Package com.sun.enterprise.security
Class BaseCertificateLoginModule
- java.lang.Object
-
- com.sun.enterprise.security.BaseCertificateLoginModule
-
- All Implemented Interfaces:
LoginModule
public abstract class BaseCertificateLoginModule extends Object implements LoginModule
Abstract base class for certificate-based login modules.Subclasses need to implement the authenticateUser() method and later call commitUserAuthentication().
-
-
Constructor Summary
Constructors Constructor Description BaseCertificateLoginModule()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description boolean
abort()
protected abstract void
authenticateUser()
Perform authentication decision.boolean
commit()
protected void
commitUserAuthentication(String[] groups)
This is a convenience method which can be used by subclassesprotected String
getAppName()
Get the application name.protected X509Certificate[]
getCerts()
Get the certificate chain presented by the client.protected Subject
getSubject()
Return the subject being authenticated.protected X500Principal
getX500Principal()
Returns the subject (subject distinguished name) value from the first certificate, in the client certificate chain, as anX500Principal
.void
initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
boolean
login()
boolean
logout()
-
-
-
Method Detail
-
initialize
public final void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
- Specified by:
initialize
in interfaceLoginModule
-
login
public final boolean login() throws LoginException
- Specified by:
login
in interfaceLoginModule
- Throws:
LoginException
-
commit
public final boolean commit() throws LoginException
- Specified by:
commit
in interfaceLoginModule
- Throws:
LoginException
-
abort
public final boolean abort() throws LoginException
- Specified by:
abort
in interfaceLoginModule
- Throws:
LoginException
-
logout
public final boolean logout() throws LoginException
- Specified by:
logout
in interfaceLoginModule
- Throws:
LoginException
-
commitUserAuthentication
protected final void commitUserAuthentication(String[] groups)
This is a convenience method which can be used by subclasses
Note that this method is called after the authentication has succeeded. If authentication failed do not call this method. This method sets the authentication status to success if the groups parameter is non-null.
- Parameters:
groups
- String array of group memberships for user (could be empty).
-
authenticateUser
protected abstract void authenticateUser() throws LoginException
Perform authentication decision. Method returns silently on success and returns a LoginException on failure.Must be overridden to add custom functionality.
- Throws:
LoginException
- on authentication failure.
-
getAppName
protected final String getAppName()
Get the application name.This may be useful when a single LoginModule has to handle multiple applications that use certificates.
- Returns:
- the application name. Non-null only for web container.
-
getCerts
protected X509Certificate[] getCerts()
Get the certificate chain presented by the client.- Returns:
- the certificate chain from the client.
-
getX500Principal
protected X500Principal getX500Principal()
Returns the subject (subject distinguished name) value from the first certificate, in the client certificate chain, as anX500Principal
. If the subject value is empty, then thegetName()
method of the returnedX500Principal
object returns an empty string ("").- Returns:
- an
X500Principal
representing the subject distinguished name from thr first certificate, in the client certificate chain;
-
getSubject
protected Subject getSubject()
Return the subject being authenticated.- Returns:
- the subject being authenticated.
-
-