com.sun.enterprise.security.auth.login

Class LoginContextDriver

java.lang.Object

com.sun.enterprise.security.auth.login.LoginContextDriver

public class LoginContextDriver
extends Object

This class is invoked implicitly by the server to log in the user information that was sent on the wire by the client. Clients will use the doClientLogin method to simulate authentication to the server.

Author:

Harpreet Singh (hsingh@eng.sun.com), Jyri Virkki

Field Summary

Fields

Modifier and Type	Field and Description
static String	CERT_REALMNAME

Method Summary

Modifier and Type	Method and Description
static Subject	doClientLogin(int type, CallbackHandler jaasHandler) Perform login on the client side.
static void	doClientLogout() Perform logout on the client side.
static void	doX500Login(Subject s, String appModuleID) A special case login for X500Name credentials.
static Subject	jmacLogin(Subject subject, String username, char[] password, String realmName) Performs login for JMAC security.
static Subject	jmacLogin(Subject subject, String identityAssertion, String realm)
static Subject	jmacLogin(Subject subject, X500Principal x500Principal)
static void	login(AssertedCredentials asrtCred)
static void	login(DigestCredentials digestCred) Performs Digest authentication based on RFC 2617.
static void	login(String username, char[] password, String realmName) This method is just a convenience wrapper for login(Subject, Class) method.
static void	login(Subject subject, Class cls) This method performs the login on the server side.
static void	loginPrincipal(String username, String realmName) This method is used for logging in a run As principal.
static void	logout() This method logs out the user by clearing the security context.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CERT_REALMNAME

public static final String CERT_REALMNAME

See Also:

Constant Field Values

Method Detail

login

public static void login(String username,
                         char[] password,
                         String realmName)

This method is just a convenience wrapper for login(Subject, Class) method. It will construct a PasswordCredential class.

Parameters:

String - username

String - password

String - realmName the name of the realm to login into, if realmName is null, we login into the default realm

login

public static void login(AssertedCredentials asrtCred)
                  throws LoginException

Throws:

LoginException

login

public static void login(Subject subject,
                         Class cls)
                  throws LoginException

This method performs the login on the server side.

This method is the main login method for S1AS. It is called with a Subject and the type (class) of credential which should be checked. The Subject must contain a credential of the specified type or login will fail.

While the implementation has been cleaned up, the login process still consists of a number of special cases which are treated separately at the realm level. In the future tighter JAAS integration could clean some of this up.

The following credential types are recognized at this time:

• PasswordCredential - This is the general case for all login methods which rely on the client providing a name and password. It can be used with any realms/JAAS login modules which expect such data (e.g. file realm, LDAP realm, UNIX realm)
• X509CertificateCredential - Special case for SSL client auth. Here authentication has already been done by the SSL subsystem so this login only creates a security context based on the certificate data.
• AnonCredential - Unauthenticated session, set anonymous security context.
• GSSUPName - Retrieve user and realm and set security context.
• X500Name - Retrieve user and realm and set security context.

Parameters:

Subject - the subject of the client

Class - the class of the credential packaged in the subject.

Throws:

LoginException

loginPrincipal

public static void loginPrincipal(String username,
                                  String realmName)
                           throws LoginException

This method is used for logging in a run As principal. It creates a JAAS subject whose credential is to type GSSUPName. This is used primarily for runas

Throws:

LoginException

logout

public static void logout()
                   throws LoginException

This method logs out the user by clearing the security context.

Throws:

LoginException

jmacLogin

public static Subject jmacLogin(Subject subject,
                                String username,
                                char[] password,
                                String realmName)
                         throws LoginException

Performs login for JMAC security. The difference between this method and others is that it just verifies whether the login will succeed in the given realm. It does not set the result of the authentication in the appserver runtime environment A silent return from this method means that the given user succeeding in authenticating with the given password in the given realm

Parameters:

subject -

username -

password -

realmName - the realm to authenticate under

Throws:

LoginException

jmacLogin

public static Subject jmacLogin(Subject subject,
                                X500Principal x500Principal)
                         throws LoginException

Throws:

LoginException

jmacLogin

public static Subject jmacLogin(Subject subject,
                                String identityAssertion,
                                String realm)
                         throws LoginException

Throws:

LoginException

doX500Login

public static void doX500Login(Subject s,
                               String appModuleID)
                        throws LoginException

A special case login for X500Name credentials. This is invoked for certificate login because the containers extract the X.500 name from the X.509 certificate before calling into this class.

Throws:

LoginException

doClientLogin

public static Subject doClientLogin(int type,
                                    CallbackHandler jaasHandler)
                             throws LoginException

Perform login on the client side. It just simulates the login on the client side. The method uses the callback handlers and generates correct credential information that will be later sent to the server

Parameters:

int - type whether it is username_password or certificate based login.

CallbackHandler - the callback handler to gather user information.

Throws:

LoginException - the exception thrown by the callback handler.

doClientLogout

public static void doClientLogout()
                           throws LoginException

Perform logout on the client side.

Throws:

LoginException

login

public static void login(DigestCredentials digestCred)
                  throws LoginException

Performs Digest authentication based on RFC 2617. It

Parameters:

digestCred - DigestCredentials

Throws:

LoginException