Package com.sun.enterprise.security.auth.login

Class ClientPasswordLoginModule

  • All Implemented Interfaces:
    LoginModule
    public class ClientPasswordLoginModule
extends Object
implements LoginModule

    This client LoginModule obtains username/password credentials from TLS, a static variable, system properties or by asking the user for it interactively.

    The obtained credentials are then merely stored into the subject, meaning this login module doesn't actually authenticate anything. It only moves credentials from a credential source to the subject. This is then used by for instance ProgrammaticLogin to store that subject into a security context. IIOP (Remote EJB code) can then fetch the credentials again from this security context and transfer them to a remote server, where actual authentication takes place.

    Author:
    Harpreet Singh ([email protected])

    • Constructor Detail

      • ClientPasswordLoginModule

        public ClientPasswordLoginModule()

    • Method Detail

      • initialize

        public void initialize​(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,​?> sharedState,
                       Map<String,​?> options)
        Initialize this LoginModule.

        Specified by:
        initialize in interface LoginModule
        Parameters:
        subject - the Subject in which the credentials will be stored if obtained successfully.

        callbackHandler - a CallbackHandler for communicating with the end user (prompting for usernames and passwords, for example).

        sharedState - shared LoginModule state (unused)

        options - options specified in the login Configuration for this particular LoginModule (unused)

      • login

        public boolean login()
              throws LoginException
        Attempt to obtain non-null credentials from various sources. If non-null one are obtained, store them in the Subject.

        Specified by:
        login in interface LoginModule
        Returns:
        true in all cases since this LoginModule should not be ignored.
        Throws:
        FailedLoginException - if the authentication fails.

        LoginException - if this LoginModule is unable to perform the "authentication".

      • commit

        public boolean commit()
               throws LoginException

        This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).

        If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login method), then this method associates a PrincipalImpl with the Subject located in the LoginModule. If this LoginModule's own authentication attempted failed, then this method removes any state that was originally saved.

        Specified by:
        commit in interface LoginModule
        Returns:
        true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
        Throws:
        LoginException - if the commit fails.

      • abort

        public boolean abort()
              throws LoginException

        This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).

        If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login and commit methods), then this method cleans up any state that was originally saved.

        Specified by:
        abort in interface LoginModule
        Returns:
        false if this LoginModule's own login and/or commit attempts failed, and true otherwise.
        Throws:
        LoginException - if the abort fails.

      • logout

        public boolean logout()
               throws LoginException
        Logout the user.

        This method removes the PrincipalImpl that was added by the commit method.

        Specified by:
        logout in interface LoginModule
        Returns:
        true in all cases since this LoginModule should not be ignored.
        Throws:
        LoginException - if the logout fails.