Class PBEIdentityLoginModule
- java.lang.Object
-
- org.jboss.security.auth.spi.AbstractServerLoginModule
-
- org.picketbox.datasource.security.AbstractPasswordCredentialLoginModule
-
- org.picketbox.datasource.security.PBEIdentityLoginModule
-
- All Implemented Interfaces:
LoginModule
public class PBEIdentityLoginModule extends AbstractPasswordCredentialLoginModule
An example of how one could encrypt the database password for a jca connection factory. The corresponding login config entry illustrates the usage:sa sa 3fp7R/7TMjyTTxhmePdJVk true PBEWithMD5AndDES testPBEIdentityLoginModule abcdefgh 19 jboss.jca:service=LocalTxCM,name=DefaultDS - Version:
- $Revision: 57189 $
- Author:
- Scott.Stark@jboss.org, Noel Rocher 29, june 2004 username & userName issue
-
-
Field Summary
-
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
-
-
Constructor Summary
Constructors Constructor Description PBEIdentityLoginModule()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
abort()
Method to abort the authentication process (phase 2).boolean
commit()
Method to commit the authentication process (phase 2).protected Principal
getIdentity()
Overriden by subclasses to return the Principal that corresponds to the user primary identity.protected Group[]
getRoleSets()
Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user.void
initialize(Subject subject, CallbackHandler handler, Map<String,?> sharedState, Map<String,?> options)
Initialize the login module.boolean
login()
Looks for javax.security.auth.login.name and javax.security.auth.login.password values in the sharedState map if the useFirstPass option was true and returns true if they exist.static void
main(String[] args)
Main entry point to encrypt a password using the hard-coded pass phrase-
Methods inherited from class org.picketbox.datasource.security.AbstractPasswordCredentialLoginModule
logout, removeCredentials
-
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
addValidOptions, checkOptions, createGroup, createIdentity, getCallerPrincipalGroup, getUnauthenticatedIdentity, getUseFirstPass
-
-
-
-
Method Detail
-
initialize
public void initialize(Subject subject, CallbackHandler handler, Map<String,?> sharedState, Map<String,?> options)
Description copied from class:AbstractServerLoginModule
Initialize the login module. This stores the subject, callbackHandler and sharedState and options for the login session. Subclasses should override if they need to process their own options. A call to super.initialize(...) must be made in the case of an override.- Specified by:
initialize
in interfaceLoginModule
- Overrides:
initialize
in classAbstractServerLoginModule
- Parameters:
subject
- the Subject to update after a successful login.handler
- the CallbackHandler that will be used to obtain the the user identity and credentials.sharedState
- a Map shared between all configured login module instancesoptions
- the parameters passed to the login module.
-
login
public boolean login() throws LoginException
Description copied from class:AbstractServerLoginModule
Looks for javax.security.auth.login.name and javax.security.auth.login.password values in the sharedState map if the useFirstPass option was true and returns true if they exist. If they do not or are null this method returns false. Note that subclasses that override the login method must set the loginOk ivar to true if the login succeeds in order for the commit phase to populate the Subject. This implementation sets loginOk to true if the login() method returns true, otherwise, it sets loginOk to false.- Specified by:
login
in interfaceLoginModule
- Overrides:
login
in classAbstractServerLoginModule
- Throws:
LoginException
-
commit
public boolean commit() throws LoginException
Description copied from class:AbstractServerLoginModule
Method to commit the authentication process (phase 2). If the login method completed successfully as indicated by loginOk == true, this method adds the getIdentity() value to the subject getPrincipals() Set. It also adds the members of each Group returned by getRoleSets() to the subject getPrincipals() Set.- Specified by:
commit
in interfaceLoginModule
- Overrides:
commit
in classAbstractServerLoginModule
- Returns:
- true always.
- Throws:
LoginException
-
abort
public boolean abort()
Description copied from class:AbstractServerLoginModule
Method to abort the authentication process (phase 2).- Specified by:
abort
in interfaceLoginModule
- Overrides:
abort
in classAbstractServerLoginModule
- Returns:
- true always
-
getIdentity
protected Principal getIdentity()
Description copied from class:AbstractServerLoginModule
Overriden by subclasses to return the Principal that corresponds to the user primary identity.- Specified by:
getIdentity
in classAbstractServerLoginModule
-
getRoleSets
protected Group[] getRoleSets() throws LoginException
Description copied from class:AbstractServerLoginModule
Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user. Subclasses should create at least a Group named "Roles" that contains the roles assigned to the user. A second common group is "CallerPrincipal" that provides the application identity of the user rather than the security domain identity.- Specified by:
getRoleSets
in classAbstractServerLoginModule
- Returns:
- Group[] containing the sets of roles
- Throws:
LoginException
-
-