Class AbstractLoginModule

  • All Implemented Interfaces:
    javax.security.auth.spi.LoginModule
    Direct Known Subclasses:
    LdapDnAuthorizationModule, LdapLoginModule, LdapRoleAuthorizationModule

    public abstract class AbstractLoginModule
    extends java.lang.Object
    implements javax.security.auth.spi.LoginModule
    Provides functionality common to ldap based JAAS login modules.
    Author:
    Middleware Services
    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected javax.security.auth.callback.CallbackHandler callbackHandler
      Initialized callback handler.
      protected boolean clearPass
      Whether credentials should be removed from the shared state map.
      protected boolean commitSuccess
      Whether commit was successful.
      protected java.util.Set<LdapCredential> credentials
      Credentials to add to the subject.
      protected java.util.List<LdapRole> defaultRole
      Default roles.
      protected org.slf4j.Logger logger
      Logger for this class.
      static java.lang.String LOGIN_DN
      Constant for entryDn stored in shared state.
      static java.lang.String LOGIN_NAME
      Constant for login name stored in shared state.
      static java.lang.String LOGIN_PASSWORD
      Constant for login password stored in shared state.
      protected boolean loginSuccess
      Whether authentication was successful.
      protected java.lang.String principalGroupName
      Name of group to add all principals to.
      protected java.util.Set<java.security.Principal> principals
      Principals to add to the subject.
      protected java.lang.String roleGroupName
      Name of group to add all roles to.
      protected java.util.Set<java.security.Principal> roles
      Roles to add to the subject.
      protected boolean setLdapCredential
      Whether ldap credential data should be set.
      protected boolean setLdapDnPrincipal
      Whether ldap dn principal data should be set.
      protected boolean setLdapPrincipal
      Whether ldap principal data should be set.
      protected java.util.Map sharedState
      Shared state from other login module.
      protected boolean storePass
      Whether credentials should be stored in the shared state map.
      protected javax.security.auth.Subject subject
      Initialized subject.
      protected boolean tryFirstPass
      Whether credentials from the shared state should be used if they are available.
      protected boolean useFirstPass
      Whether credentials from the shared state should be used.
    • Method Summary

      All Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      boolean abort()  
      protected void clearState()
      Removes any stateful principals, credentials, or roles stored by login.
      boolean commit()  
      protected void getCredentials​(javax.security.auth.callback.NameCallback nameCb, javax.security.auth.callback.PasswordCallback passCb, boolean useCallback)
      Attempts to retrieve credentials for the supplied name and password callbacks.
      void initialize​(javax.security.auth.Subject subj, javax.security.auth.callback.CallbackHandler handler, java.util.Map<java.lang.String,​?> state, java.util.Map<java.lang.String,​?> options)  
      boolean login()  
      protected abstract boolean login​(javax.security.auth.callback.NameCallback nameCb, javax.security.auth.callback.PasswordCallback passCb)
      Authenticates a Subject with the supplied callbacks.
      boolean logout()  
      protected void storeCredentials​(javax.security.auth.callback.NameCallback nameCb, javax.security.auth.callback.PasswordCallback passCb, java.lang.String loginDn)
      Stores the supplied name, password, and entry dn in the stored state map.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • LOGIN_NAME

        public static final java.lang.String LOGIN_NAME
        Constant for login name stored in shared state.
        See Also:
        Constant Field Values
      • LOGIN_DN

        public static final java.lang.String LOGIN_DN
        Constant for entryDn stored in shared state.
        See Also:
        Constant Field Values
      • LOGIN_PASSWORD

        public static final java.lang.String LOGIN_PASSWORD
        Constant for login password stored in shared state.
        See Also:
        Constant Field Values
      • logger

        protected final org.slf4j.Logger logger
        Logger for this class.
      • defaultRole

        protected final java.util.List<LdapRole> defaultRole
        Default roles.
      • subject

        protected javax.security.auth.Subject subject
        Initialized subject.
      • callbackHandler

        protected javax.security.auth.callback.CallbackHandler callbackHandler
        Initialized callback handler.
      • sharedState

        protected java.util.Map sharedState
        Shared state from other login module.
      • useFirstPass

        protected boolean useFirstPass
        Whether credentials from the shared state should be used.
      • tryFirstPass

        protected boolean tryFirstPass
        Whether credentials from the shared state should be used if they are available.
      • storePass

        protected boolean storePass
        Whether credentials should be stored in the shared state map.
      • clearPass

        protected boolean clearPass
        Whether credentials should be removed from the shared state map.
      • setLdapPrincipal

        protected boolean setLdapPrincipal
        Whether ldap principal data should be set.
      • setLdapDnPrincipal

        protected boolean setLdapDnPrincipal
        Whether ldap dn principal data should be set.
      • setLdapCredential

        protected boolean setLdapCredential
        Whether ldap credential data should be set.
      • principalGroupName

        protected java.lang.String principalGroupName
        Name of group to add all principals to.
      • roleGroupName

        protected java.lang.String roleGroupName
        Name of group to add all roles to.
      • loginSuccess

        protected boolean loginSuccess
        Whether authentication was successful.
      • commitSuccess

        protected boolean commitSuccess
        Whether commit was successful.
      • principals

        protected java.util.Set<java.security.Principal> principals
        Principals to add to the subject.
      • credentials

        protected java.util.Set<LdapCredential> credentials
        Credentials to add to the subject.
      • roles

        protected java.util.Set<java.security.Principal> roles
        Roles to add to the subject.
    • Constructor Detail

      • AbstractLoginModule

        public AbstractLoginModule()
    • Method Detail

      • initialize

        public void initialize​(javax.security.auth.Subject subj,
                               javax.security.auth.callback.CallbackHandler handler,
                               java.util.Map<java.lang.String,​?> state,
                               java.util.Map<java.lang.String,​?> options)
        Specified by:
        initialize in interface javax.security.auth.spi.LoginModule
      • login

        public boolean login()
                      throws javax.security.auth.login.LoginException
        Specified by:
        login in interface javax.security.auth.spi.LoginModule
        Throws:
        javax.security.auth.login.LoginException
      • login

        protected abstract boolean login​(javax.security.auth.callback.NameCallback nameCb,
                                         javax.security.auth.callback.PasswordCallback passCb)
                                  throws javax.security.auth.login.LoginException
        Authenticates a Subject with the supplied callbacks.
        Parameters:
        nameCb - callback handler for subject's name
        passCb - callback handler for subject's password
        Returns:
        true if authentication succeeded, false to ignore this module
        Throws:
        javax.security.auth.login.LoginException - if the authentication fails
      • commit

        public boolean commit()
                       throws javax.security.auth.login.LoginException
        Specified by:
        commit in interface javax.security.auth.spi.LoginModule
        Throws:
        javax.security.auth.login.LoginException
      • abort

        public boolean abort()
                      throws javax.security.auth.login.LoginException
        Specified by:
        abort in interface javax.security.auth.spi.LoginModule
        Throws:
        javax.security.auth.login.LoginException
      • logout

        public boolean logout()
                       throws javax.security.auth.login.LoginException
        Specified by:
        logout in interface javax.security.auth.spi.LoginModule
        Throws:
        javax.security.auth.login.LoginException
      • clearState

        protected void clearState()
        Removes any stateful principals, credentials, or roles stored by login. Also removes shared state name, dn, and password if clearPass is set.
      • getCredentials

        protected void getCredentials​(javax.security.auth.callback.NameCallback nameCb,
                                      javax.security.auth.callback.PasswordCallback passCb,
                                      boolean useCallback)
                               throws javax.security.auth.login.LoginException
        Attempts to retrieve credentials for the supplied name and password callbacks. If useFirstPass or tryFirstPass is set, then name and password data is retrieved from shared state. Otherwise a callback handler is used to get the data. Set useCallback to force a callback handler to be used.
        Parameters:
        nameCb - to set name for
        passCb - to set password for
        useCallback - whether to force a callback handler
        Throws:
        javax.security.auth.login.LoginException - if the callback handler fails
      • storeCredentials

        protected void storeCredentials​(javax.security.auth.callback.NameCallback nameCb,
                                        javax.security.auth.callback.PasswordCallback passCb,
                                        java.lang.String loginDn)
        Stores the supplied name, password, and entry dn in the stored state map. storePass must be set for this method to have any affect.
        Parameters:
        nameCb - to store
        passCb - to store
        loginDn - to store