Class PBEIdentityLoginModule

  • All Implemented Interfaces:
    LoginModule

    public class PBEIdentityLoginModule
    extends AbstractPasswordCredentialLoginModule
    An example of how one could encrypt the database password for a jca connection factory. The corresponding login config entry illustrates the usage: sa sa 3fp7R/7TMjyTTxhmePdJVk true PBEWithMD5AndDES testPBEIdentityLoginModule abcdefgh 19 jboss.jca:service=LocalTxCM,name=DefaultDS This uses password based encryption (PBE) with algorithm parameters dervived from pbealgo, pbepass, salt, iterationCount options: + pbealgo - the PBE algorithm to use. Defaults to PBEwithMD5andDES. + pbepass - the PBE password to use. Can use the JaasSecurityDomain {CLASS} and {EXT} syntax to obtain the password from outside of the configuration. Defaults to "jaas is the way". + salt - the PBE salt as a string. Defaults to {1, 7, 2, 9, 3, 11, 4, 13}. + iterationCount - the PBE iterationCount. Defaults to 37.
    Version:
    $Revision: 57189 $
    Author:
    Scott.Stark@jboss.org, Noel Rocher 29, june 2004 username & userName issue
    • Constructor Detail

      • PBEIdentityLoginModule

        public PBEIdentityLoginModule()
    • Method Detail

      • initialize

        public void initialize​(Subject subject,
                               CallbackHandler handler,
                               Map<String,​?> sharedState,
                               Map<String,​?> options)
        Description copied from class: AbstractServerLoginModule
        Initialize the login module. This stores the subject, callbackHandler and sharedState and options for the login session. Subclasses should override if they need to process their own options. A call to super.initialize(...) must be made in the case of an override.

        Specified by:
        initialize in interface LoginModule
        Overrides:
        initialize in class AbstractServerLoginModule
        Parameters:
        subject - the Subject to update after a successful login.
        handler - the CallbackHandler that will be used to obtain the the user identity and credentials.
        sharedState - a Map shared between all configured login module instances
        options - the parameters passed to the login module.
      • login

        public boolean login()
                      throws LoginException
        Description copied from class: AbstractServerLoginModule
        Looks for javax.security.auth.login.name and javax.security.auth.login.password values in the sharedState map if the useFirstPass option was true and returns true if they exist. If they do not or are null this method returns false. Note that subclasses that override the login method must set the loginOk ivar to true if the login succeeds in order for the commit phase to populate the Subject. This implementation sets loginOk to true if the login() method returns true, otherwise, it sets loginOk to false.
        Specified by:
        login in interface LoginModule
        Overrides:
        login in class AbstractServerLoginModule
        Throws:
        LoginException
      • commit

        public boolean commit()
                       throws LoginException
        Description copied from class: AbstractServerLoginModule
        Method to commit the authentication process (phase 2). If the login method completed successfully as indicated by loginOk == true, this method adds the getIdentity() value to the subject getPrincipals() Set. It also adds the members of each Group returned by getRoleSets() to the subject getPrincipals() Set.
        Specified by:
        commit in interface LoginModule
        Overrides:
        commit in class AbstractServerLoginModule
        Returns:
        true always.
        Throws:
        LoginException
      • getRoleSets

        protected Group[] getRoleSets()
                               throws LoginException
        Description copied from class: AbstractServerLoginModule
        Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user. Subclasses should create at least a Group named "Roles" that contains the roles assigned to the user. A second common group is "CallerPrincipal" that provides the application identity of the user rather than the security domain identity.
        Specified by:
        getRoleSets in class AbstractServerLoginModule
        Returns:
        Group[] containing the sets of roles
        Throws:
        LoginException
      • main

        public static void main​(String[] args)
                         throws Exception
        Main entry point to encrypt a password using the hard-coded pass phrase
        Parameters:
        args - - [0] = the password to encode [1] = PBE password [2] = PBE salt [3] = PBE iterationCount [4] = PBE algo
        Throws:
        Exception