Package com.sun.enterprise.security.auth.login

Class PasswordLoginModule

java.lang.Object

com.sun.enterprise.security.BasePasswordLoginModule

com.sun.enterprise.security.auth.login.PasswordLoginModule

All Implemented Interfaces:

LoginModule

Direct Known Subclasses:

FileLoginModule, LDAPLoginModule, SolarisLoginModule

public abstract class PasswordLoginModule
extends BasePasswordLoginModule

Abstract base class for password-based login modules. This class is provided for backward compatibility and is a candidate for deprecation.

Field Summary

Fields inherited from class com.sun.enterprise.security.BasePasswordLoginModule

_commitSucceeded, _currentRealm, _groupsList, _logger, _options, _passwd, _password, _sharedState, _subject, _succeeded, _username, _userPrincipal, sm

Constructor Summary

Constructors

Constructor	Description
PasswordLoginModule()

Method Summary

Modifier and Type	Method	Description
protected abstract void	authenticate()	Perform authentication decision.
protected final void	authenticateUser()	Older implementations can implement authenticate.
final void	commitAuthentication(String username, char[] password, Realm theRealm, String[] groups)	Since the passwords are to be stored as to have char[] BT: 6946553.
final void	commitAuthentication(String username, String password, Realm theRealm, String[] groups)	Deprecated.

Methods inherited from class com.sun.enterprise.security.BasePasswordLoginModule

abort, commit, commitUserAuthentication, extractCredentials, getCurrentRealm, getGroupsList, getPassword, getPasswordChar, getSubject, getUsername, getUserPrincipal, initialize, isCommitSucceeded, isSucceeded, login, logout, setLoginModuleForAuthentication

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

PasswordLoginModule

public PasswordLoginModule()

Method Details

commitAuthentication

@Deprecated
public final void commitAuthentication(String username,
 String password,
 Realm theRealm,
 String[] groups)

Deprecated.

Maintain RI compatibility.

This is a convenience method which can be used by subclasses to complete the steps required by RI legacy authentication code. Most of this should go away if a clean JAAS/Subject based infrastructure is provided. But for now this must be done.

Note that this method is called after the authentication has succeeded. If authentication failed do not call this method.

A lot of the RI behavior is still present here. Some of the most notable points to remember:

• Global instance field succeeded is set to true by this method.

Parameters:

username - Name of authenticated user.

password - Password of this user.

theRealm - Current Realm object for this authentication.

groups - String array of group memberships for user (could be empty).

commitAuthentication

public final void commitAuthentication(String username,
 char[] password,
 Realm theRealm,
 String[] groups)

Since the passwords are to be stored as to have char[] BT: 6946553. Retaining the other method for backward compatability

Parameters:

username - Name of authenticated user.

password - Password of this user in char[].

theRealm - Current Realm object for this authentication.

groups - String array of group memberships for user (could be empty).

authenticateUser

protected final void authenticateUser()
                               throws LoginException

Older implementations can implement authenticate. While new implementation calls authenticateUser

Specified by:

authenticateUser in class BasePasswordLoginModule

Throws:

LoginException

authenticate

protected abstract void authenticate()
                              throws LoginException

Perform authentication decision. Method returns silently on success and returns a LoginException on failure. To be implmented by sub-classes

Throws:

com.sun.enterprise.security.LoginException - on authentication failure.

LoginException