org.jboss.security.auth.spi
Class IdentityLoginModule

java.lang.Object
  extended by org.jboss.security.auth.spi.AbstractServerLoginModule
      extended by org.jboss.security.auth.spi.IdentityLoginModule
All Implemented Interfaces:
LoginModule

public class IdentityLoginModule
extends AbstractServerLoginModule

A simple login module that simply associates the principal specified in the module options with any subject authenticated against the module. The type of Principal class used is org.jboss.security.SimplePrincipal.

If no principal option is specified a principal with the name of 'guest' is used.

Version:
$Revision: 1.7.6.1 $
Author:
Scott.Stark@jboss.org
See Also:
SimpleGroup, SimplePrincipal

Field Summary
 
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, log, loginOk, options, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
 
Constructor Summary
IdentityLoginModule()
           
 
Method Summary
protected  Principal getIdentity()
          Overriden by subclasses to return the Principal that corresponds to the user primary identity.
protected  Group[] getRoleSets()
          Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user.
 void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
          Initialize the login module.
 boolean login()
          Looks for javax.security.auth.login.name and javax.security.auth.login.password values in the sharedState map if the useFirstPass option was true and returns true if they exist.
 
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, commit, createGroup, createIdentity, getUnauthenticatedIdentity, getUseFirstPass, logout
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

IdentityLoginModule

public IdentityLoginModule()
Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler handler,
                       Map sharedState,
                       Map options)
Description copied from class: AbstractServerLoginModule
Initialize the login module. This stores the subject, callbackHandler and sharedState and options for the login session. Subclasses should override if they need to process their own options. A call to super.initialize(...) must be made in the case of an override.

option: password-stacking: If this is set to "useFirstPass", the login identity will be taken from the javax.security.auth.login.name value of the sharedState map, and the proof of identity from the javax.security.auth.login.password value of the sharedState map. option: principalClass: A Principal implementation that support a ctor taking a String argument for the princpal name. option: unauthenticatedIdentity: the name of the principal to asssign and authenticate when a null username and password are seen.

Specified by:
initialize in interface LoginModule
Overrides:
initialize in class AbstractServerLoginModule
Parameters:
subject - the Subject to update after a successful login.
handler - the CallbackHandler that will be used to obtain the the user identity and credentials.
sharedState - a Map shared between all configured login module instances
options - the parameters passed to the login module.

login

public boolean login()
              throws LoginException
Description copied from class: AbstractServerLoginModule
Looks for javax.security.auth.login.name and javax.security.auth.login.password values in the sharedState map if the useFirstPass option was true and returns true if they exist. If they do not or are null this method returns false. Note that subclasses that override the login method must set the loginOk ivar to true if the login succeeds in order for the commit phase to populate the Subject. This implementation sets loginOk to true if the login() method returns true, otherwise, it sets loginOk to false.

Specified by:
login in interface LoginModule
Overrides:
login in class AbstractServerLoginModule
Throws:
LoginException

getIdentity

protected Principal getIdentity()
Description copied from class: AbstractServerLoginModule
Overriden by subclasses to return the Principal that corresponds to the user primary identity.

Specified by:
getIdentity in class AbstractServerLoginModule

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException
Description copied from class: AbstractServerLoginModule
Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user. Subclasses should create at least a Group named "Roles" that contains the roles assigned to the user. A second common group is "CallerPrincipal" that provides the application identity of the user rather than the security domain identity.

Specified by:
getRoleSets in class AbstractServerLoginModule
Returns:
Group[] containing the sets of roles
Throws:
LoginException


Copyright © 2002 JBoss Group, LLC. All Rights Reserved.