Class PasswordLoginModule
java.lang.Object
com.sun.enterprise.security.BasePasswordLoginModule
com.sun.enterprise.security.auth.login.PasswordLoginModule
- All Implemented Interfaces:
LoginModule
- Direct Known Subclasses:
FileLoginModule
,LDAPLoginModule
,SolarisLoginModule
Abstract base class for password-based login modules. This class is provided for backward compatibility and is a candidate for
deprecation.
-
Field Summary
Fields inherited from class com.sun.enterprise.security.BasePasswordLoginModule
_commitSucceeded, _currentRealm, _groupsList, _logger, _options, _passwd, _password, _sharedState, _subject, _succeeded, _username, _userPrincipal, sm
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected abstract void
Perform authentication decision.protected final void
Older implementations can implement authenticate.final void
commitAuthentication
(String username, char[] password, Realm theRealm, String[] groups) Since the passwords are to be stored as to have char[] BT: 6946553.final void
commitAuthentication
(String username, String password, Realm theRealm, String[] groups) Deprecated.Methods inherited from class com.sun.enterprise.security.BasePasswordLoginModule
abort, commit, commitUserAuthentication, extractCredentials, getCurrentRealm, getGroupsList, getPassword, getPasswordChar, getSubject, getUsername, getUserPrincipal, initialize, isCommitSucceeded, isSucceeded, login, logout, setLoginModuleForAuthentication
-
Constructor Details
-
PasswordLoginModule
public PasswordLoginModule()
-
-
Method Details
-
commitAuthentication
@Deprecated public final void commitAuthentication(String username, String password, Realm theRealm, String[] groups) Deprecated.Maintain RI compatibility.This is a convenience method which can be used by subclasses to complete the steps required by RI legacy authentication code. Most of this should go away if a clean JAAS/Subject based infrastructure is provided. But for now this must be done.
Note that this method is called after the authentication has succeeded. If authentication failed do not call this method.
A lot of the RI behavior is still present here. Some of the most notable points to remember:
- Global instance field succeeded is set to true by this method.
- Parameters:
username
- Name of authenticated user.password
- Password of this user.theRealm
- Current Realm object for this authentication.groups
- String array of group memberships for user (could be empty).
-
commitAuthentication
public final void commitAuthentication(String username, char[] password, Realm theRealm, String[] groups) Since the passwords are to be stored as to have char[] BT: 6946553. Retaining the other method for backward compatability- Parameters:
username
- Name of authenticated user.password
- Password of this user in char[].theRealm
- Current Realm object for this authentication.groups
- String array of group memberships for user (could be empty).
-
authenticateUser
Older implementations can implement authenticate. While new implementation calls authenticateUser- Specified by:
authenticateUser
in classBasePasswordLoginModule
- Throws:
LoginException
-
authenticate
Perform authentication decision. Method returns silently on success and returns a LoginException on failure. To be implmented by sub-classes- Throws:
com.sun.enterprise.security.LoginException
- on authentication failure.LoginException
-