AppservPasswordLoginModule (GlassFish v3 )

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.sun.appserv.security
Class AppservPasswordLoginModule

java.lang.Object
  com.sun.appserv.security.AppservPasswordLoginModule

All Implemented Interfaces:: com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface, LoginModule

@Service @Scoped(value=PerLookup.class) public class AppservPasswordLoginModule
extends Object
implements com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface
extends Object
implements com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface

Abstract base class for password-based login modules.

Most login modules receive a username and password from the client (possibly through HTTP BASIC auth, or FORM, or other mechanism) and then make (or delegate) an authentication decision based on this data. This class provides common methods for such password-based login modules.

Subclasses need to implement the authenticateUser() method and later call commitUserAuthentication().

Field Summary
`protected boolean`	`_commitSucceeded`
`protected com.sun.enterprise.security.auth.realm.Realm`	`_currentRealm`
`protected String[]`	`_groupsList`
`protected Logger`	`_logger`
`protected Map`	`_options`
`protected String`	`_password`
`protected Map`	`_sharedState`
`protected Subject`	`_subject`
`protected boolean`	`_succeeded`
`protected String`	`_username`
`protected PrincipalImpl`	`_userPrincipal`
`protected static StringManager`	`sm`

Constructor Summary
`AppservPasswordLoginModule()`

Method Summary
`boolean`	`abort()` Abort the authentication process.
`protected void`	`authenticateUser()` Perform authentication decision.
`boolean`	`commit()` Commit the authentication.
`void`	`commitUserAuthentication(String[] groups)` This is a convenience method which can be used by subclasses
`void`	`extractCredentials()` Method to extract container-provided username and password
`com.sun.enterprise.security.auth.realm.Realm`	`getCurrentRealm()`
`String[]`	`getGroupsList()`
`String`	`getPassword()`
`Subject`	`getSubject()`
`String`	`getUsername()`
`PrincipalImpl`	`getUserPrincipal()`
`void`	`initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)` Initialize this login module.
`boolean`	`isCommitSucceeded()`
`boolean`	`isSucceeded()`
`boolean`	`login()` Perform login.
`boolean`	`logout()` Log out the subject.
`void`	`setLoginModuleForAuthentication(LoginModule userDefinedLoginModule)` Set the Login Module that needs to be used for the AuthenticateUser call

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

_subject

protected Subject _subject

_sharedState

protected Map _sharedState

_options

protected Map _options

_username

protected String _username

_password

protected String _password

_currentRealm

protected com.sun.enterprise.security.auth.realm.Realm _currentRealm

_succeeded

protected boolean _succeeded

_commitSucceeded

protected boolean _commitSucceeded

_userPrincipal

protected PrincipalImpl _userPrincipal

_groupsList

protected String[] _groupsList

_logger

protected Logger _logger

sm

protected static final StringManager sm

Constructor Detail

AppservPasswordLoginModule

public AppservPasswordLoginModule()

Method Detail

initialize

public final void initialize(Subject subject,
                             CallbackHandler callbackHandler,
                             Map sharedState,
                             Map options)

Initialize this login module.

Specified by:: initialize in interface LoginModule

Parameters:: subject - - the Subject to be authenticated.; callbackHandler - - a CallbackHandler for obtaining the subject username and password.; sharedState - - state shared with other configured LoginModules.; options - - options specified in the login Configuration for this particular LoginModule.

login

public final boolean login()
                    throws LoginException

Perform login.

The callback handler is used to obtain authentication info for the subject and a login is attempted. This PasswordLoginModule expects to find a PasswordCredential in the private credentials of the Subject. If not present the login fails. The callback handler is ignored as it is not really relevant on the server side. Finally, the authenticateUser() method is invoked.

Specified by:: login in interface LoginModule

Throws:: LoginException - Thrown if login failed, or on other problems.

commit

public boolean commit()
               throws LoginException

Commit the authentication.

Commit is called after all necessary login modules have succeeded. It adds (if not present) a PrincipalImpl principal and a LocalCredentials public credential to the Subject.

Specified by:: commit in interface LoginModule

Throws:: LoginException - If commit fails.

abort

public final boolean abort()
                    throws LoginException

Abort the authentication process.

Specified by:: abort in interface LoginModule

Throws:: LoginException

logout

public final boolean logout()
                     throws LoginException

Log out the subject.

Specified by:: logout in interface LoginModule

Throws:: LoginException

commitUserAuthentication

public final void commitUserAuthentication(String[] groups)

This is a convenience method which can be used by subclasses

Note that this method is called after the authentication has succeeded. If authentication failed do not call this method. Global instance field succeeded is set to true by this method.

Specified by:: commitUserAuthentication in interface com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface

Parameters:: groups - String array of group memberships for user (could be empty).

getSubject

public Subject getSubject()

Specified by:: getSubject in interface com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface

Returns:: the subject being authenticated. use case: A custom login module could overwrite commit() method, and call getSubject() to get subject being authenticated inside its commit(). Custom principal then can be added to subject. By doing this,custom principal will be stored in calling thread's security context and participate in following Appserver's authorization.

extractCredentials

public final void extractCredentials()
                              throws LoginException

Method to extract container-provided username and password

Specified by:: extractCredentials in interface com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface

Throws:: LoginException

authenticateUser

protected void authenticateUser()
                         throws LoginException

Perform authentication decision. Method returns silently on success and returns a LoginException on failure.

Throws:: LoginException - on authentication failure.

setLoginModuleForAuthentication

public void setLoginModuleForAuthentication(LoginModule userDefinedLoginModule)

Description copied from interface: com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface

Set the Login Module that needs to be used for the AuthenticateUser call

Specified by:: setLoginModuleForAuthentication in interface com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface

Parameters:: userDefinedLoginModule - the userdefined login module

getUsername

public String getUsername()

Specified by:: getUsername in interface com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface

Returns:: the username sent by container - is made available to the custom login module using the protected _username field. Use Case: A custom login module could use the username to validate against a realm of users

getPassword

public String getPassword()

Specified by:: getPassword in interface com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface

Returns:: the password sent by container - is made available to the custom login module using the protected _password field. Use Case: A custom login module could use the password to validate against a custom realm of usernames and passwords

getCurrentRealm

public com.sun.enterprise.security.auth.realm.Realm getCurrentRealm()

Specified by:: getCurrentRealm in interface com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface

Returns:: the currentRealm - for backward compatability

isSucceeded

public boolean isSucceeded()

Specified by:: isSucceeded in interface com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface

Returns:: the succeeded state - for backward compatability

isCommitSucceeded

public boolean isCommitSucceeded()

Specified by:: isCommitSucceeded in interface com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface

Returns:: the commitsucceeded state - for backward compatability

getUserPrincipal

public PrincipalImpl getUserPrincipal()

Specified by:: getUserPrincipal in interface com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface

Returns:: the UserPrincipal - for backward compatability

getGroupsList

public String[] getGroupsList()

Specified by:: getGroupsList in interface com.sun.enterprise.security.common.AppservPasswordLoginModuleInterface

Returns:: the groupList - for backward compatability