Package org.ldaptive.jaas

Class AbstractLoginModule

java.lang.Object

org.ldaptive.jaas.AbstractLoginModule

All Implemented Interfaces:

LoginModule

Direct Known Subclasses:

LdapDnAuthorizationModule, LdapLoginModule, LdapRoleAuthorizationModule

public abstract class AbstractLoginModule
extends Object
implements LoginModule

Provides functionality common to ldap based JAAS login modules.

Field Summary

Fields

Modifier and Type	Field	Description
protected CallbackHandler	callbackHandler	Initialized callback handler.
protected boolean	clearPass	Whether credentials should be removed from the shared state map.
protected boolean	commitSuccess	Whether commit was successful.
protected Set<LdapCredential>	credentials	Credentials to add to the subject.
protected List<LdapRole>	defaultRole	Default roles.
protected Logger	logger	Logger for this class.
static String	LOGIN_DN	Constant for entryDn stored in shared state.
static String	LOGIN_NAME	Constant for login name stored in shared state.
static String	LOGIN_PASSWORD	Constant for login password stored in shared state.
protected boolean	loginSuccess	Whether authentication was successful.
protected String	principalGroupName	Name of group to add all principals to.
protected Set<Principal>	principals	Principals to add to the subject.
protected String	roleGroupName	Name of group to add all roles to.
protected Set<Principal>	roles	Roles to add to the subject.
protected boolean	setLdapCredential	Whether ldap credential data should be set.
protected boolean	setLdapDnPrincipal	Whether ldap dn principal data should be set.
protected boolean	setLdapPrincipal	Whether ldap principal data should be set.
protected Map	sharedState	Shared state from other login module.
protected boolean	storePass	Whether credentials should be stored in the shared state map.
protected Subject	subject	Initialized subject.
protected boolean	tryFirstPass	Whether credentials from the shared state should be used if they are available.
protected boolean	useFirstPass	Whether credentials from the shared state should be used.

Constructor Summary

Constructors

Constructor	Description
AbstractLoginModule()

Method Summary

Modifier and Type	Method	Description
boolean	abort()
protected void	clearState()	Removes any stateful principals, credentials, or roles stored by login.
boolean	commit()
protected void	getCredentials(NameCallback nameCb, PasswordCallback passCb, boolean useCallback)	Attempts to retrieve credentials for the supplied name and password callbacks.
void	initialize(Subject subj, CallbackHandler handler, Map<String,?> state, Map<String,?> options)
boolean	login()
protected abstract boolean	login(NameCallback nameCb, PasswordCallback passCb)	Authenticates a Subject with the supplied callbacks.
boolean	logout()
protected void	storeCredentials(NameCallback nameCb, PasswordCallback passCb, String loginDn)	Stores the supplied name, password, and entry dn in the stored state map. storePass must be set for this method to have any affect.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOGIN_NAME

public static final String LOGIN_NAME

Constant for login name stored in shared state.

See Also:

Constant Field Values

LOGIN_DN

public static final String LOGIN_DN

Constant for entryDn stored in shared state.

See Also:

Constant Field Values

LOGIN_PASSWORD

public static final String LOGIN_PASSWORD

Constant for login password stored in shared state.

See Also:

Constant Field Values

logger

protected final Logger logger

Logger for this class.

defaultRole

protected final List<LdapRole> defaultRole

Default roles.

subject

protected Subject subject

Initialized subject.

callbackHandler

protected CallbackHandler callbackHandler

Initialized callback handler.

sharedState

protected Map sharedState

Shared state from other login module.

useFirstPass

protected boolean useFirstPass

Whether credentials from the shared state should be used.

tryFirstPass

protected boolean tryFirstPass

Whether credentials from the shared state should be used if they are available.

storePass

protected boolean storePass

Whether credentials should be stored in the shared state map.

clearPass

protected boolean clearPass

Whether credentials should be removed from the shared state map.

setLdapPrincipal

protected boolean setLdapPrincipal

Whether ldap principal data should be set.

setLdapDnPrincipal

protected boolean setLdapDnPrincipal

Whether ldap dn principal data should be set.

setLdapCredential

protected boolean setLdapCredential

Whether ldap credential data should be set.

principalGroupName

protected String principalGroupName

Name of group to add all principals to.

roleGroupName

protected String roleGroupName

Name of group to add all roles to.

loginSuccess

protected boolean loginSuccess

Whether authentication was successful.

commitSuccess

protected boolean commitSuccess

Whether commit was successful.

principals

protected Set<Principal> principals

Principals to add to the subject.

credentials

protected Set<LdapCredential> credentials

Credentials to add to the subject.

roles

protected Set<Principal> roles

Roles to add to the subject.

Constructor Detail

AbstractLoginModule

public AbstractLoginModule()

Method Detail

initialize

public void initialize(Subject subj,
                       CallbackHandler handler,
                       Map<String,?> state,
                       Map<String,?> options)

Specified by:

initialize in interface LoginModule

login

public boolean login()
              throws LoginException

Specified by:

login in interface LoginModule

Throws:

LoginException

login

protected abstract boolean login(NameCallback nameCb,
                                 PasswordCallback passCb)
                          throws LoginException

Authenticates a Subject with the supplied callbacks.

Parameters:

nameCb - callback handler for subject's name

passCb - callback handler for subject's password

Returns:

true if authentication succeeded, false to ignore this module

Throws:

LoginException - if the authentication fails

commit

public boolean commit()
               throws LoginException

Specified by:

commit in interface LoginModule

Throws:

LoginException

abort

public boolean abort()
              throws LoginException

Specified by:

abort in interface LoginModule

Throws:

LoginException

logout

public boolean logout()
               throws LoginException

Specified by:

logout in interface LoginModule

Throws:

LoginException

clearState

protected void clearState()

Removes any stateful principals, credentials, or roles stored by login. Also removes shared state name, dn, and password if clearPass is set.

getCredentials

protected void getCredentials(NameCallback nameCb,
                              PasswordCallback passCb,
                              boolean useCallback)
                       throws LoginException

Attempts to retrieve credentials for the supplied name and password callbacks. If useFirstPass or tryFirstPass is set, then name and password data is retrieved from shared state. Otherwise, a callback handler is used to get the data. Set useCallback to force a callback handler to be used.

Parameters:

nameCb - to set name for

passCb - to set password for

useCallback - whether to force a callback handler

Throws:

LoginException - if the callback handler fails

storeCredentials

protected void storeCredentials(NameCallback nameCb,
                                PasswordCallback passCb,
                                String loginDn)

Stores the supplied name, password, and entry dn in the stored state map. storePass must be set for this method to have any affect.

Parameters:

nameCb - to store

passCb - to store

loginDn - to store