Package alluxio.security.login

Class AlluxioLoginModule

  • All Implemented Interfaces:
    javax.security.auth.spi.LoginModule
    @NotThreadSafe
public final class AlluxioLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule
    A login module that search the Kerberos or OS user from Subject, and then convert to an Alluxio user. It does not really authenticate the user in its login method.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean abort()
      Aborts the authentication (second phase).
      boolean commit()
      Commits the authentication (second phase).
      void initialize​(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map<java.lang.String,​?> sharedState, java.util.Map<java.lang.String,​?> options)  
      boolean login()
      Authenticates the user (first phase).
      boolean logout()
      Logs out the user.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

    • Method Detail

      • initialize

        public void initialize​(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map<java.lang.String,​?> sharedState,
                       java.util.Map<java.lang.String,​?> options)
        Specified by:
        initialize in interface javax.security.auth.spi.LoginModule

      • login

        public boolean login()
              throws javax.security.auth.login.LoginException
        Authenticates the user (first phase). The implementation does not really authenticate the user here. Always return true.
        Specified by:
        login in interface javax.security.auth.spi.LoginModule
        Returns:
        true in all cases
        Throws:
        javax.security.auth.login.LoginException - when the login fails

      • abort

        public boolean abort()
              throws javax.security.auth.login.LoginException
        Aborts the authentication (second phase). This method is called if the LoginContext's overall authentication failed. (login failed) It cleans up any state that was changed in the login and commit methods.
        Specified by:
        abort in interface javax.security.auth.spi.LoginModule
        Returns:
        true in all cases
        Throws:
        javax.security.auth.login.LoginException - when the abortion fails

      • commit

        public boolean commit()
               throws javax.security.auth.login.LoginException
        Commits the authentication (second phase). This method is called if the LoginContext's overall authentication succeeded. (login succeeded) The implementation searches the Kerberos or OS user in the Subject. If existed, convert it to an Alluxio user and add into the Subject.
        Specified by:
        commit in interface javax.security.auth.spi.LoginModule
        Returns:
        true in all cases
        Throws:
        javax.security.auth.login.LoginException - if the user extending a specific Principal is not found

      • logout

        public boolean logout()
               throws javax.security.auth.login.LoginException
        Logs out the user. The implementation removes the User associated with the Subject.
        Specified by:
        logout in interface javax.security.auth.spi.LoginModule
        Returns:
        true in all cases
        Throws:
        javax.security.auth.login.LoginException - if logout fails