Package com.sun.enterprise.security
Class BaseCertificateLoginModule
java.lang.Object
com.sun.enterprise.security.BaseCertificateLoginModule
- All Implemented Interfaces:
LoginModule
Abstract base class for certificate-based login modules.
Subclasses need to implement the authenticateUser() method and later call commitUserAuthentication().
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionfinal boolean
abort()
protected abstract void
Perform authentication decision.final boolean
commit()
protected final void
commitUserAuthentication
(String[] groups) This is a convenience method which can be used by subclassesprotected final String
Get the application name.protected X509Certificate[]
getCerts()
Get the certificate chain presented by the client.protected Subject
Return the subject being authenticated.protected X500Principal
Returns the subject (subject distinguished name) value from the first certificate, in the client certificate chain, as anX500Principal
.final void
initialize
(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) final boolean
login()
final boolean
logout()
-
Field Details
-
_options
Options configured for this LoginModule.
-
Constructor Details
-
BaseCertificateLoginModule
public BaseCertificateLoginModule()
-
-
Method Details
-
initialize
public final void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) - Specified by:
initialize
in interfaceLoginModule
-
login
- Specified by:
login
in interfaceLoginModule
- Throws:
LoginException
-
commit
- Specified by:
commit
in interfaceLoginModule
- Throws:
LoginException
-
abort
- Specified by:
abort
in interfaceLoginModule
- Throws:
LoginException
-
logout
- Specified by:
logout
in interfaceLoginModule
- Throws:
LoginException
-
commitUserAuthentication
This is a convenience method which can be used by subclasses
Note that this method is called after the authentication has succeeded. If authentication failed do not call this method. This method sets the authentication status to success if the groups parameter is non-null.
- Parameters:
groups
- String array of group memberships for user (could be empty).
-
authenticateUser
Perform authentication decision. Method returns silently on success and returns a LoginException on failure.Must be overridden to add custom functionality.
- Throws:
LoginException
- on authentication failure.
-
getAppName
Get the application name.This may be useful when a single LoginModule has to handle multiple applications that use certificates.
- Returns:
- the application name. Non-null only for web container.
-
getCerts
Get the certificate chain presented by the client.- Returns:
- the certificate chain from the client.
-
getX500Principal
Returns the subject (subject distinguished name) value from the first certificate, in the client certificate chain, as anX500Principal
. If the subject value is empty, then thegetName()
method of the returnedX500Principal
object returns an empty string ("").- Returns:
- an
X500Principal
representing the subject distinguished name from thr first certificate, in the client certificate chain;
-
getSubject
Return the subject being authenticated.- Returns:
- the subject being authenticated.
-