Package alluxio.security.login

Class AppLoginModule

  • All Implemented Interfaces:
    javax.security.auth.spi.LoginModule
    @NotThreadSafe
public final class AppLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule
    An app login module that creates a user based on the user name provided through application configuration. Specifically, through Alluxio property alluxio.security.login.username. This module is useful if multiple Alluxio clients running under same OS user name want to get different identifies (for resource and data management), or if Alluxio clients running under different OS user names want to get same identify.

    • Constructor Detail

      • AppLoginModule

        public AppLoginModule()
        Constructs a new AppLoginModule.

    • Method Detail

      • initialize

        public void initialize​(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map<java.lang.String,​?> sharedState,
                       java.util.Map<java.lang.String,​?> options)
        Specified by:
        initialize in interface javax.security.auth.spi.LoginModule

      • login

        public boolean login()
              throws javax.security.auth.login.LoginException
        Retrieves the user name by querying the property of PropertyKey.SECURITY_LOGIN_USERNAME through AppLoginModule.AppCallbackHandler.
        Specified by:
        login in interface javax.security.auth.spi.LoginModule
        Returns:
        true if user name provided by application is set and not empty
        Throws:
        javax.security.auth.login.LoginException - when the login fails

      • abort

        public boolean abort()
              throws javax.security.auth.login.LoginException
        Aborts the authentication (second phase).

        This method is called if the LoginContext's overall authentication failed. (login failed) It cleans up any state that was changed in the login and commit methods.

        Specified by:
        abort in interface javax.security.auth.spi.LoginModule
        Returns:
        true in all cases
        Throws:
        javax.security.auth.login.LoginException - when the abortion fails

      • commit

        public boolean commit()
               throws javax.security.auth.login.LoginException
        Commits the authentication (second phase).

        This method is called if the LoginContext's overall authentication succeeded. The implementation first checks if there is already Alluxio user in the subject. If not, it adds the previously logged in Alluxio user into the subject.

        Specified by:
        commit in interface javax.security.auth.spi.LoginModule
        Returns:
        true if an Alluxio user is found or created
        Throws:
        javax.security.auth.login.LoginException - not Alluxio user is found or created

      • logout

        public boolean logout()
               throws javax.security.auth.login.LoginException
        Logs out the user

        The implementation removes the User associated with the Subject.

        Specified by:
        logout in interface javax.security.auth.spi.LoginModule
        Returns:
        true in all cases
        Throws:
        javax.security.auth.login.LoginException - if logout fails