Package org.jboss.security.auth.spi
Class BaseCertLoginModule
- java.lang.Object
-
- org.jboss.security.auth.spi.AbstractServerLoginModule
-
- org.jboss.security.auth.spi.BaseCertLoginModule
-
- All Implemented Interfaces:
LoginModule
- Direct Known Subclasses:
CertRolesLoginModule,DatabaseCertLoginModule
public class BaseCertLoginModule extends AbstractServerLoginModule
Base Login Module that uses X509Certificates as credentials for authentication. This login module uses X509Certificates as a credential. It takes the cert as an object and checks to see if the alias in the truststore/keystore contains the same certificate. Subclasses of this module should implement the getRoleSets() method defined by AbstractServerLoginModule. Much of this module was patterned after the UserNamePasswordLoginModule.- Version:
- $Revision$
- Author:
- Jason Essington, Scott.Stark@jboss.org
-
-
Field Summary
-
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
-
-
Constructor Summary
Constructors Constructor Description BaseCertLoginModule()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description booleancommit()Override to add the X509Certificate to the public credentialsprotected Object[]getAliasAndCert()protected ObjectgetCredentials()protected PrincipalgetIdentity()Overriden by subclasses to return the Principal that corresponds to the user primary identity.protected Group[]getRoleSets()Subclasses need to override this to provide the roles for authorizationprotected StringgetUsername()voidinitialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)Override the super version to pickup the following options after first calling the super method.booleanlogin()Perform the authentication of the username and password.protected booleanvalidateCredential(String alias, X509Certificate cert)-
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, addValidOptions, checkOptions, createGroup, createIdentity, getCallerPrincipalGroup, getUnauthenticatedIdentity, getUseFirstPass, logout
-
-
-
-
Method Detail
-
initialize
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
Override the super version to pickup the following options after first calling the super method. option: securityDomain - the name of the SecurityDomain to obtain the trust and keystore from. option: verifier - the class name of the X509CertificateVerifier to use for verification of the login certificate- Specified by:
initializein interfaceLoginModule- Overrides:
initializein classAbstractServerLoginModule- Parameters:
subject- the Subject to update after a successful login.callbackHandler- the CallbackHandler that will be used to obtain the the user identity and credentials.sharedState- a Map shared between all configured login module instancesoptions- the parameters passed to the login module.- See Also:
SecurityDomain,X509CertificateVerifier
-
login
public boolean login() throws LoginExceptionPerform the authentication of the username and password.- Specified by:
loginin interfaceLoginModule- Overrides:
loginin classAbstractServerLoginModule- Throws:
LoginException
-
commit
public boolean commit() throws LoginExceptionOverride to add the X509Certificate to the public credentials- Specified by:
commitin interfaceLoginModule- Overrides:
commitin classAbstractServerLoginModule- Returns:
- Throws:
LoginException
-
getRoleSets
protected Group[] getRoleSets() throws LoginException
Subclasses need to override this to provide the roles for authorization- Specified by:
getRoleSetsin classAbstractServerLoginModule- Returns:
- Throws:
LoginException
-
getIdentity
protected Principal getIdentity()
Description copied from class:AbstractServerLoginModuleOverriden by subclasses to return the Principal that corresponds to the user primary identity.- Specified by:
getIdentityin classAbstractServerLoginModule
-
getCredentials
protected Object getCredentials()
-
getUsername
protected String getUsername()
-
getAliasAndCert
protected Object[] getAliasAndCert() throws LoginException
- Throws:
LoginException
-
validateCredential
protected boolean validateCredential(String alias, X509Certificate cert)
-
-