Package com.sun.enterprise.security

Class BasePasswordLoginModule

  • All Implemented Interfaces:
    LoginModule
    Direct Known Subclasses:
    AppservPasswordLoginModule, FileLoginModule, JDBCLoginModule, LDAPLoginModule, SolarisLoginModule
    public abstract class BasePasswordLoginModule
extends Object
implements LoginModule
    Abstract base class for password-based login modules.

    Most login modules receive a username and password from the client (possibly through HTTP BASIC auth, or FORM, or other mechanism) and then make (or delegate) an authentication decision based on this data. This class provides common methods for such password-based login modules.

    Subclasses need to implement the authenticateUser() method and later call commitUserAuthentication().

    • Field Detail

      • LOGGER

        protected static final Logger LOGGER

      • _subject

        protected Subject _subject

      • _sharedState

        protected Map _sharedState

      • _options

        protected Map _options

      • _username

        protected String _username

      • _password

        protected String _password

      • _passwd

        protected char[] _passwd

      • _currentRealm

        protected Realm _currentRealm

      • _succeeded

        protected boolean _succeeded

      • _commitSucceeded

        protected boolean _commitSucceeded

      • _groupsList

        protected String[] _groupsList

    • Constructor Detail

      • BasePasswordLoginModule

        public BasePasswordLoginModule()

    • Method Detail

      • initialize

        public final void initialize​(Subject subject,
                             CallbackHandler callbackHandler,
                             Map sharedState,
                             Map options)
        Initialize this login module.
        Specified by:
        initialize in interface LoginModule
        Parameters:
        subject - - the Subject to be authenticated.
        callbackHandler - - a CallbackHandler for obtaining the subject username and password.
        sharedState - - state shared with other configured LoginModules.
        options - - options specified in the login Configuration for this particular LoginModule.

      • login

        public final boolean login()
                    throws LoginException
        Perform login.

        The callback handler is used to obtain authentication info for the subject and a login is attempted. This PasswordLoginModule expects to find a PasswordCredential in the private credentials of the Subject. If not present the login fails. The callback handler is ignored as it is not really relevant on the server side. Finally, the authenticateUser() method is invoked.

        Specified by:
        login in interface LoginModule
        Throws:
        LoginException - Thrown if login failed, or on other problems.

      • commit

        public boolean commit()
               throws LoginException
        Commit the authentication.

        Commit is called after all necessary login modules have succeeded. It adds (if not present) a PrincipalImpl principal and a LocalCredentials public credential to the Subject.

        Specified by:
        commit in interface LoginModule
        Throws:
        LoginException - If commit fails.

      • commitUserAuthentication

        public final void commitUserAuthentication​(String[] groups)

        This is a convenience method which can be used by subclasses

        Note that this method is called after the authentication has succeeded. If authentication failed do not call this method. Global instance field succeeded is set to true by this method.

        Parameters:
        groups - String array of group memberships for user (could be empty).

      • getSubject

        public Subject getSubject()
        Returns:
        the subject being authenticated. use case: A custom login module could overwrite commit() method, and call getSubject() to get subject being authenticated inside its commit(). Custom principal then can be added to subject. By doing this,custom principal will be stored in calling thread's security context and participate in following Appserver's authorization.

      • extractCredentials

        public final void extractCredentials()
                              throws LoginException
        Method to extract container-provided username and password
        Throws:
        LoginException

      • authenticateUser

        protected abstract void authenticateUser()
                                  throws LoginException
        Perform authentication decision. Method returns silently on success and returns a LoginException on failure.
        Throws:
        LoginException - on authentication failure.

      • setLoginModuleForAuthentication

        public void setLoginModuleForAuthentication​(LoginModule userDefinedLoginModule)

      • getUsername

        public String getUsername()
        Returns:
        the username sent by container - is made available to the custom login module using the protected _username field. Use Case: A custom login module could use the username to validate against a realm of users

      • getPassword

        public String getPassword()
        Deprecated - password is preferred to be a char[]

      • getPasswordChar

        public char[] getPasswordChar()
        Returns:
        the password sent by container - is made available to the custom login module using the protected _password field. Use Case: A custom login module could use the password to validate against a custom realm of usernames and passwords Password is preferred to be a char[] instead of a string

      • getCurrentRealm

        public Realm getCurrentRealm()
        Returns:
        the currentRealm - for backward compatibility

      • isSucceeded

        public boolean isSucceeded()
        Returns:
        the succeeded state - for backward compatibility

      • isCommitSucceeded

        public boolean isCommitSucceeded()
        Returns:
        the commitsucceeded state - for backward compatibility

      • getUserPrincipal

        public PrincipalImpl getUserPrincipal()
        Returns:
        the UserPrincipal - for backward compatibility

      • getGroupsList

        public String[] getGroupsList()
        Returns:
        the groupList - for backward compatibility