Class BasePasswordLoginModule
- All Implemented Interfaces:
LoginModule
- Direct Known Subclasses:
PasswordLoginModule
,PasswordLoginModule
Most login modules receive a username and password from the client (possibly through HTTP BASIC auth, or FORM, or other mechanism) and then make (or delegate) an authentication decision based on this data. This class provides common methods for such password-based login modules.
Subclasses need to implement the authenticateUser() method and later call commitUserAuthentication().
-
Field Summary
Modifier and TypeFieldDescriptionprotected boolean
protected Realm
protected String[]
protected static final Logger
protected Map
protected char[]
protected String
Deprecated.protected Map
protected Subject
protected boolean
protected String
protected org.glassfish.security.common.UserPrincipal
protected static final com.sun.enterprise.util.i18n.StringManager
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionfinal boolean
abort()
Abort the authentication process.protected abstract void
Perform authentication decision.boolean
commit()
Commit the authentication.final void
commitUserAuthentication
(String[] groups) This is a convenience method which can be used by subclassesfinal void
Method to extract container-provided username and passwordString[]
Deprecated.char[]
org.glassfish.security.common.UserPrincipal
final void
initialize
(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) Initialize this login module.boolean
boolean
final boolean
login()
Perform login.final boolean
logout()
Log out the subject.void
setLoginModuleForAuthentication
(LoginModule userDefinedLoginModule)
-
Field Details
-
_subject
-
_options
-
_username
-
_password
Deprecated. -
_passwd
protected char[] _passwd -
_currentRealm
-
_succeeded
protected boolean _succeeded -
_commitSucceeded
protected boolean _commitSucceeded -
_userPrincipal
protected org.glassfish.security.common.UserPrincipal _userPrincipal -
_groupsList
-
_logger
-
sm
protected static final com.sun.enterprise.util.i18n.StringManager sm
-
-
Constructor Details
-
BasePasswordLoginModule
public BasePasswordLoginModule()
-
-
Method Details
-
initialize
public final void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) Initialize this login module.- Specified by:
initialize
in interfaceLoginModule
- Parameters:
subject
- - the Subject to be authenticated.callbackHandler
- - a CallbackHandler for obtaining the subject username and password.sharedState
- - state shared with other configured LoginModules.options
- - options specified in the login Configuration for this particular LoginModule.
-
login
Perform login.The callback handler is used to obtain authentication info for the subject and a login is attempted. This PasswordLoginModule expects to find a PasswordCredential in the private credentials of the Subject. If not present the login fails. The callback handler is ignored as it is not really relevant on the server side. Finally, the authenticateUser() method is invoked.
- Specified by:
login
in interfaceLoginModule
- Throws:
LoginException
- Thrown if login failed, or on other problems.
-
commit
Commit the authentication.Commit is called after all necessary login modules have succeeded. It adds (if not present) a
UserNameAndPassword
principal and a LocalCredentials public credential to the Subject.- Specified by:
commit
in interfaceLoginModule
- Throws:
LoginException
- If commit fails.
-
abort
Abort the authentication process.- Specified by:
abort
in interfaceLoginModule
- Throws:
LoginException
-
logout
Log out the subject.- Specified by:
logout
in interfaceLoginModule
- Throws:
LoginException
-
commitUserAuthentication
This is a convenience method which can be used by subclasses
Note that this method is called after the authentication has succeeded. If authentication failed do not call this method. Global instance field succeeded is set to true by this method.
- Parameters:
groups
- String array of group memberships for user (could be empty).
-
getSubject
- Returns:
- the subject being authenticated. use case: A custom login module could overwrite commit() method, and call getSubject() to get subject being authenticated inside its commit(). Custom principal then can be added to subject. By doing this,custom principal will be stored in calling thread's security context and participate in following Appserver's authorization.
-
extractCredentials
Method to extract container-provided username and password- Throws:
LoginException
-
authenticateUser
Perform authentication decision. Method returns silently on success and returns a LoginException on failure.- Throws:
LoginException
- on authentication failure.
-
setLoginModuleForAuthentication
-
getUsername
- Returns:
- the username sent by container - is made available to the custom login module using the protected _username field. Use Case: A custom login module could use the username to validate against a realm of users
-
getPassword
Deprecated.Deprecated - password is preferred to be a char[] -
getPasswordChar
public char[] getPasswordChar()- Returns:
- the password sent by container - is made available to the custom login module using the protected _password field. Use Case: A custom login module could use the password to validate against a custom realm of usernames and passwords Password is preferred to be a char[] instead of a string
-
getCurrentRealm
- Returns:
- the currentRealm - for backward compatability
-
isSucceeded
public boolean isSucceeded()- Returns:
- the succeeded state - for backward compatability
-
isCommitSucceeded
public boolean isCommitSucceeded()- Returns:
- the commitsucceeded state - for backward compatability
-
getUserPrincipal
public org.glassfish.security.common.UserPrincipal getUserPrincipal()- Returns:
- the UserPrincipal - for backward compatability
-
getGroupsList
- Returns:
- the groupList - for backward compatability
-