com.sun.enterprise.security

Class BasePasswordLoginModule

java.lang.Object

com.sun.enterprise.security.BasePasswordLoginModule

All Implemented Interfaces:

LoginModule

Direct Known Subclasses:

AppservPasswordLoginModule, FileLoginModule, JDBCLoginModule, LDAPLoginModule, SolarisLoginModule

public abstract class BasePasswordLoginModule
extends Object
implements LoginModule

Abstract base class for password-based login modules.

Most login modules receive a username and password from the client (possibly through HTTP BASIC auth, or FORM, or other mechanism) and then make (or delegate) an authentication decision based on this data. This class provides common methods for such password-based login modules.

Subclasses need to implement the authenticateUser() method and later call commitUserAuthentication().

Field Summary

Fields

Modifier and Type	Field and Description
protected boolean	_commitSucceeded
protected Realm	_currentRealm
protected String[]	_groupsList
protected static Logger	_logger
protected Map	_options
protected char[]	_passwd
protected String	_password
protected Map	_sharedState
protected Subject	_subject
protected boolean	_succeeded
protected String	_username
protected PrincipalImpl	_userPrincipal
protected static StringManager	sm

Constructor Summary

Constructors

Constructor and Description
BasePasswordLoginModule()

Method Summary

Modifier and Type	Method and Description
boolean	abort() Abort the authentication process.
protected abstract void	authenticateUser() Perform authentication decision.
boolean	commit() Commit the authentication.
void	commitUserAuthentication(String[] groups) This is a convenience method which can be used by subclasses
void	extractCredentials() Method to extract container-provided username and password
Realm	getCurrentRealm()
String[]	getGroupsList()
String	getPassword() Deprecated - password is preferred to be a char[]
char[]	getPasswordChar()
<T> T	getRealm(Class<T> realmClazz, String exceptionMsgKey)
Subject	getSubject()
String	getUsername()
PrincipalImpl	getUserPrincipal()
void	initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) Initialize this login module.
boolean	isCommitSucceeded()
boolean	isSucceeded()
boolean	login() Perform login.
boolean	logout() Log out the subject.
void	setLoginModuleForAuthentication(LoginModule userDefinedLoginModule)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

_logger

protected static final Logger _logger

sm

protected static final StringManager sm

_subject

protected Subject _subject

_sharedState

protected Map _sharedState

_options

protected Map _options

_username

protected String _username

_password

protected String _password

_passwd

protected char[] _passwd

_currentRealm

protected Realm _currentRealm

_succeeded

protected boolean _succeeded

_commitSucceeded

protected boolean _commitSucceeded

_userPrincipal

protected PrincipalImpl _userPrincipal

_groupsList

protected String[] _groupsList

Constructor Detail

BasePasswordLoginModule

public BasePasswordLoginModule()

Method Detail

initialize

public final void initialize(Subject subject,
                             CallbackHandler callbackHandler,
                             Map sharedState,
                             Map options)

Initialize this login module.

Specified by:

initialize in interface LoginModule

Parameters:

subject - - the Subject to be authenticated.

callbackHandler - - a CallbackHandler for obtaining the subject username and password.

sharedState - - state shared with other configured LoginModules.

options - - options specified in the login Configuration for this particular LoginModule.

login

public final boolean login()
                    throws LoginException

Perform login.

The callback handler is used to obtain authentication info for the subject and a login is attempted. This PasswordLoginModule expects to find a PasswordCredential in the private credentials of the Subject. If not present the login fails. The callback handler is ignored as it is not really relevant on the server side. Finally, the authenticateUser() method is invoked.

Specified by:

login in interface LoginModule

Throws:

LoginException - Thrown if login failed, or on other problems.

commit

public boolean commit()
               throws LoginException

Commit the authentication.

Commit is called after all necessary login modules have succeeded. It adds (if not present) a PrincipalImpl principal and a LocalCredentials public credential to the Subject.

Specified by:

commit in interface LoginModule

Throws:

LoginException - If commit fails.

abort

public final boolean abort()
                    throws LoginException

Abort the authentication process.

Specified by:

abort in interface LoginModule

Throws:

LoginException

logout

public final boolean logout()
                     throws LoginException

Log out the subject.

Specified by:

logout in interface LoginModule

Throws:

LoginException

commitUserAuthentication

public final void commitUserAuthentication(String[] groups)

This is a convenience method which can be used by subclasses

Note that this method is called after the authentication has succeeded. If authentication failed do not call this method. Global instance field succeeded is set to true by this method.

Parameters:

groups - String array of group memberships for user (could be empty).

getSubject

public Subject getSubject()

Returns:

the subject being authenticated. use case: A custom login module could overwrite commit() method, and call getSubject() to get subject being authenticated inside its commit(). Custom principal then can be added to subject. By doing this,custom principal will be stored in calling thread's security context and participate in following Appserver's authorization.

extractCredentials

public final void extractCredentials()
                              throws LoginException

Method to extract container-provided username and password

Throws:

LoginException

authenticateUser

protected abstract void authenticateUser()
                                  throws LoginException

Perform authentication decision. Method returns silently on success and returns a LoginException on failure.

Throws:

LoginException - on authentication failure.

setLoginModuleForAuthentication

public void setLoginModuleForAuthentication(LoginModule userDefinedLoginModule)

getUsername

public String getUsername()

Returns:

the username sent by container - is made available to the custom login module using the protected _username field. Use Case: A custom login module could use the username to validate against a realm of users

getPassword

public String getPassword()

Deprecated - password is preferred to be a char[]

getPasswordChar

public char[] getPasswordChar()

Returns:

the password sent by container - is made available to the custom login module using the protected _password field. Use Case: A custom login module could use the password to validate against a custom realm of usernames and passwords Password is preferred to be a char[] instead of a string

getCurrentRealm

public Realm getCurrentRealm()

Returns:

the currentRealm - for backward compatibility

isSucceeded

public boolean isSucceeded()

Returns:

the succeeded state - for backward compatibility

isCommitSucceeded

public boolean isCommitSucceeded()

Returns:

the commitsucceeded state - for backward compatibility

getUserPrincipal

public PrincipalImpl getUserPrincipal()

Returns:

the UserPrincipal - for backward compatibility

getGroupsList

public String[] getGroupsList()

Returns:

the groupList - for backward compatibility

getRealm

public <T> T getRealm(Class<T> realmClazz,
                      String exceptionMsgKey)
               throws LoginException

Throws:

LoginException