Package org.jboss.security.auth.spi
Class RemoteHostTrustLoginModule
- java.lang.Object
-
- org.jboss.security.auth.spi.AbstractServerLoginModule
-
- org.jboss.security.auth.spi.UsernamePasswordLoginModule
-
- org.jboss.security.auth.spi.RemoteHostTrustLoginModule
-
- All Implemented Interfaces:
LoginModule
public class RemoteHostTrustLoginModule extends UsernamePasswordLoginModule
Trust specific hosts so that when usernames are passed in and the host that passes them in is "trusted" it returns true regardless of any password or credentials. Must be used in conjunction with the RemoteHostValve. trustedHosts - comma del list of hosts (ips) that are trusted to have already authenticated the user roles - list of roles (comma del) that the user is given as a result of this login module- Version:
- $Revision: 0 $
- Author:
- Andrew C. Oliver acoliver@gmail.com
-
-
Field Summary
-
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
-
-
Constructor Summary
Constructors Constructor Description RemoteHostTrustLoginModule()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected String
getRealHost()
protected Group[]
getRoleSets()
Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user.protected String
getUsersPassword()
bogus passwordvoid
initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
Initialize this LoginModule.protected boolean
validatePassword(String inputPassword, String expectedPassword)
A hook that allows subclasses to change the validation of the input password against the expected password.-
Methods inherited from class org.jboss.security.auth.spi.UsernamePasswordLoginModule
createPasswordHash, getCredentials, getIdentity, getUnauthenticatedIdentity, getUsername, getUsernameAndPassword, getValidateError, login, safeClose, setValidateError
-
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, addValidOptions, checkOptions, commit, createGroup, createIdentity, getCallerPrincipalGroup, getUseFirstPass, logout
-
-
-
-
Method Detail
-
initialize
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
Initialize this LoginModule.- Specified by:
initialize
in interfaceLoginModule
- Overrides:
initialize
in classUsernamePasswordLoginModule
- Parameters:
options
- - trustedHosts: a comma delimited list of trusted hosts allowed to pass principals without credentials and be "trusted" roles: automatically granted to any users authenticatedsubject
- the Subject to update after a successful login.callbackHandler
- the CallbackHandler that will be used to obtain the the user identity and credentials.sharedState
- a Map shared between all configured login module instances
-
validatePassword
protected boolean validatePassword(String inputPassword, String expectedPassword)
Description copied from class:UsernamePasswordLoginModule
A hook that allows subclasses to change the validation of the input password against the expected password. This version checks that neither inputPassword or expectedPassword are null that that inputPassword.equals(expectedPassword) is true;- Overrides:
validatePassword
in classUsernamePasswordLoginModule
- Returns:
- true if the inputPassword is valid, false otherwise.
-
getUsersPassword
protected String getUsersPassword() throws LoginException
bogus password- Specified by:
getUsersPassword
in classUsernamePasswordLoginModule
- Returns:
- the valid password String
- Throws:
LoginException
-
getRealHost
protected String getRealHost()
- Returns:
- the hostname of the client
-
getRoleSets
protected Group[] getRoleSets() throws LoginException
Description copied from class:AbstractServerLoginModule
Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user. Subclasses should create at least a Group named "Roles" that contains the roles assigned to the user. A second common group is "CallerPrincipal" that provides the application identity of the user rather than the security domain identity.- Specified by:
getRoleSets
in classAbstractServerLoginModule
- Returns:
- Group[] containing the sets of roles
- Throws:
LoginException
-
-