Package com.sun.enterprise.security.auth.login

Class LoginContextDriver

  • public class LoginContextDriver
extends Object
    This class is invoked implicitly by the server to log in the user information that was sent on the wire by the client. Clients will use the doClientLogin method to simulate authentication to the server.
    Author:
    Harpreet Singh ([email protected]), Jyri Virkki

    • Method Detail

      • login

        public static void login​(String username,
                         char[] password,
                         String realmName)
        This method is just a convenience wrapper for login(Subject, Class) method. It will construct a PasswordCredential class.
        Parameters:
        String - username
        String - password
        String - realmName the name of the realm to login into, if realmName is null, we login into the default realm

      • login

        public static void login​(Subject subject,
                         Class cls)
                  throws LoginException
        This method performs the login on the server side.

        This method is the main login method for S1AS. It is called with a Subject and the type (class) of credential which should be checked. The Subject must contain a credential of the specified type or login will fail.

        While the implementation has been cleaned up, the login process still consists of a number of special cases which are treated separately at the realm level. In the future tighter JAAS integration could clean some of this up.

        The following credential types are recognized at this time:

        • PasswordCredential - This is the general case for all login methods which rely on the client providing a name and password. It can be used with any realms/JAAS login modules which expect such data (e.g. file realm, LDAP realm, UNIX realm)
        • X509CertificateCredential - Special case for SSL client auth. Here authentication has already been done by the SSL subsystem so this login only creates a security context based on the certificate data.
        • AnonCredential - Unauthenticated session, set anonymous security context.
        • GSSUPName - Retrieve user and realm and set security context.
        • X500Principal - Retrieve user and realm and set security context.
        Parameters:
        Subject - the subject of the client
        Class - the class of the credential packaged in the subject.
        Throws:
        LoginException

      • loginPrincipal

        public static void loginPrincipal​(String username,
                                  String realmName)
                           throws LoginException
        This method is used for logging in a run As principal. It creates a JAAS subject whose credential is to type GSSUPName. This is used primarily for runas
        Throws:
        LoginException

      • logout

        public static void logout()
                   throws LoginException
        This method logs out the user by clearing the security context.
        Throws:
        LoginException

      • jmacLogin

        public static Subject jmacLogin​(Subject subject,
                                String username,
                                char[] password,
                                String realmName)
                         throws LoginException
        Performs login for JMAC security. The difference between this method and others is that it just verifies whether the login will succeed in the given realm. It does not set the result of the authentication in the appserver runtime environment A silent return from this method means that the given user succeeding in authenticating with the given password in the given realm
        Parameters:
        subject -
        username -
        password -
        realmName - the realm to authenticate under
        Throws:
        LoginException

      • doX500Login

        public static void doX500Login​(Subject s,
                               String appModuleID)
                        throws LoginException
        A special case login for X500Principal credentials. This is invoked for certificate login because the containers extract the X.500 name from the X.509 certificate before calling into this class.
        Throws:
        LoginException

      • doClientLogin

        public static Subject doClientLogin​(int type,
                                    CallbackHandler jaasHandler)
                             throws LoginException
        Perform login on the client side. It just simulates the login on the client side. The method uses the callback handlers and generates correct credential information that will be later sent to the server
        Parameters:
        int - type whether it is username_password or certificate based login.
        CallbackHandler - the callback handler to gather user information.
        Throws:
        LoginException - the exception thrown by the callback handler.