org.jboss.security.auth.spi
Class BaseCertLoginModule

java.lang.Object
  extended by org.jboss.security.auth.spi.AbstractServerLoginModule
      extended by org.jboss.security.auth.spi.BaseCertLoginModule
All Implemented Interfaces:
LoginModule
Direct Known Subclasses:
CertRolesLoginModule, DatabaseCertLoginModule

public class BaseCertLoginModule
extends AbstractServerLoginModule

Base Login Module that uses X509Certificates as credentials for authentication. This login module uses X509Certificates as a credential. It takes the cert as an object and checks to see if the alias in the truststore/keystore contains the same certificate. Subclasses of this module should implement the getRoleSets() method defined by AbstractServerLoginModule. Much of this module was patterned after the UserNamePasswordLoginModule.

Version:
$Revision: 1.4.2.4 $
Author:
Jason Essington, Scott.Stark@jboss.org

Field Summary
 
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, log, loginOk, options, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
 
Constructor Summary
BaseCertLoginModule()
           
 
Method Summary
 boolean commit()
          Override to add the X509Certificate to the public credentials
protected  Object[] getAliasAndCert()
           
protected  Object getCredentials()
           
protected  Principal getIdentity()
          Overriden by subclasses to return the Principal that corresponds to the user primary identity.
protected  Group[] getRoleSets()
          Subclasses need to override this to provide the roles for authorization
protected  String getUsername()
           
 void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
          Override the super version to pickup the following options after first calling the super method.
 boolean login()
          Perform the authentication of the username and password.
protected  boolean validateCredential(String alias, X509Certificate cert)
           
 
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, createGroup, createIdentity, getUnauthenticatedIdentity, getUseFirstPass, logout
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BaseCertLoginModule

public BaseCertLoginModule()
Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map sharedState,
                       Map options)
Override the super version to pickup the following options after first calling the super method. option: securityDomain - the name of the SecurityDomain to obtain the trust and keystore from. option: verifier - the class name of the X509CertificateVerifier to use for verification of the login certificate

Specified by:
initialize in interface LoginModule
Overrides:
initialize in class AbstractServerLoginModule
Parameters:
subject - the Subject to update after a successful login.
callbackHandler - the CallbackHandler that will be used to obtain the the user identity and credentials.
sharedState - a Map shared between all configured login module instances
options - the parameters passed to the login module.
See Also:
SecurityDomain, X509CertificateVerifier

login

public boolean login()
              throws LoginException
Perform the authentication of the username and password.

Specified by:
login in interface LoginModule
Overrides:
login in class AbstractServerLoginModule
Throws:
LoginException

commit

public boolean commit()
               throws LoginException
Override to add the X509Certificate to the public credentials

Specified by:
commit in interface LoginModule
Overrides:
commit in class AbstractServerLoginModule
Returns:
Throws:
LoginException
See Also:
Subject;, Group;

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException
Subclasses need to override this to provide the roles for authorization

Specified by:
getRoleSets in class AbstractServerLoginModule
Returns:
Throws:
LoginException

getIdentity

protected Principal getIdentity()
Description copied from class: AbstractServerLoginModule
Overriden by subclasses to return the Principal that corresponds to the user primary identity.

Specified by:
getIdentity in class AbstractServerLoginModule

getCredentials

protected Object getCredentials()

getUsername

protected String getUsername()

getAliasAndCert

protected Object[] getAliasAndCert()
                            throws LoginException
Throws:
LoginException

validateCredential

protected boolean validateCredential(String alias,
                                     X509Certificate cert)


Copyright © 2002 JBoss Group, LLC. All Rights Reserved.