Class LoginContextDriver
- java.lang.Object
-
- com.sun.enterprise.security.auth.login.LoginContextDriver
-
public class LoginContextDriver extends Object
This class is invoked implicitly by the server to log in the user information that was sent on the wire by the client. Clients will use the doClientLogin method to simulate authentication to the server.- Author:
- Harpreet Singh ([email protected]), Jyri Virkki
-
-
Field Summary
Fields Modifier and Type Field Description static String
CERT_REALMNAME
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static Subject
doClientLogin(int type, CallbackHandler jaasHandler)
Perform login on the client side.static void
doClientLogout()
Perform logout on the client side.static void
doX500Login(Subject s, String appModuleID)
A special case login for X500Principal credentials.static Subject
jmacLogin(Subject subject, String username, char[] password, String realmName)
Performs login for JMAC security.static Subject
jmacLogin(Subject subject, String identityAssertion, String realm)
static Subject
jmacLogin(Subject subject, X500Principal x500Principal)
static void
login(AssertedCredentials asrtCred)
static void
login(DigestCredentials digestCred)
Performs Digest authentication based on RFC 2617.static void
login(String username, char[] password, String realmName)
This method is just a convenience wrapper for login(Subject, Class) method.static void
login(Subject subject, Class cls)
This method performs the login on the server side.static void
loginPrincipal(String username, String realmName)
This method is used for logging in a run As principal.static void
logout()
This method logs out the user by clearing the security context.
-
-
-
Field Detail
-
CERT_REALMNAME
public static final String CERT_REALMNAME
- See Also:
- Constant Field Values
-
-
Method Detail
-
login
public static void login(String username, char[] password, String realmName)
This method is just a convenience wrapper for login(Subject, Class) method. It will construct a PasswordCredential class.- Parameters:
String
- usernameString
- passwordString
- realmName the name of the realm to login into, if realmName is null, we login into the default realm
-
login
public static void login(AssertedCredentials asrtCred) throws LoginException
- Throws:
LoginException
-
login
public static void login(Subject subject, Class cls) throws LoginException
This method performs the login on the server side.This method is the main login method for S1AS. It is called with a Subject and the type (class) of credential which should be checked. The Subject must contain a credential of the specified type or login will fail.
While the implementation has been cleaned up, the login process still consists of a number of special cases which are treated separately at the realm level. In the future tighter JAAS integration could clean some of this up.
The following credential types are recognized at this time:
- PasswordCredential - This is the general case for all login methods which rely on the client providing a name and password. It can be used with any realms/JAAS login modules which expect such data (e.g. file realm, LDAP realm, UNIX realm)
- X509CertificateCredential - Special case for SSL client auth. Here authentication has already been done by the SSL subsystem so this login only creates a security context based on the certificate data.
- AnonCredential - Unauthenticated session, set anonymous security context.
- GSSUPName - Retrieve user and realm and set security context.
- X500Principal - Retrieve user and realm and set security context.
- Parameters:
Subject
- the subject of the clientClass
- the class of the credential packaged in the subject.- Throws:
LoginException
-
loginPrincipal
public static void loginPrincipal(String username, String realmName) throws LoginException
This method is used for logging in a run As principal. It creates a JAAS subject whose credential is to type GSSUPName. This is used primarily for runas- Throws:
LoginException
-
logout
public static void logout() throws LoginException
This method logs out the user by clearing the security context.- Throws:
LoginException
-
jmacLogin
public static Subject jmacLogin(Subject subject, String username, char[] password, String realmName) throws LoginException
Performs login for JMAC security. The difference between this method and others is that it just verifies whether the login will succeed in the given realm. It does not set the result of the authentication in the appserver runtime environment A silent return from this method means that the given user succeeding in authenticating with the given password in the given realm- Parameters:
subject
-username
-password
-realmName
- the realm to authenticate under- Throws:
LoginException
-
jmacLogin
public static Subject jmacLogin(Subject subject, X500Principal x500Principal) throws LoginException
- Throws:
LoginException
-
jmacLogin
public static Subject jmacLogin(Subject subject, String identityAssertion, String realm) throws LoginException
- Throws:
LoginException
-
doX500Login
public static void doX500Login(Subject s, String appModuleID) throws LoginException
A special case login for X500Principal credentials. This is invoked for certificate login because the containers extract the X.500 name from the X.509 certificate before calling into this class.- Throws:
LoginException
-
doClientLogin
public static Subject doClientLogin(int type, CallbackHandler jaasHandler) throws LoginException
Perform login on the client side. It just simulates the login on the client side. The method uses the callback handlers and generates correct credential information that will be later sent to the server- Parameters:
int
- type whether it is username_password or certificate based login.CallbackHandler
- the callback handler to gather user information.- Throws:
LoginException
- the exception thrown by the callback handler.
-
doClientLogout
public static void doClientLogout() throws LoginException
Perform logout on the client side.- Throws:
LoginException
-
login
public static void login(DigestCredentials digestCred) throws LoginException
Performs Digest authentication based on RFC 2617. It- Parameters:
digestCred
- DigestCredentials- Throws:
LoginException
-
-