Package org.glassfish.security.services.impl

Class AuthenticationServiceImpl

  • All Implemented Interfaces:
    org.glassfish.hk2.api.PostConstruct, AuthenticationService, SecurityService
    @Service
@Singleton
public class AuthenticationServiceImpl
extends Object
implements AuthenticationService, org.glassfish.hk2.api.PostConstruct
    The Authentication Service Implementation. Use JAAS LoginContext with the LoginModule(s) specified by the service configuration.

    • Constructor Detail

      • AuthenticationServiceImpl

        public AuthenticationServiceImpl()

    • Method Detail

      • initialize

        public void initialize​(SecurityConfiguration securityServiceConfiguration)
        Initialize the Authentication Service configuration. Create the JAAS Configuration using the specified LoginModule configurations
        Specified by:
        initialize in interface SecurityService

      • login

        public Subject login​(String username,
                     char[] password,
                     Subject subject)
              throws LoginException
        Description copied from interface: AuthenticationService
        Log in a user with username and password.
        Specified by:
        login in interface AuthenticationService
        Parameters:
        username - The username.
        password - The password.
        subject - An optional Subject to receive principals and credentials for the logged in user. If provided, it will be returned as the return value; if not, a new Subject will be returned.
        Returns:
        A Subject representing the logged in user.
        Throws:
        LoginException

      • login

        public Subject login​(CallbackHandler cbh,
                     Subject subject)
              throws LoginException
        Description copied from interface: AuthenticationService
        Authenticate using a CallbackHandler to provider username/password, X.509 certificate, or Secure Admin token.
        Specified by:
        login in interface AuthenticationService
        Parameters:
        cbh - The CallbackHandler.
        subject - An optional Subject to receive principals and credentials for the logged in user. If provided, it will be returned as the return value; if not, a new Subject will be returned.
        Returns:
        A Subject representing the logged in user.
        Throws:
        LoginException

      • impersonate

        public Subject impersonate​(String user,
                           String[] groups,
                           Subject subject,
                           boolean virtual)
                    throws LoginException
        Description copied from interface: AuthenticationService
        Impersonate a user, specifying the user and group principal names that should be established in the resulting Subject. Note that, that this method always behaves as if virtual were true in the case that the underlying user store provider does not support user lookup.
        Specified by:
        impersonate in interface AuthenticationService
        Parameters:
        user - The username.
        groups - An array of group names. If virtual is true, group principals will be created using this array. If virtual is false and groups is non-null, it will be used to filter the groups returned by the configured UserStoreProvider.
        subject - An optional Subject to receive principals and credentials for the logged in user. If provided, it will be returned as the return value; if not, a new Subject will be returned.
        virtual - If true, simply create a subject with the given user and group names. If false, configured UserStoreProvider will be queried for the given username and a Subject created only if the user exists. Groups will be populated with the intersection of the groups parameter and the groups returned by the UserStoreProvider.
        Returns:
        A Subject representing the impersonated user.
        Throws:
        LoginException

      • postConstruct

        public void postConstruct()
        Handle lookup of authentication service configuration and initialization. If no service is configured the service run-time will throw exceptions. Addresses alternate configuration handling until adopt @Proxiable support.
        Specified by:
        postConstruct in interface org.glassfish.hk2.api.PostConstruct