Package org.ldaptive.jaas
Class AbstractLoginModule
- java.lang.Object
-
- org.ldaptive.jaas.AbstractLoginModule
-
- All Implemented Interfaces:
javax.security.auth.spi.LoginModule
- Direct Known Subclasses:
LdapDnAuthorizationModule
,LdapLoginModule
,LdapRoleAuthorizationModule
public abstract class AbstractLoginModule extends java.lang.Object implements javax.security.auth.spi.LoginModule
Provides functionality common to ldap based JAAS login modules.- Author:
- Middleware Services
-
-
Field Summary
Fields Modifier and Type Field Description protected javax.security.auth.callback.CallbackHandler
callbackHandler
Initialized callback handler.protected boolean
clearPass
Whether credentials should be removed from the shared state map.protected boolean
commitSuccess
Whether commit was successful.protected java.util.Set<LdapCredential>
credentials
Credentials to add to the subject.protected java.util.List<LdapRole>
defaultRole
Default roles.protected org.slf4j.Logger
logger
Logger for this class.static java.lang.String
LOGIN_DN
Constant for entryDn stored in shared state.static java.lang.String
LOGIN_NAME
Constant for login name stored in shared state.static java.lang.String
LOGIN_PASSWORD
Constant for login password stored in shared state.protected boolean
loginSuccess
Whether authentication was successful.protected java.lang.String
principalGroupName
Name of group to add all principals to.protected java.util.Set<java.security.Principal>
principals
Principals to add to the subject.protected java.lang.String
roleGroupName
Name of group to add all roles to.protected java.util.Set<java.security.Principal>
roles
Roles to add to the subject.protected boolean
setLdapCredential
Whether ldap credential data should be set.protected boolean
setLdapDnPrincipal
Whether ldap dn principal data should be set.protected boolean
setLdapPrincipal
Whether ldap principal data should be set.protected java.util.Map
sharedState
Shared state from other login module.protected boolean
storePass
Whether credentials should be stored in the shared state map.protected javax.security.auth.Subject
subject
Initialized subject.protected boolean
tryFirstPass
Whether credentials from the shared state should be used if they are available.protected boolean
useFirstPass
Whether credentials from the shared state should be used.
-
Constructor Summary
Constructors Constructor Description AbstractLoginModule()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description boolean
abort()
protected void
clearState()
Removes any stateful principals, credentials, or roles stored by login.boolean
commit()
protected void
getCredentials(javax.security.auth.callback.NameCallback nameCb, javax.security.auth.callback.PasswordCallback passCb, boolean useCallback)
Attempts to retrieve credentials for the supplied name and password callbacks.void
initialize(javax.security.auth.Subject subj, javax.security.auth.callback.CallbackHandler handler, java.util.Map<java.lang.String,?> state, java.util.Map<java.lang.String,?> options)
boolean
login()
protected abstract boolean
login(javax.security.auth.callback.NameCallback nameCb, javax.security.auth.callback.PasswordCallback passCb)
Authenticates aSubject
with the supplied callbacks.boolean
logout()
protected void
storeCredentials(javax.security.auth.callback.NameCallback nameCb, javax.security.auth.callback.PasswordCallback passCb, java.lang.String loginDn)
Stores the supplied name, password, and entry dn in the stored state map.
-
-
-
Field Detail
-
LOGIN_NAME
public static final java.lang.String LOGIN_NAME
Constant for login name stored in shared state.- See Also:
- Constant Field Values
-
LOGIN_DN
public static final java.lang.String LOGIN_DN
Constant for entryDn stored in shared state.- See Also:
- Constant Field Values
-
LOGIN_PASSWORD
public static final java.lang.String LOGIN_PASSWORD
Constant for login password stored in shared state.- See Also:
- Constant Field Values
-
logger
protected final org.slf4j.Logger logger
Logger for this class.
-
defaultRole
protected final java.util.List<LdapRole> defaultRole
Default roles.
-
subject
protected javax.security.auth.Subject subject
Initialized subject.
-
callbackHandler
protected javax.security.auth.callback.CallbackHandler callbackHandler
Initialized callback handler.
-
sharedState
protected java.util.Map sharedState
Shared state from other login module.
-
useFirstPass
protected boolean useFirstPass
Whether credentials from the shared state should be used.
-
tryFirstPass
protected boolean tryFirstPass
Whether credentials from the shared state should be used if they are available.
-
storePass
protected boolean storePass
Whether credentials should be stored in the shared state map.
-
clearPass
protected boolean clearPass
Whether credentials should be removed from the shared state map.
-
setLdapPrincipal
protected boolean setLdapPrincipal
Whether ldap principal data should be set.
-
setLdapDnPrincipal
protected boolean setLdapDnPrincipal
Whether ldap dn principal data should be set.
-
setLdapCredential
protected boolean setLdapCredential
Whether ldap credential data should be set.
-
principalGroupName
protected java.lang.String principalGroupName
Name of group to add all principals to.
-
roleGroupName
protected java.lang.String roleGroupName
Name of group to add all roles to.
-
loginSuccess
protected boolean loginSuccess
Whether authentication was successful.
-
commitSuccess
protected boolean commitSuccess
Whether commit was successful.
-
principals
protected java.util.Set<java.security.Principal> principals
Principals to add to the subject.
-
credentials
protected java.util.Set<LdapCredential> credentials
Credentials to add to the subject.
-
roles
protected java.util.Set<java.security.Principal> roles
Roles to add to the subject.
-
-
Method Detail
-
initialize
public void initialize(javax.security.auth.Subject subj, javax.security.auth.callback.CallbackHandler handler, java.util.Map<java.lang.String,?> state, java.util.Map<java.lang.String,?> options)
- Specified by:
initialize
in interfacejavax.security.auth.spi.LoginModule
-
login
public boolean login() throws javax.security.auth.login.LoginException
- Specified by:
login
in interfacejavax.security.auth.spi.LoginModule
- Throws:
javax.security.auth.login.LoginException
-
login
protected abstract boolean login(javax.security.auth.callback.NameCallback nameCb, javax.security.auth.callback.PasswordCallback passCb) throws javax.security.auth.login.LoginException
Authenticates aSubject
with the supplied callbacks.- Parameters:
nameCb
- callback handler for subject's namepassCb
- callback handler for subject's password- Returns:
- true if authentication succeeded, false to ignore this module
- Throws:
javax.security.auth.login.LoginException
- if the authentication fails
-
commit
public boolean commit() throws javax.security.auth.login.LoginException
- Specified by:
commit
in interfacejavax.security.auth.spi.LoginModule
- Throws:
javax.security.auth.login.LoginException
-
abort
public boolean abort() throws javax.security.auth.login.LoginException
- Specified by:
abort
in interfacejavax.security.auth.spi.LoginModule
- Throws:
javax.security.auth.login.LoginException
-
logout
public boolean logout() throws javax.security.auth.login.LoginException
- Specified by:
logout
in interfacejavax.security.auth.spi.LoginModule
- Throws:
javax.security.auth.login.LoginException
-
clearState
protected void clearState()
Removes any stateful principals, credentials, or roles stored by login. Also removes shared state name, dn, and password if clearPass is set.
-
getCredentials
protected void getCredentials(javax.security.auth.callback.NameCallback nameCb, javax.security.auth.callback.PasswordCallback passCb, boolean useCallback) throws javax.security.auth.login.LoginException
Attempts to retrieve credentials for the supplied name and password callbacks. If useFirstPass or tryFirstPass is set, then name and password data is retrieved from shared state. Otherwise a callback handler is used to get the data. Set useCallback to force a callback handler to be used.- Parameters:
nameCb
- to set name forpassCb
- to set password foruseCallback
- whether to force a callback handler- Throws:
javax.security.auth.login.LoginException
- if the callback handler fails
-
storeCredentials
protected void storeCredentials(javax.security.auth.callback.NameCallback nameCb, javax.security.auth.callback.PasswordCallback passCb, java.lang.String loginDn)
Stores the supplied name, password, and entry dn in the stored state map. storePass must be set for this method to have any affect.- Parameters:
nameCb
- to storepassCb
- to storeloginDn
- to store
-
-