Package org.ldaptive.jaas
Class AbstractLoginModule
- java.lang.Object
-
- org.ldaptive.jaas.AbstractLoginModule
-
- All Implemented Interfaces:
LoginModule
- Direct Known Subclasses:
LdapDnAuthorizationModule
,LdapLoginModule
,LdapRoleAuthorizationModule
public abstract class AbstractLoginModule extends Object implements LoginModule
Provides functionality common to ldap based JAAS login modules.
-
-
Field Summary
Fields Modifier and Type Field Description protected CallbackHandler
callbackHandler
Initialized callback handler.protected boolean
clearPass
Whether credentials should be removed from the shared state map.protected boolean
commitSuccess
Whether commit was successful.protected Set<LdapCredential>
credentials
Credentials to add to the subject.protected List<LdapRole>
defaultRole
Default roles.protected Logger
logger
Logger for this class.static String
LOGIN_DN
Constant for entryDn stored in shared state.static String
LOGIN_NAME
Constant for login name stored in shared state.static String
LOGIN_PASSWORD
Constant for login password stored in shared state.protected boolean
loginSuccess
Whether authentication was successful.protected String
principalGroupName
Name of group to add all principals to.protected Set<Principal>
principals
Principals to add to the subject.protected String
roleGroupName
Name of group to add all roles to.protected Set<Principal>
roles
Roles to add to the subject.protected boolean
setLdapCredential
Whether ldap credential data should be set.protected boolean
setLdapDnPrincipal
Whether ldap dn principal data should be set.protected boolean
setLdapPrincipal
Whether ldap principal data should be set.protected Map
sharedState
Shared state from other login module.protected boolean
storePass
Whether credentials should be stored in the shared state map.protected Subject
subject
Initialized subject.protected boolean
tryFirstPass
Whether credentials from the shared state should be used if they are available.protected boolean
useFirstPass
Whether credentials from the shared state should be used.
-
Constructor Summary
Constructors Constructor Description AbstractLoginModule()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description boolean
abort()
protected void
clearState()
Removes any stateful principals, credentials, or roles stored by login.boolean
commit()
protected void
getCredentials(NameCallback nameCb, PasswordCallback passCb, boolean useCallback)
Attempts to retrieve credentials for the supplied name and password callbacks.void
initialize(Subject subj, CallbackHandler handler, Map<String,?> state, Map<String,?> options)
boolean
login()
protected abstract boolean
login(NameCallback nameCb, PasswordCallback passCb)
Authenticates aSubject
with the supplied callbacks.boolean
logout()
protected void
storeCredentials(NameCallback nameCb, PasswordCallback passCb, String loginDn)
Stores the supplied name, password, and entry dn in the stored state map. storePass must be set for this method to have any affect.
-
-
-
Field Detail
-
LOGIN_NAME
public static final String LOGIN_NAME
Constant for login name stored in shared state.- See Also:
- Constant Field Values
-
LOGIN_DN
public static final String LOGIN_DN
Constant for entryDn stored in shared state.- See Also:
- Constant Field Values
-
LOGIN_PASSWORD
public static final String LOGIN_PASSWORD
Constant for login password stored in shared state.- See Also:
- Constant Field Values
-
logger
protected final Logger logger
Logger for this class.
-
subject
protected Subject subject
Initialized subject.
-
callbackHandler
protected CallbackHandler callbackHandler
Initialized callback handler.
-
sharedState
protected Map sharedState
Shared state from other login module.
-
useFirstPass
protected boolean useFirstPass
Whether credentials from the shared state should be used.
-
tryFirstPass
protected boolean tryFirstPass
Whether credentials from the shared state should be used if they are available.
-
storePass
protected boolean storePass
Whether credentials should be stored in the shared state map.
-
clearPass
protected boolean clearPass
Whether credentials should be removed from the shared state map.
-
setLdapPrincipal
protected boolean setLdapPrincipal
Whether ldap principal data should be set.
-
setLdapDnPrincipal
protected boolean setLdapDnPrincipal
Whether ldap dn principal data should be set.
-
setLdapCredential
protected boolean setLdapCredential
Whether ldap credential data should be set.
-
principalGroupName
protected String principalGroupName
Name of group to add all principals to.
-
roleGroupName
protected String roleGroupName
Name of group to add all roles to.
-
loginSuccess
protected boolean loginSuccess
Whether authentication was successful.
-
commitSuccess
protected boolean commitSuccess
Whether commit was successful.
-
credentials
protected Set<LdapCredential> credentials
Credentials to add to the subject.
-
-
Method Detail
-
initialize
public void initialize(Subject subj, CallbackHandler handler, Map<String,?> state, Map<String,?> options)
- Specified by:
initialize
in interfaceLoginModule
-
login
public boolean login() throws LoginException
- Specified by:
login
in interfaceLoginModule
- Throws:
LoginException
-
login
protected abstract boolean login(NameCallback nameCb, PasswordCallback passCb) throws LoginException
Authenticates aSubject
with the supplied callbacks.- Parameters:
nameCb
- callback handler for subject's namepassCb
- callback handler for subject's password- Returns:
- true if authentication succeeded, false to ignore this module
- Throws:
LoginException
- if the authentication fails
-
commit
public boolean commit() throws LoginException
- Specified by:
commit
in interfaceLoginModule
- Throws:
LoginException
-
abort
public boolean abort() throws LoginException
- Specified by:
abort
in interfaceLoginModule
- Throws:
LoginException
-
logout
public boolean logout() throws LoginException
- Specified by:
logout
in interfaceLoginModule
- Throws:
LoginException
-
clearState
protected void clearState()
Removes any stateful principals, credentials, or roles stored by login. Also removes shared state name, dn, and password if clearPass is set.
-
getCredentials
protected void getCredentials(NameCallback nameCb, PasswordCallback passCb, boolean useCallback) throws LoginException
Attempts to retrieve credentials for the supplied name and password callbacks. If useFirstPass or tryFirstPass is set, then name and password data is retrieved from shared state. Otherwise, a callback handler is used to get the data. Set useCallback to force a callback handler to be used.- Parameters:
nameCb
- to set name forpassCb
- to set password foruseCallback
- whether to force a callback handler- Throws:
LoginException
- if the callback handler fails
-
storeCredentials
protected void storeCredentials(NameCallback nameCb, PasswordCallback passCb, String loginDn)
Stores the supplied name, password, and entry dn in the stored state map. storePass must be set for this method to have any affect.- Parameters:
nameCb
- to storepassCb
- to storeloginDn
- to store
-
-