@ProviderType public abstract class AbstractLoginModule extends java.lang.Object implements javax.security.auth.spi.LoginModule
LoginModule
interface that can act
as base class for login modules that aim to authenticate subjects against
information stored in the content repository.
LoginModule
interface:
Initialize
:
Initialization of this abstract module sets the following protected instance
fields:
Configuration
.Logout
:
If the authenticated subject is not empty this logout implementation
attempts to clear both principals and public credentials and returns
true
.Abort
: Clears the state of this login
module by setting all private instance variables created in phase 1 or 2
to null
. Subclasses are in charge of releasing their own state
information by either overriding clearState()
.
clearState()
: Clears all private state information that has
be created during login. This method in called in abort()
and
subclasses are expected to override this method.getSupportedCredentials()
: Abstract method used by
getCredentials()
that reveals which credential implementations
are supported by the LoginModule
.getCredentials()
: Tries to retrieve valid (supported)
Credentials in the following order:
CredentialsCallback
,SHARED_KEY_CREDENTIALS
entry in the shared
state (see also getSharedCredentials()
and finally bygetSharedCredentials()
: This method returns credentials
passed to the login module with the share state. The key to share credentials
with a another module extending from this base class is
SHARED_KEY_CREDENTIALS
. Note, that this method does not verify
if the credentials provided by the shared state are
supported
.getSharedLoginName()
: If the shared state contains an entry
for SHARED_KEY_LOGIN_NAME
this method returns the value as login name.getSecurityProvider()
: Returns the configured security
provider or null
.getRoot()
: Provides access to the latest state of the
repository in order to retrieve user or principal information required to
authenticate the subject as well as to write back information during
LoginModule.commit()
.getUserManager()
: Returns an instance of the configured
UserManager
or null
.getPrincipalProvider()
: Returns an instance of the configured
principal provider or null
.getPrincipals(String)
: Utility that returns all principals
associated with a given user id. This method might be be called after
successful authentication in order to be able to populate the subject
during LoginModule.commit()
. The implementation is a shortcut for calling
getPrincipals(String userId
on the provider exposed by getPrincipalProvider()
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
SHARED_KEY_ATTRIBUTES
Key of the sharedState entry referring to public attributes that are shared
between multiple login modules.
|
static java.lang.String |
SHARED_KEY_CREDENTIALS
Key of the sharedState entry referring to validated Credentials that is
shared between multiple login modules.
|
static java.lang.String |
SHARED_KEY_LOGIN_NAME
Key of the sharedState entry referring to a valid login ID that is shared
between multiple login modules.
|
static java.lang.String |
SHARED_KEY_PRE_AUTH_LOGIN
Key of the sharedState entry referring to pre authenticated login information that is shared
between multiple login modules.
|
Constructor and Description |
---|
AbstractLoginModule() |
Modifier and Type | Method and Description |
---|---|
boolean |
abort() |
void |
initialize(javax.security.auth.Subject subject,
javax.security.auth.callback.CallbackHandler callbackHandler,
java.util.Map<java.lang.String,?> sharedState,
java.util.Map<java.lang.String,?> options) |
boolean |
logout()
Besteffort default implementation of
LoginModule.logout() , which removes all principals and all public
credentials of type Credentials and AuthInfo from the subject. |
public static final java.lang.String SHARED_KEY_CREDENTIALS
public static final java.lang.String SHARED_KEY_LOGIN_NAME
public static final java.lang.String SHARED_KEY_ATTRIBUTES
public static final java.lang.String SHARED_KEY_PRE_AUTH_LOGIN
public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map<java.lang.String,?> sharedState, java.util.Map<java.lang.String,?> options)
initialize
in interface javax.security.auth.spi.LoginModule
public boolean logout() throws javax.security.auth.login.LoginException
LoginModule.logout()
, which removes all principals and all public
credentials of type Credentials
and AuthInfo
from the subject.
It will return false
, if either principal set or credentials set is empty.
Note, that this implementation is not able to only remove those principals/credentials that have been added
by this
very login module instance. Therefore subclasses should overwrite this method to provide a fully
compliant solution of logout()
. They may however take advantage of logout(Set, Set)
in order to simplify the implementation of a logout that is compatible with the LoginModule.logout()
contract incorporating the additional recommendations highlighted at
JAAS LoginModule Dev Guidelogout
in interface javax.security.auth.spi.LoginModule
true
if neither principals nor public credentials of type Credentials
or AuthInfo
stored in the Subject
are empty; false
otherwisejavax.security.auth.login.LoginException
- if the subject is readonly and destroying Destroyable
credentials fails
with DestroyFailedException
.public boolean abort() throws javax.security.auth.login.LoginException
abort
in interface javax.security.auth.spi.LoginModule
javax.security.auth.login.LoginException
Copyright © 2010 - 2020 Adobe. All Rights Reserved