Package org.jboss.security.auth.spi
Class UsersRolesLoginModule
- java.lang.Object
-
- org.jboss.security.auth.spi.AbstractServerLoginModule
-
- org.jboss.security.auth.spi.UsernamePasswordLoginModule
-
- org.jboss.security.auth.spi.UsersRolesLoginModule
-
- All Implemented Interfaces:
LoginModule
- Direct Known Subclasses:
MemoryUsersRolesLoginModule
,PropertiesUsersLoginModule
public class UsersRolesLoginModule extends UsernamePasswordLoginModule
A simple Properties map based login module that consults two Java Properties formatted text files for username to password("users.properties") and username to roles("roles.properties") mapping. The names of the properties files may be overriden by the usersProperties and rolesProperties options. The properties files are loaded during initialization using the thread context class loader. This means that these files can be placed into the J2EE deployment jar or the JBoss config directory. The users.properties file uses a format: username1=password1 username2=password2 ... to define all valid usernames and their corresponding passwords. The roles.properties file uses a format: username1=role1,role2,... username1.RoleGroup1=role3,role4,... username2=role1,role3,... to define the sets of roles for valid usernames. The "username.XXX" form of property name is used to assign the username roles to a particular named group of roles where the XXX portion of the property name is the group name. The "username=..." form is an abbreviation for "username.Roles=...". The following are therefore equivalent: jduke=TheDuke,AnimatedCharacter jduke.Roles=TheDuke,AnimatedCharacter- Version:
- $Revision$
- Author:
- Edward Kenworthy, Scott.Stark@jboss.org
-
-
Field Summary
-
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
-
-
Constructor Summary
Constructors Constructor Description UsersRolesLoginModule()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected Properties
createRoles(Map<String,?> options)
A hook to allow subclasses to create the roles Properties map.protected Properties
createUsers(Map<String,?> options)
A hook to allow subclasses to create the users Properties map.protected Group[]
getRoleSets()
Create the set of roles the user belongs to by parsing the roles.properties data for username=role1,role2,...protected String
getUsersPassword()
Get the expected password for the current username available via the getUsername() method.void
initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
Initialize this LoginModule.protected void
loadRoles()
Loads the roles Properties from the defaultRolesRsrcName and rolesRsrcName resource settings.protected void
loadUsers()
Loads the users Properties from the defaultUsersRsrcName and usersRsrcName resource settings.boolean
login()
Method to authenticate a Subject (phase 1).protected void
parseGroupMembers(Group group, String roles)
Parse the comma delimited roles names given by value and add them to group.-
Methods inherited from class org.jboss.security.auth.spi.UsernamePasswordLoginModule
createPasswordHash, getCredentials, getIdentity, getUnauthenticatedIdentity, getUsername, getUsernameAndPassword, getValidateError, safeClose, setValidateError, validatePassword
-
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, addValidOptions, checkOptions, commit, createGroup, createIdentity, getCallerPrincipalGroup, getUseFirstPass, logout
-
-
-
-
Method Detail
-
initialize
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
Initialize this LoginModule.- Specified by:
initialize
in interfaceLoginModule
- Overrides:
initialize
in classUsernamePasswordLoginModule
- Parameters:
options
- - the login module option map. Supported options include: usersProperties: The name of the properties resource containing user/passwords. The default is "users.properties" rolesProperties: The name of the properties resource containing user/roles The default is "roles.properties". roleGroupSeperator: The character used to seperate the role group name from the username e.g., '.' in jduke.CallerPrincipal=... . The default = '.'. defaultUsersProperties=string: The name of the properties resource containing the username to password mappings that will be used as the defaults Properties passed to the usersProperties Properties. This defaults to defaultUsers.properties. defaultRolesProperties=string: The name of the properties resource containing the username to roles mappings that will be used as the defaults Properties passed to the usersProperties Properties. This defaults to defaultRoles.properties.subject
- the Subject to update after a successful login.callbackHandler
- the CallbackHandler that will be used to obtain the the user identity and credentials.sharedState
- a Map shared between all configured login module instances
-
login
public boolean login() throws LoginException
Method to authenticate a Subject (phase 1). This validates that the users and roles properties files were loaded and then calls super.login to perform the validation of the password.- Specified by:
login
in interfaceLoginModule
- Overrides:
login
in classUsernamePasswordLoginModule
- Throws:
LoginException
- thrown if the users or roles properties files were not found or the super.login method fails.
-
getRoleSets
protected Group[] getRoleSets() throws LoginException
Create the set of roles the user belongs to by parsing the roles.properties data for username=role1,role2,... and username.XXX=role1,role2,... patterns.- Specified by:
getRoleSets
in classAbstractServerLoginModule
- Returns:
- Group[] containing the sets of roles
- Throws:
LoginException
-
getUsersPassword
protected String getUsersPassword()
Description copied from class:UsernamePasswordLoginModule
Get the expected password for the current username available via the getUsername() method. This is called from within the login() method after the CallbackHandler has returned the username and candidate password.- Specified by:
getUsersPassword
in classUsernamePasswordLoginModule
- Returns:
- the valid password String
-
loadUsers
protected void loadUsers() throws IOException
Loads the users Properties from the defaultUsersRsrcName and usersRsrcName resource settings.- Throws:
IOException
- - thrown on failure to load the properties file.
-
createUsers
protected Properties createUsers(Map<String,?> options) throws IOException
A hook to allow subclasses to create the users Properties map. This implementation simply calls loadUsers() and returns the users ivar. Subclasses can override to obtain the users Properties map in a different way.- Parameters:
options
- - the login module options passed to initialize- Returns:
- Properties map used for the username/password mapping.
- Throws:
IOException
- - thrown on failure to load the properties
-
loadRoles
protected void loadRoles() throws IOException
Loads the roles Properties from the defaultRolesRsrcName and rolesRsrcName resource settings.- Throws:
IOException
- - thrown on failure to load the properties file.
-
createRoles
protected Properties createRoles(Map<String,?> options) throws IOException
A hook to allow subclasses to create the roles Properties map. This implementation simply calls loadRoles() and returns the roles ivar. Subclasses can override to obtain the roles Properties map in a different way.- Parameters:
options
- - the login module options passed to initialize- Returns:
- Properties map used for the username/roles mapping.
- Throws:
IOException
- - thrown on failure to load the properties
-
parseGroupMembers
protected void parseGroupMembers(Group group, String roles)
Parse the comma delimited roles names given by value and add them to group. The type of Principal created for each name is determined by the createIdentity method.- Parameters:
group
- - the Group to add the roles to.roles
- - the comma delimited role names.- See Also:
AbstractServerLoginModule.createIdentity(String)
-
-