Package com.sun.enterprise.security
Class BasePasswordLoginModule
java.lang.Object
com.sun.enterprise.security.BasePasswordLoginModule
- All Implemented Interfaces:
LoginModule
- Direct Known Subclasses:
PasswordLoginModule,PasswordLoginModule
Abstract base class for password-based login modules.
Most login modules receive a username and password from the client (possibly through HTTP BASIC auth, or FORM, or other mechanism) and then make (or delegate) an authentication decision based on this data. This class provides common methods for such password-based login modules.
Subclasses need to implement the authenticateUser() method and later call commitUserAuthentication().
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected booleanprotected Realmprotected String[]protected static final Loggerprotected Mapprotected char[]protected StringDeprecated.protected Mapprotected Subjectprotected booleanprotected Stringprotected org.glassfish.security.common.UserPrincipalprotected static final com.sun.enterprise.util.i18n.StringManager -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionfinal booleanabort()Abort the authentication process.protected abstract voidPerform authentication decision.booleancommit()Commit the authentication.final voidcommitUserAuthentication(String[] groups) This is a convenience method which can be used by subclassesfinal voidMethod to extract container-provided username and passwordString[]Deprecated.char[]org.glassfish.security.common.UserPrincipalfinal voidinitialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) Initialize this login module.booleanbooleanfinal booleanlogin()Perform login.final booleanlogout()Log out the subject.voidsetLoginModuleForAuthentication(LoginModule userDefinedLoginModule)
-
Field Details
-
_subject
-
_options
-
_username
-
_password
Deprecated. -
_passwd
protected char[] _passwd -
_currentRealm
-
_succeeded
protected boolean _succeeded -
_commitSucceeded
protected boolean _commitSucceeded -
_userPrincipal
protected org.glassfish.security.common.UserPrincipal _userPrincipal -
_groupsList
-
_logger
-
sm
protected static final com.sun.enterprise.util.i18n.StringManager sm
-
-
Constructor Details
-
BasePasswordLoginModule
public BasePasswordLoginModule()
-
-
Method Details
-
initialize
public final void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) Initialize this login module.- Specified by:
initializein interfaceLoginModule- Parameters:
subject- - the Subject to be authenticated.callbackHandler- - a CallbackHandler for obtaining the subject username and password.sharedState- - state shared with other configured LoginModules.options- - options specified in the login Configuration for this particular LoginModule.
-
login
Perform login.The callback handler is used to obtain authentication info for the subject and a login is attempted. This PasswordLoginModule expects to find a PasswordCredential in the private credentials of the Subject. If not present the login fails. The callback handler is ignored as it is not really relevant on the server side. Finally, the authenticateUser() method is invoked.
- Specified by:
loginin interfaceLoginModule- Throws:
LoginException- Thrown if login failed, or on other problems.
-
commit
Commit the authentication.Commit is called after all necessary login modules have succeeded. It adds (if not present) a
UserNameAndPasswordprincipal and a LocalCredentials public credential to the Subject.- Specified by:
commitin interfaceLoginModule- Throws:
LoginException- If commit fails.
-
abort
Abort the authentication process.- Specified by:
abortin interfaceLoginModule- Throws:
LoginException
-
logout
Log out the subject.- Specified by:
logoutin interfaceLoginModule- Throws:
LoginException
-
commitUserAuthentication
This is a convenience method which can be used by subclasses
Note that this method is called after the authentication has succeeded. If authentication failed do not call this method. Global instance field succeeded is set to true by this method.
- Parameters:
groups- String array of group memberships for user (could be empty).
-
getSubject
- Returns:
- the subject being authenticated. use case: A custom login module could overwrite commit() method, and call getSubject() to get subject being authenticated inside its commit(). Custom principal then can be added to subject. By doing this,custom principal will be stored in calling thread's security context and participate in following Appserver's authorization.
-
extractCredentials
Method to extract container-provided username and password- Throws:
LoginException
-
authenticateUser
Perform authentication decision. Method returns silently on success and returns a LoginException on failure.- Throws:
LoginException- on authentication failure.
-
setLoginModuleForAuthentication
-
getUsername
- Returns:
- the username sent by container - is made available to the custom login module using the protected _username field. Use Case: A custom login module could use the username to validate against a realm of users
-
getPassword
Deprecated.Deprecated - password is preferred to be a char[] -
getPasswordChar
public char[] getPasswordChar()- Returns:
- the password sent by container - is made available to the custom login module using the protected _password field. Use Case: A custom login module could use the password to validate against a custom realm of usernames and passwords Password is preferred to be a char[] instead of a string
-
getCurrentRealm
- Returns:
- the currentRealm - for backward compatability
-
isSucceeded
public boolean isSucceeded()- Returns:
- the succeeded state - for backward compatability
-
isCommitSucceeded
public boolean isCommitSucceeded()- Returns:
- the commitsucceeded state - for backward compatability
-
getUserPrincipal
public org.glassfish.security.common.UserPrincipal getUserPrincipal()- Returns:
- the UserPrincipal - for backward compatability
-
getGroupsList
- Returns:
- the groupList - for backward compatability
-