org.rhq.enterprise.server.core.jaas
Class TempSessionLoginModule
java.lang.Object
org.jboss.security.auth.spi.AbstractServerLoginModule
org.jboss.security.auth.spi.UsernamePasswordLoginModule
org.rhq.enterprise.server.core.jaas.TempSessionLoginModule
- All Implemented Interfaces:
- javax.security.auth.spi.LoginModule
public class TempSessionLoginModule
- extends org.jboss.security.auth.spi.UsernamePasswordLoginModule
A "special" JAAS login module that checks to see if the password is a valid temporary session password. If it is, the
user is authenticated; if not, the user is denied access.
This is used mainly to support the use-case where a server component needs to submit a request that needs to again
be authenticated. In this case, the server doesn't know the user's true password; instead a temporary session
password was created for the user.
- Author:
- John Mazzitelli
| Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule |
callbackHandler, log, loginOk, options, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass |
|
Method Summary |
protected java.security.acl.Group[] |
getRoleSets()
|
protected java.lang.String |
getUsersPassword()
We don't know the user's true password, so we don't know the expected password; therefore, this returns an empty
string. |
void |
initialize(javax.security.auth.Subject theSubject,
javax.security.auth.callback.CallbackHandler theHandler,
java.util.Map theSharedState,
java.util.Map theOptions)
A place where this login module can initialize itself. |
protected boolean |
validatePassword(java.lang.String inputPassword,
java.lang.String expectedPassword)
Authenticates the user by seeing if the inputPassword is a valid temporary session password. |
| Methods inherited from class org.jboss.security.auth.spi.UsernamePasswordLoginModule |
createPasswordHash, getCredentials, getIdentity, getUnauthenticatedIdentity, getUsername, getUsernameAndPassword, getValidateError, login, setValidateError |
| Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule |
abort, commit, createGroup, createIdentity, getUseFirstPass, logout |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
TempSessionLoginModule
public TempSessionLoginModule()
initialize
public void initialize(javax.security.auth.Subject theSubject,
javax.security.auth.callback.CallbackHandler theHandler,
java.util.Map theSharedState,
java.util.Map theOptions)
- A place where this login module can initialize itself.
- Specified by:
initialize in interface javax.security.auth.spi.LoginModule- Overrides:
initialize in class org.jboss.security.auth.spi.UsernamePasswordLoginModule
- Parameters:
theSubject - theHandler - theSharedState - theOptions -
getUsersPassword
protected java.lang.String getUsersPassword()
- We don't know the user's true password, so we don't know the expected password; therefore, this returns an empty
string. This class overrides
validatePassword(String, String) so it can validate on the input password
that was entered by the client, since it is all we need to check validity.
- Specified by:
getUsersPassword in class org.jboss.security.auth.spi.UsernamePasswordLoginModule
- Returns:
- empty string
validatePassword
protected boolean validatePassword(java.lang.String inputPassword,
java.lang.String expectedPassword)
- Authenticates the user by seeing if the
inputPassword is a valid temporary session password.
expectedPassword is ignored.
- Overrides:
validatePassword in class org.jboss.security.auth.spi.UsernamePasswordLoginModule
- See Also:
UsernamePasswordLoginModule.validatePassword(String, String)
getRoleSets
protected java.security.acl.Group[] getRoleSets()
throws javax.security.auth.login.LoginException
- Specified by:
getRoleSets in class org.jboss.security.auth.spi.AbstractServerLoginModule
- Throws:
javax.security.auth.login.LoginException- See Also:
AbstractServerLoginModule.getRoleSets()
Copyright © 2008-2009 Red Hat, Inc.. All Rights Reserved.