com.ecyrd.jspwiki.auth.login

Class AbstractLoginModule

java.lang.Object

com.ecyrd.jspwiki.auth.login.AbstractLoginModule

All Implemented Interfaces:

javax.security.auth.spi.LoginModule

Direct Known Subclasses:

AnonymousLoginModule, CookieAssertionLoginModule, CookieAuthenticationLoginModule, UserDatabaseLoginModule, WebContainerLoginModule

public abstract class AbstractLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule

Abstract JAAS LoginModulethat implements base functionality. The methods login() and commit() must be implemented by subclasses. The default implementations of initialize(Subject, CallbackHandler, Map, Map), abort() and logout() should be sufficient for most purposes.

Since:

2.3

Author:

Andrew Jaquith

Field Summary

Fields

Modifier and Type	Field and Description
protected javax.security.auth.callback.CallbackHandler	m_handler
protected java.util.Map<java.lang.String,?>	m_options
protected java.util.Collection<java.security.Principal>	m_previousWikiPrincipals Deprecated.
protected java.util.Collection<java.security.Principal>	m_principals Implementing classes should add Principals to this collection; these will be added to the principal set when the overall login succeeds.
protected java.util.Collection<java.security.Principal>	m_principalsToOverwrite Deprecated.
protected java.util.Collection<java.security.Principal>	m_principalsToRemove Deprecated.
protected java.util.Map<java.lang.String,?>	m_state
protected javax.security.auth.Subject	m_subject
protected static java.lang.String	NULL

Constructor Summary

Constructors

Constructor and Description
AbstractLoginModule()

Method Summary

Modifier and Type	Method and Description
boolean	abort() Aborts the login; called if the LoginContext's overall authentication failed.
boolean	commit() Commits the login.
void	initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map<java.lang.String,?> sharedState, java.util.Map<java.lang.String,?> options) Initializes the LoginModule with a given Subject, callback handler, options and shared state.
abstract boolean	login() Logs in the user by calling back to the registered CallbackHandler with a series of callbacks.
boolean	logout() Logs the user out.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

m_handler

protected javax.security.auth.callback.CallbackHandler m_handler

m_options

protected java.util.Map<java.lang.String,?> m_options

m_previousWikiPrincipals

protected java.util.Collection<java.security.Principal> m_previousWikiPrincipals

Deprecated.

Collection of Principals set during login module initialization. These represent the user's identities prior to the overall login. Typically these will contain earlier, less-authoritative principals like a WikiPrincipal for the user cookie, or an IP address. These Principals are forcibly removed during the commit phase if login succeeds.

m_principals

protected java.util.Collection<java.security.Principal> m_principals

Implementing classes should add Principals to this collection; these will be added to the principal set when the overall login succeeds. These Principals will be added to the Subject during the commit() phase of login.

m_principalsToRemove

protected java.util.Collection<java.security.Principal> m_principalsToRemove

Deprecated.

Implementing classes should add Principals to this collection to specify what Principals must be removed if login for this module, or for the entire login configuration overall, fails. Generally, these will be Principals of type Role.

m_principalsToOverwrite

protected java.util.Collection<java.security.Principal> m_principalsToOverwrite

Deprecated.

Implementing classes should add Principals to this collection to specify what Principals, perhaps suppled by other LoginModules, must be removed if login for this module, or for the entire login configuration overall, succeeds. Generally, these will be Principals of type Role. For example, CookieAssertionLoginModule adds Role.ANONYMOUS to its m_principalsToOverwrite collection because when it succeeds, its own Role.AUTHENTICATED should over-write Role.ANONYMOUS.

m_state

protected java.util.Map<java.lang.String,?> m_state

m_subject

protected javax.security.auth.Subject m_subject

NULL

protected static final java.lang.String NULL

See Also:

Constant Field Values

Constructor Detail

AbstractLoginModule

public AbstractLoginModule()

Method Detail

abort

public final boolean abort()
                    throws javax.security.auth.login.LoginException

Aborts the login; called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed). Specifically, it removes Principals from the Subject that are associated with the individual LoginModule; these will be those contained in m_principalsToRemove. It always returns true.

Specified by:

abort in interface javax.security.auth.spi.LoginModule

Returns:

True, always.

Throws:

javax.security.auth.login.LoginException - if the abort itself fails

See Also:

LoginModule.abort()

commit

public final boolean commit()

Commits the login. If the overall login method succeeded, adds principals to the Subject's set; generally, these will be the user's actual Principal, plus one or more Role principals. The state of the m_principals member variable is consulted to determine whether to add the principals. If its size is 0 (because the login failed), the login is considered to have failed; in this case, all principals in m_principalsToRemove are removed from the Subject's set. Otherwise, the principals added to m_principals in the login() method are added to the Subject's set.

Specified by:

commit in interface javax.security.auth.spi.LoginModule

Returns:

true if the commit succeeded, or false if the previous call to login() failed

See Also:

LoginModule.commit()

initialize

public final void initialize(javax.security.auth.Subject subject,
                             javax.security.auth.callback.CallbackHandler callbackHandler,
                             java.util.Map<java.lang.String,?> sharedState,
                             java.util.Map<java.lang.String,?> options)

Initializes the LoginModule with a given Subject, callback handler, options and shared state. In particular, the member variable m_principals is initialized as a blank Set.

Specified by:

initialize in interface javax.security.auth.spi.LoginModule

Parameters:

subject -

callbackHandler -

sharedState -

options -

See Also:

LoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)

login

public abstract boolean login()
                       throws javax.security.auth.login.LoginException

Logs in the user by calling back to the registered CallbackHandler with a series of callbacks. If the login succeeds, this method returns true

Specified by:

login in interface javax.security.auth.spi.LoginModule

Returns:

true if the commit succeeded, or false if this LoginModule should be ignored.

Throws:

javax.security.auth.login.LoginException - if the authentication fails

See Also:

LoginModule.login()

logout

public final boolean logout()
                     throws javax.security.auth.login.LoginException

Logs the user out. Removes all principals in m_principalsToRemove from the Subject's principal set.

Specified by:

logout in interface javax.security.auth.spi.LoginModule

Returns:

true if the commit succeeded, or false if this LoginModule should be ignored

Throws:

javax.security.auth.login.LoginException - if the logout itself fails

See Also:

LoginModule.logout()