Package org.jboss.security.auth.spi
Class BaseCertLoginModule
- java.lang.Object
-
- org.jboss.security.auth.spi.AbstractServerLoginModule
-
- org.jboss.security.auth.spi.BaseCertLoginModule
-
- All Implemented Interfaces:
LoginModule
- Direct Known Subclasses:
CertRolesLoginModule
,DatabaseCertLoginModule
public class BaseCertLoginModule extends AbstractServerLoginModule
Base Login Module that uses X509Certificates as credentials for authentication. This login module uses X509Certificates as a credential. It takes the cert as an object and checks to see if the alias in the truststore/keystore contains the same certificate. Subclasses of this module should implement the getRoleSets() method defined by AbstractServerLoginModule. Much of this module was patterned after the UserNamePasswordLoginModule.- Version:
- $Revision$
- Author:
- Jason Essington, Scott.Stark@jboss.org
-
-
Field Summary
-
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
-
-
Constructor Summary
Constructors Constructor Description BaseCertLoginModule()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
commit()
Override to add the X509Certificate to the public credentialsprotected Object[]
getAliasAndCert()
protected Object
getCredentials()
protected Principal
getIdentity()
Overriden by subclasses to return the Principal that corresponds to the user primary identity.protected Group[]
getRoleSets()
Subclasses need to override this to provide the roles for authorizationprotected String
getUsername()
void
initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
Override the super version to pickup the following options after first calling the super method.boolean
login()
Perform the authentication of the username and password.protected boolean
validateCredential(String alias, X509Certificate cert)
-
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, addValidOptions, checkOptions, createGroup, createIdentity, getCallerPrincipalGroup, getUnauthenticatedIdentity, getUseFirstPass, logout
-
-
-
-
Method Detail
-
initialize
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
Override the super version to pickup the following options after first calling the super method. option: securityDomain - the name of the SecurityDomain to obtain the trust and keystore from. option: verifier - the class name of the X509CertificateVerifier to use for verification of the login certificate- Specified by:
initialize
in interfaceLoginModule
- Overrides:
initialize
in classAbstractServerLoginModule
- Parameters:
subject
- the Subject to update after a successful login.callbackHandler
- the CallbackHandler that will be used to obtain the the user identity and credentials.sharedState
- a Map shared between all configured login module instancesoptions
- the parameters passed to the login module.- See Also:
SecurityDomain
,X509CertificateVerifier
-
login
public boolean login() throws LoginException
Perform the authentication of the username and password.- Specified by:
login
in interfaceLoginModule
- Overrides:
login
in classAbstractServerLoginModule
- Throws:
LoginException
-
commit
public boolean commit() throws LoginException
Override to add the X509Certificate to the public credentials- Specified by:
commit
in interfaceLoginModule
- Overrides:
commit
in classAbstractServerLoginModule
- Returns:
- Throws:
LoginException
-
getRoleSets
protected Group[] getRoleSets() throws LoginException
Subclasses need to override this to provide the roles for authorization- Specified by:
getRoleSets
in classAbstractServerLoginModule
- Returns:
- Throws:
LoginException
-
getIdentity
protected Principal getIdentity()
Description copied from class:AbstractServerLoginModule
Overriden by subclasses to return the Principal that corresponds to the user primary identity.- Specified by:
getIdentity
in classAbstractServerLoginModule
-
getCredentials
protected Object getCredentials()
-
getUsername
protected String getUsername()
-
getAliasAndCert
protected Object[] getAliasAndCert() throws LoginException
- Throws:
LoginException
-
validateCredential
protected boolean validateCredential(String alias, X509Certificate cert)
-
-