Class CallerIdentityLoginModule
- java.lang.Object
-
- org.jboss.security.auth.spi.AbstractServerLoginModule
-
- org.picketbox.datasource.security.AbstractPasswordCredentialLoginModule
-
- org.picketbox.datasource.security.CallerIdentityLoginModule
-
- All Implemented Interfaces:
LoginModule
public class CallerIdentityLoginModule extends AbstractPasswordCredentialLoginModule
A simple login module that simply associates the principal making the connection request with the actual EIS connection requirements. The type of Principal class used isorg.jboss.security.SimplePrincipal.
- Version:
- $Revision: 71545 $
- Author:
- Scott.Stark@jboss.org, David Jencks, Dan Bunker
- See Also:
ConfiguredIdentityLoginModule
-
-
Field Summary
-
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
-
-
Constructor Summary
Constructors Constructor Description CallerIdentityLoginModule()
Default Constructor
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
commit()
Method to commit the authentication process (phase 2).protected Principal
getIdentity()
Overriden by subclasses to return the Principal that corresponds to the user primary identity.protected Group[]
getRoleSets()
Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user.void
initialize(Subject subject, CallbackHandler handler, Map<String,?> sharedState, Map<String,?> options)
The initialize method sets up some default connection information for basic connections.boolean
login()
Performs the login association between the caller and the resource for a 1 to 1 mapping.-
Methods inherited from class org.picketbox.datasource.security.AbstractPasswordCredentialLoginModule
logout, removeCredentials
-
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, addValidOptions, checkOptions, createGroup, createIdentity, getCallerPrincipalGroup, getUnauthenticatedIdentity, getUseFirstPass
-
-
-
-
Method Detail
-
initialize
public void initialize(Subject subject, CallbackHandler handler, Map<String,?> sharedState, Map<String,?> options)
The initialize method sets up some default connection information for basic connections. This is useful for container initialization connection use or running the application in a non-secure manner. This method is called before the login method.- Specified by:
initialize
in interfaceLoginModule
- Overrides:
initialize
in classAbstractServerLoginModule
- Parameters:
subject
-handler
-sharedState
-options
-
-
login
public boolean login() throws LoginException
Performs the login association between the caller and the resource for a 1 to 1 mapping. This acts as a login propagation strategy and is useful for single-sign on requirements- Specified by:
login
in interfaceLoginModule
- Overrides:
login
in classAbstractServerLoginModule
- Returns:
- True if authentication succeeds
- Throws:
LoginException
-
commit
public boolean commit() throws LoginException
Description copied from class:AbstractServerLoginModule
Method to commit the authentication process (phase 2). If the login method completed successfully as indicated by loginOk == true, this method adds the getIdentity() value to the subject getPrincipals() Set. It also adds the members of each Group returned by getRoleSets() to the subject getPrincipals() Set.- Specified by:
commit
in interfaceLoginModule
- Overrides:
commit
in classAbstractServerLoginModule
- Returns:
- true always.
- Throws:
LoginException
-
getIdentity
protected Principal getIdentity()
Description copied from class:AbstractServerLoginModule
Overriden by subclasses to return the Principal that corresponds to the user primary identity.- Specified by:
getIdentity
in classAbstractServerLoginModule
-
getRoleSets
protected Group[] getRoleSets() throws LoginException
Description copied from class:AbstractServerLoginModule
Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user. Subclasses should create at least a Group named "Roles" that contains the roles assigned to the user. A second common group is "CallerPrincipal" that provides the application identity of the user rather than the security domain identity.- Specified by:
getRoleSets
in classAbstractServerLoginModule
- Returns:
- Group[] containing the sets of roles
- Throws:
LoginException
-
-