org.ldaptive.jaas

Class AbstractLoginModule

java.lang.Object

org.ldaptive.jaas.AbstractLoginModule

All Implemented Interfaces:

javax.security.auth.spi.LoginModule

Direct Known Subclasses:

LdapDnAuthorizationModule, LdapLoginModule, LdapRoleAuthorizationModule

public abstract class AbstractLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule

Provides functionality common to ldap based JAAS login modules.

Field Summary

Fields

Modifier and Type	Field and Description
protected javax.security.auth.callback.CallbackHandler	callbackHandler Initialized callback handler.
protected boolean	clearPass Whether credentials should be removed from the shared state map.
protected boolean	commitSuccess Whether commit was successful.
protected java.util.Set<LdapCredential>	credentials Credentials to add to the subject.
protected java.util.List<LdapRole>	defaultRole Default roles.
protected org.slf4j.Logger	logger Logger for this class.
static java.lang.String	LOGIN_DN Constant for entryDn stored in shared state.
static java.lang.String	LOGIN_NAME Constant for login name stored in shared state.
static java.lang.String	LOGIN_PASSWORD Constant for login password stored in shared state.
protected boolean	loginSuccess Whether authentication was successful.
protected java.lang.String	principalGroupName Name of group to add all principals to.
protected java.util.Set<java.security.Principal>	principals Principals to add to the subject.
protected java.lang.String	roleGroupName Name of group to add all roles to.
protected java.util.Set<java.security.Principal>	roles Roles to add to the subject.
protected boolean	setLdapCredential Whether ldap credential data should be set.
protected boolean	setLdapDnPrincipal Whether ldap dn principal data should be set.
protected boolean	setLdapPrincipal Whether ldap principal data should be set.
protected java.util.Map	sharedState Shared state from other login module.
protected boolean	storePass Whether credentials should be stored in the shared state map.
protected javax.security.auth.Subject	subject Initialized subject.
protected boolean	tryFirstPass Whether credentials from the shared state should be used if they are available.
protected boolean	useFirstPass Whether credentials from the shared state should be used.

Constructor Summary

Constructors

Constructor and Description
AbstractLoginModule()

Method Summary

Modifier and Type	Method and Description
boolean	abort()
protected void	clearState() Removes any stateful principals, credentials, or roles stored by login.
boolean	commit()
protected void	getCredentials(javax.security.auth.callback.NameCallback nameCb, javax.security.auth.callback.PasswordCallback passCb, boolean useCallback) Attempts to retrieve credentials for the supplied name and password callbacks.
void	initialize(javax.security.auth.Subject subj, javax.security.auth.callback.CallbackHandler handler, java.util.Map<java.lang.String,?> state, java.util.Map<java.lang.String,?> options)
boolean	login()
protected abstract boolean	login(javax.security.auth.callback.NameCallback nameCb, javax.security.auth.callback.PasswordCallback passCb) Authenticates a Subject with the supplied callbacks.
boolean	logout()
protected void	storeCredentials(javax.security.auth.callback.NameCallback nameCb, javax.security.auth.callback.PasswordCallback passCb, java.lang.String loginDn) Stores the supplied name, password, and entry dn in the stored state map.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOGIN_NAME

public static final java.lang.String LOGIN_NAME

Constant for login name stored in shared state.

See Also:

Constant Field Values

LOGIN_DN

public static final java.lang.String LOGIN_DN

Constant for entryDn stored in shared state.

See Also:

Constant Field Values

LOGIN_PASSWORD

public static final java.lang.String LOGIN_PASSWORD

Constant for login password stored in shared state.

See Also:

Constant Field Values

logger

protected final org.slf4j.Logger logger

Logger for this class.

defaultRole

protected final java.util.List<LdapRole> defaultRole

Default roles.

subject

protected javax.security.auth.Subject subject

Initialized subject.

callbackHandler

protected javax.security.auth.callback.CallbackHandler callbackHandler

Initialized callback handler.

sharedState

protected java.util.Map sharedState

Shared state from other login module.

useFirstPass

protected boolean useFirstPass

Whether credentials from the shared state should be used.

tryFirstPass

protected boolean tryFirstPass

Whether credentials from the shared state should be used if they are available.

storePass

protected boolean storePass

Whether credentials should be stored in the shared state map.

clearPass

protected boolean clearPass

Whether credentials should be removed from the shared state map.

setLdapPrincipal

protected boolean setLdapPrincipal

Whether ldap principal data should be set.

setLdapDnPrincipal

protected boolean setLdapDnPrincipal

Whether ldap dn principal data should be set.

setLdapCredential

protected boolean setLdapCredential

Whether ldap credential data should be set.

principalGroupName

protected java.lang.String principalGroupName

Name of group to add all principals to.

roleGroupName

protected java.lang.String roleGroupName

Name of group to add all roles to.

loginSuccess

protected boolean loginSuccess

Whether authentication was successful.

commitSuccess

protected boolean commitSuccess

Whether commit was successful.

principals

protected java.util.Set<java.security.Principal> principals

Principals to add to the subject.

credentials

protected java.util.Set<LdapCredential> credentials

Credentials to add to the subject.

roles

protected java.util.Set<java.security.Principal> roles

Roles to add to the subject.

Constructor Detail

AbstractLoginModule

public AbstractLoginModule()

Method Detail

initialize

public void initialize(javax.security.auth.Subject subj,
                       javax.security.auth.callback.CallbackHandler handler,
                       java.util.Map<java.lang.String,?> state,
                       java.util.Map<java.lang.String,?> options)

Specified by:

initialize in interface javax.security.auth.spi.LoginModule

login

public boolean login()
              throws javax.security.auth.login.LoginException

Specified by:

login in interface javax.security.auth.spi.LoginModule

Throws:

javax.security.auth.login.LoginException

login

protected abstract boolean login(javax.security.auth.callback.NameCallback nameCb,
                                 javax.security.auth.callback.PasswordCallback passCb)
                          throws javax.security.auth.login.LoginException

Authenticates a Subject with the supplied callbacks.

Parameters:

nameCb - callback handler for subject's name

passCb - callback handler for subject's password

Returns:

true if authentication succeeded, false to ignore this module

Throws:

javax.security.auth.login.LoginException - if the authentication fails

commit

public boolean commit()
               throws javax.security.auth.login.LoginException

Specified by:

commit in interface javax.security.auth.spi.LoginModule

Throws:

javax.security.auth.login.LoginException

abort

public boolean abort()
              throws javax.security.auth.login.LoginException

Specified by:

abort in interface javax.security.auth.spi.LoginModule

Throws:

javax.security.auth.login.LoginException

logout

public boolean logout()
               throws javax.security.auth.login.LoginException

Specified by:

logout in interface javax.security.auth.spi.LoginModule

Throws:

javax.security.auth.login.LoginException

clearState

protected void clearState()

Removes any stateful principals, credentials, or roles stored by login. Also removes shared state name, dn, and password if clearPass is set.

getCredentials

protected void getCredentials(javax.security.auth.callback.NameCallback nameCb,
                              javax.security.auth.callback.PasswordCallback passCb,
                              boolean useCallback)
                       throws javax.security.auth.login.LoginException

Attempts to retrieve credentials for the supplied name and password callbacks. If useFirstPass or tryFirstPass is set, then name and password data is retrieved from shared state. Otherwise a callback handler is used to get the data. Set useCallback to force a callback handler to be used.

Parameters:

nameCb - to set name for

passCb - to set password for

useCallback - whether to force a callback handler

Throws:

javax.security.auth.login.LoginException - if the callback handler fails

storeCredentials

protected void storeCredentials(javax.security.auth.callback.NameCallback nameCb,
                                javax.security.auth.callback.PasswordCallback passCb,
                                java.lang.String loginDn)

Stores the supplied name, password, and entry dn in the stored state map. storePass must be set for this method to have any affect.

Parameters:

nameCb - to store

passCb - to store

loginDn - to store