Class BasePasswordLoginModule
- java.lang.Object
-
- com.sun.enterprise.security.BasePasswordLoginModule
-
- All Implemented Interfaces:
LoginModule
- Direct Known Subclasses:
PasswordLoginModule
,PasswordLoginModule
public abstract class BasePasswordLoginModule extends Object implements LoginModule
Abstract base class for password-based login modules.Most login modules receive a username and password from the client (possibly through HTTP BASIC auth, or FORM, or other mechanism) and then make (or delegate) an authentication decision based on this data. This class provides common methods for such password-based login modules.
Subclasses need to implement the authenticateUser() method and later call commitUserAuthentication().
-
-
Field Summary
Fields Modifier and Type Field Description protected boolean
_commitSucceeded
protected Realm
_currentRealm
protected String[]
_groupsList
protected static Logger
_logger
protected Map
_options
protected char[]
_passwd
protected String
_password
Deprecated.protected Map
_sharedState
protected Subject
_subject
protected boolean
_succeeded
protected String
_username
protected org.glassfish.security.common.PrincipalImpl
_userPrincipal
protected static com.sun.enterprise.util.i18n.StringManager
sm
-
Constructor Summary
Constructors Constructor Description BasePasswordLoginModule()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Deprecated Methods Modifier and Type Method Description boolean
abort()
Abort the authentication process.protected abstract void
authenticateUser()
Perform authentication decision.boolean
commit()
Commit the authentication.void
commitUserAuthentication(String[] groups)
This is a convenience method which can be used by subclassesvoid
extractCredentials()
Method to extract container-provided username and passwordRealm
getCurrentRealm()
String[]
getGroupsList()
String
getPassword()
Deprecated.char[]
getPasswordChar()
Subject
getSubject()
String
getUsername()
org.glassfish.security.common.PrincipalImpl
getUserPrincipal()
void
initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
Initialize this login module.boolean
isCommitSucceeded()
boolean
isSucceeded()
boolean
login()
Perform login.boolean
logout()
Log out the subject.void
setLoginModuleForAuthentication(LoginModule userDefinedLoginModule)
-
-
-
Field Detail
-
_subject
protected Subject _subject
-
_sharedState
protected Map _sharedState
-
_options
protected Map _options
-
_username
protected String _username
-
_password
@Deprecated protected String _password
Deprecated.
-
_passwd
protected char[] _passwd
-
_currentRealm
protected Realm _currentRealm
-
_succeeded
protected boolean _succeeded
-
_commitSucceeded
protected boolean _commitSucceeded
-
_userPrincipal
protected org.glassfish.security.common.PrincipalImpl _userPrincipal
-
_groupsList
protected String[] _groupsList
-
_logger
protected static final Logger _logger
-
sm
protected static final com.sun.enterprise.util.i18n.StringManager sm
-
-
Method Detail
-
initialize
public final void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
Initialize this login module.- Specified by:
initialize
in interfaceLoginModule
- Parameters:
subject
- - the Subject to be authenticated.callbackHandler
- - a CallbackHandler for obtaining the subject username and password.sharedState
- - state shared with other configured LoginModules.options
- - options specified in the login Configuration for this particular LoginModule.
-
login
public final boolean login() throws LoginException
Perform login.The callback handler is used to obtain authentication info for the subject and a login is attempted. This PasswordLoginModule expects to find a PasswordCredential in the private credentials of the Subject. If not present the login fails. The callback handler is ignored as it is not really relevant on the server side. Finally, the authenticateUser() method is invoked.
- Specified by:
login
in interfaceLoginModule
- Throws:
LoginException
- Thrown if login failed, or on other problems.
-
commit
public boolean commit() throws LoginException
Commit the authentication.Commit is called after all necessary login modules have succeeded. It adds (if not present) a PrincipalImpl principal and a LocalCredentials public credential to the Subject.
- Specified by:
commit
in interfaceLoginModule
- Throws:
LoginException
- If commit fails.
-
abort
public final boolean abort() throws LoginException
Abort the authentication process.- Specified by:
abort
in interfaceLoginModule
- Throws:
LoginException
-
logout
public final boolean logout() throws LoginException
Log out the subject.- Specified by:
logout
in interfaceLoginModule
- Throws:
LoginException
-
commitUserAuthentication
public final void commitUserAuthentication(String[] groups)
This is a convenience method which can be used by subclasses
Note that this method is called after the authentication has succeeded. If authentication failed do not call this method. Global instance field succeeded is set to true by this method.
- Parameters:
groups
- String array of group memberships for user (could be empty).
-
getSubject
public Subject getSubject()
- Returns:
- the subject being authenticated. use case: A custom login module could overwrite commit() method, and call getSubject() to get subject being authenticated inside its commit(). Custom principal then can be added to subject. By doing this,custom principal will be stored in calling thread's security context and participate in following Appserver's authorization.
-
extractCredentials
public final void extractCredentials() throws LoginException
Method to extract container-provided username and password- Throws:
LoginException
-
authenticateUser
protected abstract void authenticateUser() throws LoginException
Perform authentication decision. Method returns silently on success and returns a LoginException on failure.- Throws:
LoginException
- on authentication failure.
-
setLoginModuleForAuthentication
public void setLoginModuleForAuthentication(LoginModule userDefinedLoginModule)
-
getUsername
public String getUsername()
- Returns:
- the username sent by container - is made available to the custom login module using the protected _username field. Use Case: A custom login module could use the username to validate against a realm of users
-
getPassword
@Deprecated public String getPassword()
Deprecated.Deprecated - password is preferred to be a char[]
-
getPasswordChar
public char[] getPasswordChar()
- Returns:
- the password sent by container - is made available to the custom login module using the protected _password field. Use Case: A custom login module could use the password to validate against a custom realm of usernames and passwords Password is preferred to be a char[] instead of a string
-
getCurrentRealm
public Realm getCurrentRealm()
- Returns:
- the currentRealm - for backward compatability
-
isSucceeded
public boolean isSucceeded()
- Returns:
- the succeeded state - for backward compatability
-
isCommitSucceeded
public boolean isCommitSucceeded()
- Returns:
- the commitsucceeded state - for backward compatability
-
getUserPrincipal
public org.glassfish.security.common.PrincipalImpl getUserPrincipal()
- Returns:
- the UserPrincipal - for backward compatability
-
getGroupsList
public String[] getGroupsList()
- Returns:
- the groupList - for backward compatability
-
-