Package com.sun.enterprise.security.auth.login

Class LoginContextDriver

java.lang.Object
com.sun.enterprise.security.auth.login.LoginContextDriver
public class LoginContextDriver extends Object
This class is invoked implicitly by the server to log in the user information that was sent on the wire by the client. Clients will use the doClientLogin method to simulate authentication to the server.
Author:
Harpreet Singh ([email protected]), Jyri Virkki

  • Field Details

  • Method Details

    • login

      public static void login(String username, char[] password, String realmName)
      This method is just a convenience wrapper for login(Subject, Class) method. It will construct a PasswordCredential class.
      Parameters:
      String - username
      String - password
      String - realmName the name of the realm to login into, if realmName is null, we login into the default realm

    • login

      public static void login(AssertedCredentials asrtCred) throws LoginException
      Throws:
      LoginException

    • login

      public static void login(Subject subject, Class cls) throws LoginException
      This method performs the login on the server side.

      This method is the main login method for S1AS. It is called with a Subject and the type (class) of credential which should be checked. The Subject must contain a credential of the specified type or login will fail.

      While the implementation has been cleaned up, the login process still consists of a number of special cases which are treated separately at the realm level. In the future tighter JAAS integration could clean some of this up.

      The following credential types are recognized at this time:

      • PasswordCredential - This is the general case for all login methods which rely on the client providing a name and password. It can be used with any realms/JAAS login modules which expect such data (e.g. file realm, LDAP realm, UNIX realm)
      • X509CertificateCredential - Special case for SSL client auth. Here authentication has already been done by the SSL subsystem so this login only creates a security context based on the certificate data.
      • AnonCredential - Unauthenticated session, set anonymous security context.
      • GSSUPName - Retrieve user and realm and set security context.
      • X500Principal - Retrieve user and realm and set security context.
      Parameters:
      Subject - the subject of the client
      Class - the class of the credential packaged in the subject.
      Throws:
      LoginException

    • loginPrincipal

      public static void loginPrincipal(String username, String realmName) throws LoginException
      This method is used for logging in a run As principal. It creates a JAAS subject whose credential is to type GSSUPName. This is used primarily for runas
      Throws:
      LoginException

    • logout

      public static void logout() throws LoginException
      This method logs out the user by clearing the security context.
      Throws:
      LoginException

    • jmacLogin

      public static void jmacLogin(Subject subject, Principal callerPrincipal, String realmName) throws LoginException
      Throws:
      LoginException

    • jmacLogin

      public static Subject jmacLogin(Subject subject, String username, char[] password, String realmName) throws LoginException
      Performs login for JMAC security. The difference between this method and others is that it just verifies whether the login will succeed in the given realm. It does not set the result of the authentication in the appserver runtime environment A silent return from this method means that the given user succeeding in authenticating with the given password in the given realm
      Parameters:
      subject -
      username -
      password -
      realmName - the realm to authenticate under
      Throws:
      LoginException

    • jmacLogin

      public static Subject jmacLogin(Subject subject, X500Principal x500Principal) throws LoginException
      Throws:
      LoginException

    • jmacLogin

      public static Subject jmacLogin(Subject subject, String identityAssertion, String realm) throws LoginException
      Throws:
      LoginException

    • doX500Login

      public static void doX500Login(Subject s, String appModuleID) throws LoginException
      A special case login for X500Principal credentials. This is invoked for certificate login because the containers extract the X.500 name from the X.509 certificate before calling into this class.
      Throws:
      LoginException

    • doClientLogin

      public static Subject doClientLogin(int type, CallbackHandler jaasHandler) throws LoginException
      Perform login on the client side. It just simulates the login on the client side. The method uses the callback handlers and generates correct credential information that will be later sent to the server
      Parameters:
      int - type whether it is username_password or certificate based login.
      CallbackHandler - the callback handler to gather user information.
      Throws:
      LoginException - the exception thrown by the callback handler.

    • doClientLogout

      public static void doClientLogout() throws LoginException
      Perform logout on the client side.
      Throws:
      LoginException

    • login

      public static void login(DigestCredentials digestCred) throws LoginException
      Performs Digest authentication based on RFC 2617. It
      Parameters:
      digestCred - DigestCredentials
      Throws:
      LoginException