Package com.sun.enterprise.security.auth.login

Class ClientCertificateLoginModule

java.lang.Object
com.sun.enterprise.security.auth.login.ClientCertificateLoginModule
All Implemented Interfaces:
LoginModule
public class ClientCertificateLoginModule extends Object implements LoginModule

This LoginModule authenticates users with X509 certificates.

If testUser successfully authenticates itself, a UserPrincipal with the user's username is added to the Subject.

This LoginModule recognizes the debug option. If set to true in the login Configuration, debug messages will be output to the output stream, System.out.

Author:
Harpreet Singh ([email protected])

  • Constructor Details

    • ClientCertificateLoginModule

      public ClientCertificateLoginModule()

  • Method Details

    • setKeyStore

      public static void setKeyStore(KeyStore keyStore)

    • initialize

      public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
      Initialize this LoginModule.
      Specified by:
      initialize in interface LoginModule
      Parameters:
      subject - the Subject to be authenticated.
      callbackHandler - a CallbackHandler for communicating with the end user (prompting for usernames and passwords, for example).
      sharedState - shared LoginModule state.
      options - options specified in the login Configuration for this particular LoginModule.

    • login

      public boolean login() throws LoginException
      Authenticate the user by prompting for a username and password.
      Specified by:
      login in interface LoginModule
      Returns:
      true in all cases since this LoginModule should not be ignored.
      Throws:
      LoginException - if this LoginModule is unable to perform the authentication.

    • commit

      public boolean commit() throws LoginException

      This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).

      If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login method), then this method associates a UserPrincipal with the Subject located in the LoginModule. If this LoginModule's own authentication attempted failed, then this method removes any state that was originally saved.

      Specified by:
      commit in interface LoginModule
      Returns:
      true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
      Throws:
      LoginException - if the commit fails.

    • abort

      public boolean abort() throws LoginException

      This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).

      If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login and commit methods), then this method cleans up any state that was originally saved.

      Specified by:
      abort in interface LoginModule
      Returns:
      false if this LoginModule's own login and/or commit attempts failed, and true otherwise.
      Throws:
      LoginException - if the abort fails.

    • logout

      public boolean logout() throws LoginException
      Logout the user.

      This method removes the UserPrincipal that was added by the commit method.

      Specified by:
      logout in interface LoginModule
      Returns:
      true in all cases since this LoginModule should not be ignored.
      Throws:
      LoginException - if the logout fails.