edu.vt.middleware.ldap.jaas

Class AbstractLoginModule

java.lang.Object

edu.vt.middleware.ldap.jaas.AbstractLoginModule

All Implemented Interfaces:

javax.security.auth.spi.LoginModule

Direct Known Subclasses:

LdapDnAuthorizationModule, LdapLoginModule, LdapRoleAuthorizationModule

public abstract class AbstractLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule

AbstractLoginModule provides functionality common to ldap based login modules.

Version:

$Revision: 1878 $ $Date: 2011-04-05 16:15:00 +0100 (Tue, 05 Apr 2011) $

Author:

Middleware Services

Field Summary

Fields

Modifier and Type	Field and Description
protected javax.security.auth.callback.CallbackHandler	callbackHandler Initialized callback handler.
protected boolean	clearPass Whether credentials should be removed from the shared state map.
protected boolean	commitSuccess Whether commit was successful.
protected java.util.Set<LdapCredential>	credentials Credentials to add to the subject.
protected java.util.List<LdapRole>	defaultRole Default roles.
protected org.apache.commons.logging.Log	logger Log for this class.
static java.lang.String	LOGIN_DN Constant for entryDn stored in shared state.
static java.lang.String	LOGIN_NAME Constant for login name stored in shared state.
static java.lang.String	LOGIN_PASSWORD Constant for login password stored in shared state.
protected boolean	loginSuccess Whether login was successful.
protected java.lang.String	principalGroupName Name of group to add all principals to.
protected java.util.Set<java.security.Principal>	principals Principals to add to the subject.
protected java.lang.String	roleGroupName Name of group to add all roles to.
protected java.util.Set<java.security.Principal>	roles Roles to add to the subject.
protected boolean	setLdapCredential Whether ldap credential data should be set.
protected boolean	setLdapDnPrincipal Whether ldap dn principal data should be set.
protected boolean	setLdapPrincipal Whether ldap principal data should be set.
protected java.util.Map	sharedState Shared state from other login module.
protected boolean	storePass Whether credentials should be stored in the shared state map.
protected javax.security.auth.Subject	subject Initialized subject.
protected boolean	tryFirstPass Whether credentials from the shared state should be used if they are available.
protected boolean	useFirstPass Whether credentials from the shared state should be used.

Constructor Summary

Constructors

Constructor and Description
AbstractLoginModule()

Method Summary

Methods

Modifier and Type	Method and Description
boolean	abort()
protected java.util.List<LdapRole>	attributesToRoles(javax.naming.directory.Attributes attributes) This parses the supplied attributes and returns them as a list of LdapRoles.
protected void	clearState() Removes any stateful principals, credentials, or roles stored by login.
boolean	commit()
static Authenticator	createAuthenticator(java.util.Map<java.lang.String,?> options) This constructs a new Authenticator with the supplied jaas options.
static Ldap	createLdap(java.util.Map<java.lang.String,?> options) This constructs a new Ldap with the supplied jaas options.
protected void	getCredentials(javax.security.auth.callback.NameCallback nameCb, javax.security.auth.callback.PasswordCallback passCb, boolean useCallback) This attempts to retrieve credentials for the supplied name and password callbacks.
void	initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map<java.lang.String,?> sharedState, java.util.Map<java.lang.String,?> options)
abstract boolean	login()
boolean	logout()
protected void	storeCredentials(javax.security.auth.callback.NameCallback nameCb, javax.security.auth.callback.PasswordCallback passCb, java.lang.String loginDn) This will store the supplied name, password, and entry dn in the stored state map.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOGIN_NAME

public static final java.lang.String LOGIN_NAME

Constant for login name stored in shared state.

See Also:

Constant Field Values

LOGIN_DN

public static final java.lang.String LOGIN_DN

Constant for entryDn stored in shared state.

See Also:

Constant Field Values

LOGIN_PASSWORD

public static final java.lang.String LOGIN_PASSWORD

Constant for login password stored in shared state.

See Also:

Constant Field Values

logger

protected final org.apache.commons.logging.Log logger

Log for this class.

subject

protected javax.security.auth.Subject subject

Initialized subject.

callbackHandler

protected javax.security.auth.callback.CallbackHandler callbackHandler

Initialized callback handler.

sharedState

protected java.util.Map sharedState

Shared state from other login module.

useFirstPass

protected boolean useFirstPass

Whether credentials from the shared state should be used.

tryFirstPass

protected boolean tryFirstPass

Whether credentials from the shared state should be used if they are available.

storePass

protected boolean storePass

Whether credentials should be stored in the shared state map.

clearPass

protected boolean clearPass

Whether credentials should be removed from the shared state map.

setLdapPrincipal

protected boolean setLdapPrincipal

Whether ldap principal data should be set.

setLdapDnPrincipal

protected boolean setLdapDnPrincipal

Whether ldap dn principal data should be set.

setLdapCredential

protected boolean setLdapCredential

Whether ldap credential data should be set.

defaultRole

protected java.util.List<LdapRole> defaultRole

Default roles.

principalGroupName

protected java.lang.String principalGroupName

Name of group to add all principals to.

roleGroupName

protected java.lang.String roleGroupName

Name of group to add all roles to.

loginSuccess

protected boolean loginSuccess

Whether login was successful.

commitSuccess

protected boolean commitSuccess

Whether commit was successful.

principals

protected java.util.Set<java.security.Principal> principals

Principals to add to the subject.

credentials

protected java.util.Set<LdapCredential> credentials

Credentials to add to the subject.

roles

protected java.util.Set<java.security.Principal> roles

Roles to add to the subject.

Constructor Detail

AbstractLoginModule

public AbstractLoginModule()

Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
              javax.security.auth.callback.CallbackHandler callbackHandler,
              java.util.Map<java.lang.String,?> sharedState,
              java.util.Map<java.lang.String,?> options)

Specified by:

initialize in interface javax.security.auth.spi.LoginModule

login

public abstract boolean login()
                       throws javax.security.auth.login.LoginException

Specified by:

login in interface javax.security.auth.spi.LoginModule

Throws:

javax.security.auth.login.LoginException

commit

public boolean commit()
               throws javax.security.auth.login.LoginException

Specified by:

commit in interface javax.security.auth.spi.LoginModule

Throws:

javax.security.auth.login.LoginException

abort

public boolean abort()
              throws javax.security.auth.login.LoginException

Specified by:

abort in interface javax.security.auth.spi.LoginModule

Throws:

javax.security.auth.login.LoginException

logout

public boolean logout()
               throws javax.security.auth.login.LoginException

Specified by:

logout in interface javax.security.auth.spi.LoginModule

Throws:

javax.security.auth.login.LoginException

createLdap

public static Ldap createLdap(java.util.Map<java.lang.String,?> options)

This constructs a new Ldap with the supplied jaas options.

Parameters:

options - Map

Returns:

Ldap

createAuthenticator

public static Authenticator createAuthenticator(java.util.Map<java.lang.String,?> options)

This constructs a new Authenticator with the supplied jaas options.

Parameters:

options - Map

Returns:

Authenticator

clearState

protected void clearState()

Removes any stateful principals, credentials, or roles stored by login. Also removes shared state name, dn, and password if clearPass is set.

getCredentials

protected void getCredentials(javax.security.auth.callback.NameCallback nameCb,
                  javax.security.auth.callback.PasswordCallback passCb,
                  boolean useCallback)
                       throws javax.security.auth.login.LoginException

This attempts to retrieve credentials for the supplied name and password callbacks. If useFirstPass or tryFirstPass is set, then name and password data is retrieved from shared state. Otherwise a callback handler is used to get the data. Set useCallback to force a callback handler to be used.

Parameters:

nameCb - to set name for

passCb - to set password for

useCallback - whether to force a callback handler

Throws:

javax.security.auth.login.LoginException - if the callback handler fails

storeCredentials

protected void storeCredentials(javax.security.auth.callback.NameCallback nameCb,
                    javax.security.auth.callback.PasswordCallback passCb,
                    java.lang.String loginDn)

This will store the supplied name, password, and entry dn in the stored state map. storePass must be set for this method to have any affect.

Parameters:

nameCb - to store

passCb - to store

loginDn - to store

attributesToRoles

protected java.util.List<LdapRole> attributesToRoles(javax.naming.directory.Attributes attributes)
                                              throws javax.naming.NamingException

This parses the supplied attributes and returns them as a list of LdapRoles.

Parameters:

attributes - Attributes

Returns:

List

Throws:

javax.naming.NamingException - if the attributes cannot be parsed