in interface LoginModule

Parameters:: subject - - the Subject to be authenticated.; callbackHandler - - a CallbackHandler for obtaining the subject username and password.; sharedState - - state shared with other configured LoginModules.; options - - options specified in the login Configuration for this particular LoginModule.

login

public final boolean login()
                    throws LoginException

Perform login.

The callback handler is used to obtain authentication info for the subject and a login is attempted. This PasswordLoginModule expects to find a PasswordCredential in the private credentials of the Subject. If not present the login fails. The callback handler is ignored as it is not really relevant on the server side. Finally, the authenticate() method is invoked.

Specified by:: login in interface LoginModule

Throws:: LoginException - Thrown if login failed, or on other problems.

commit

public boolean commit()
               throws LoginException

Commit the authentication.

Commit is called after all necessary login modules have succeeded. It adds (if not present) a PrincipalImpl principal and a LocalCredentials public credential to the Subject.

Specified by:: commit in interface LoginModule

Throws:: LoginException - If commit fails.

abort

public final boolean abort()
                    throws LoginException

Abort the authentication process.

Specified by:: abort in interface LoginModule

Throws:: LoginException

logout

public final boolean logout()
                     throws LoginException

Log out the subject.

Specified by:: logout in interface LoginModule

Throws:: LoginException

commitUserAuthentication

public final void commitUserAuthentication(String[] groups)

This is a convenience method which can be used by subclasses

Note that this method is called after the authentication has succeeded. If authentication failed do not call this method. Global instance field succeeded is set to true by this method.

Parameters:: groups - String array of group memberships for user (could be empty).

getSubject

public Subject getSubject()

Returns:: the subject being authenticated. use case: A custom login module could overwrite commit() method, and call getSubject() to get subject being authenticated inside its commit(). Custom principal then can be added to subject. By doing this,custom principal will be stored in calling thread's security context and participate in following Appserver's authorization.

authenticateUser

protected abstract void authenticateUser()
                                  throws LoginException

Perform authentication decision. Method returns silently on success and returns a LoginException on failure.

Throws:: LoginException - on authentication failure.