Package com.sun.enterprise.security

Class BaseCertificateLoginModule

java.lang.Object
com.sun.enterprise.security.BaseCertificateLoginModule
All Implemented Interfaces:
LoginModule
public abstract class BaseCertificateLoginModule extends Object implements LoginModule
Abstract base class for certificate-based login modules.

Subclasses need to implement the authenticateUser() method and later call commitUserAuthentication().

  • Field Details

    • _sharedState

      protected Map<String,?> _sharedState
      State shared with other login modules.

    • _options

      protected Map<String,?> _options
      Options configured for this LoginModule.

  • Constructor Details

    • BaseCertificateLoginModule

      public BaseCertificateLoginModule()

  • Method Details

    • initialize

      public final void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
      Specified by:
      initialize in interface LoginModule

    • login

      public final boolean login() throws LoginException
      Specified by:
      login in interface LoginModule
      Throws:
      LoginException

    • commit

      public final boolean commit() throws LoginException
      Specified by:
      commit in interface LoginModule
      Throws:
      LoginException

    • abort

      public final boolean abort() throws LoginException
      Specified by:
      abort in interface LoginModule
      Throws:
      LoginException

    • logout

      public final boolean logout() throws LoginException
      Specified by:
      logout in interface LoginModule
      Throws:
      LoginException

    • commitUserAuthentication

      protected final void commitUserAuthentication(String[] groups)

      This is a convenience method which can be used by subclasses

      Note that this method is called after the authentication has succeeded. If authentication failed do not call this method. This method sets the authentication status to success if the groups parameter is non-null.

      Parameters:
      groups - String array of group memberships for user (could be empty).

    • authenticateUser

      protected abstract void authenticateUser() throws LoginException
      Perform authentication decision. Method returns silently on success and returns a LoginException on failure.

      Must be overridden to add custom functionality.

      Throws:
      LoginException - on authentication failure.

    • getAppName

      protected final String getAppName()
      Get the application name.

      This may be useful when a single LoginModule has to handle multiple applications that use certificates.

      Returns:
      the application name. Non-null only for web container.

    • getCerts

      protected X509Certificate[] getCerts()
      Get the certificate chain presented by the client.
      Returns:
      the certificate chain from the client.

    • getX500Principal

      protected X500Principal getX500Principal()
      Returns the subject (subject distinguished name) value from the first certificate, in the client certificate chain, as an X500Principal. If the subject value is empty, then the getName() method of the returned X500Principal object returns an empty string ("").
      Returns:
      an X500Principal representing the subject distinguished name from thr first certificate, in the client certificate chain;

    • getSubject

      protected Subject getSubject()
      Return the subject being authenticated.
      Returns:
      the subject being authenticated.