Class AbstractLoginModule

  • All Implemented Interfaces:
    javax.security.auth.spi.LoginModule
    Direct Known Subclasses:
    ExternalLoginModule, LoginModuleImpl, TokenLoginModule

    @ProviderType
    public abstract class AbstractLoginModule
    extends java.lang.Object
    implements javax.security.auth.spi.LoginModule
    Abstract implementation of the LoginModule interface that can act as base class for login modules that aim to authenticate subjects against information stored in the content repository.

    LoginModule Methods

    This base class provides a simple implementation for the following methods of the LoginModule interface:

    • Initialize: Initialization of this abstract module sets the following protected instance fields:
      • subject: The subject to be authenticated,
      • callbackHandler: The callback handler passed to the login module,
      • shareState: The map used to share state information with other login modules,
      • options: The configuration options of this login module as specified in the Configuration.
    • Logout: If the authenticated subject is not empty this logout implementation attempts to clear both principals and public credentials and returns true.
    • Abort: Clears the state of this login module by setting all private instance variables created in phase 1 or 2 to null. Subclasses are in charge of releasing their own state information by either overriding clearState().

    Utility Methods

    The following methods are provided in addition:

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected javax.security.auth.callback.CallbackHandler callbackHandler  
      protected ConfigurationParameters options  
      static java.lang.String SHARED_KEY_ATTRIBUTES
      Key of the sharedState entry referring to public attributes that are shared between multiple login modules.
      static java.lang.String SHARED_KEY_CREDENTIALS
      Key of the sharedState entry referring to validated Credentials that is shared between multiple login modules.
      static java.lang.String SHARED_KEY_LOGIN_NAME
      Key of the sharedState entry referring to a valid login ID that is shared between multiple login modules.
      static java.lang.String SHARED_KEY_PRE_AUTH_LOGIN
      Key of the sharedState entry referring to pre authenticated login information that is shared between multiple login modules.
      protected java.util.Map sharedState  
      protected javax.security.auth.Subject subject  
    • Method Summary

      All Methods Static Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      boolean abort()  
      protected void clearState()
      Clear state information that has been created during LoginModule.login().
      protected void closeSystemSession()
      Close the system session acquired upon getRoot() and reset the associated root field.
      protected @Nullable Credentials getCredentials()
      Tries to retrieve valid (supported) Credentials: using a CredentialsCallback, looking for a SHARED_KEY_CREDENTIALS entry in the shared state (see also getSharedCredentials() and finally by searching for valid credentials in the subject.
      protected @NotNull LoginModuleMonitor getLoginModuleMonitor()  
      protected @Nullable PrincipalProvider getPrincipalProvider()
      Retrieves the PrincipalProvider that should be used to handle this authentication.
      protected @NotNull java.util.Set<? extends java.security.Principal> getPrincipals​(@NotNull java.lang.String userId)
      Retrieves all principals associated with the specified userId for the configured principal provider.
      protected @NotNull java.util.Set<? extends java.security.Principal> getPrincipals​(@NotNull java.security.Principal userPrincipal)  
      protected @Nullable Root getRoot()
      Tries to obtain a Root object from the callback handler using a new RepositoryCallback and keeps the value as private field.
      protected @Nullable SecurityProvider getSecurityProvider()
      Tries to obtain the SecurityProvider object from the callback handler using a new SecurityProviderCallback and keeps the value as private field.
      protected @Nullable Credentials getSharedCredentials()  
      protected @Nullable java.lang.String getSharedLoginName()  
      protected @Nullable PreAuthenticatedLogin getSharedPreAuthLogin()  
      protected abstract @NotNull java.util.Set<java.lang.Class> getSupportedCredentials()  
      protected @Nullable UserManager getUserManager()
      Retrieves the UserManager that should be used to handle this authentication.
      protected @Nullable Whiteboard getWhiteboard()
      Tries to obtain the Whiteboard object from the callback handler using a new WhiteboardCallback and keeps the value as private field.
      void initialize​(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map<java.lang.String,​?> sharedState, java.util.Map<java.lang.String,​?> options)  
      boolean logout()
      Besteffort default implementation of LoginModule.logout(), which removes all principals and all public credentials of type Credentials and AuthInfo from the subject.
      protected boolean logout​(@Nullable java.util.Set<java.lang.Object> credentials, @Nullable java.util.Set<? extends java.security.Principal> principals)
      General logout-helper that will return false if both credentials and principals are null.
      protected void onError()  
      protected static void setAuthInfo​(@NotNull AuthInfo authInfo, @NotNull javax.security.auth.Subject subject)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
      • Methods inherited from interface javax.security.auth.spi.LoginModule

        commit, login
    • Field Detail

      • SHARED_KEY_CREDENTIALS

        public static final java.lang.String SHARED_KEY_CREDENTIALS
        Key of the sharedState entry referring to validated Credentials that is shared between multiple login modules.
        See Also:
        Constant Field Values
      • SHARED_KEY_LOGIN_NAME

        public static final java.lang.String SHARED_KEY_LOGIN_NAME
        Key of the sharedState entry referring to a valid login ID that is shared between multiple login modules.
        See Also:
        Constant Field Values
      • SHARED_KEY_ATTRIBUTES

        public static final java.lang.String SHARED_KEY_ATTRIBUTES
        Key of the sharedState entry referring to public attributes that are shared between multiple login modules.
        See Also:
        Constant Field Values
      • SHARED_KEY_PRE_AUTH_LOGIN

        public static final java.lang.String SHARED_KEY_PRE_AUTH_LOGIN
        Key of the sharedState entry referring to pre authenticated login information that is shared between multiple login modules.
      • subject

        protected javax.security.auth.Subject subject
      • callbackHandler

        protected javax.security.auth.callback.CallbackHandler callbackHandler
      • sharedState

        protected java.util.Map sharedState
    • Constructor Detail

      • AbstractLoginModule

        public AbstractLoginModule()
    • Method Detail

      • initialize

        public void initialize​(javax.security.auth.Subject subject,
                               javax.security.auth.callback.CallbackHandler callbackHandler,
                               java.util.Map<java.lang.String,​?> sharedState,
                               java.util.Map<java.lang.String,​?> options)
        Specified by:
        initialize in interface javax.security.auth.spi.LoginModule
      • logout

        public boolean logout()
                       throws javax.security.auth.login.LoginException
        Besteffort default implementation of LoginModule.logout(), which removes all principals and all public credentials of type Credentials and AuthInfo from the subject. It will return false, if either principal set or credentials set is empty. Note, that this implementation is not able to only remove those principals/credentials that have been added by this very login module instance. Therefore subclasses should overwrite this method to provide a fully compliant solution of logout(). They may however take advantage of logout(Set, Set) in order to simplify the implementation of a logout that is compatible with the LoginModule.logout() contract incorporating the additional recommendations highlighted at JAAS LoginModule Dev Guide
        Specified by:
        logout in interface javax.security.auth.spi.LoginModule
        Returns:
        true if neither principals nor public credentials of type Credentials or AuthInfo stored in the Subject are empty; false otherwise
        Throws:
        javax.security.auth.login.LoginException - if the subject is readonly and destroying Destroyable credentials fails with DestroyFailedException.
      • abort

        public boolean abort()
                      throws javax.security.auth.login.LoginException
        Specified by:
        abort in interface javax.security.auth.spi.LoginModule
        Throws:
        javax.security.auth.login.LoginException
      • clearState

        protected void clearState()
        Clear state information that has been created during LoginModule.login().
      • closeSystemSession

        protected void closeSystemSession()
        Close the system session acquired upon getRoot() and reset the associated root field. This method should be used instead of clearState(), if LoginModule.login() and LoginModule.commit() were successfully completed but the system session is not needed for a successful logout()
      • logout

        protected boolean logout​(@Nullable
                                 @Nullable java.util.Set<java.lang.Object> credentials,
                                 @Nullable
                                 @Nullable java.util.Set<? extends java.security.Principal> principals)
                          throws javax.security.auth.login.LoginException
        General logout-helper that will return false if both credentials and principals are null. Note, that this implementation will only throw LoginException if the subject is marked readonly and destroying Destroyable credentials fails.
        Parameters:
        credentials - The set of credentials extracted by this instance during login/commit to be removed from Subject.getPublicCredentials()
        principals - A set of principals extracted by this instance during login/commit to be removed from Subject.getPrincipals()
        Returns:
        true if either the credential set or the principal set is not null, false otherwise.
        Throws:
        javax.security.auth.login.LoginException - If the subject is readonly and an error occurs while destroying any of the given credentials.
        See Also:
        JAASLMDevGuide
      • getSupportedCredentials

        @NotNull
        protected abstract @NotNull java.util.Set<java.lang.Class> getSupportedCredentials()
        Returns:
        A set of supported credential classes.
      • getSharedCredentials

        @Nullable
        protected @Nullable Credentials getSharedCredentials()
        Returns:
        The credentials passed to this login module with the shared state.
        See Also:
        SHARED_KEY_CREDENTIALS
      • getSharedLoginName

        @Nullable
        protected @Nullable java.lang.String getSharedLoginName()
        Returns:
        The login name passed to this login module with the shared state.
        See Also:
        SHARED_KEY_LOGIN_NAME
      • getSecurityProvider

        @Nullable
        protected @Nullable SecurityProvider getSecurityProvider()
        Tries to obtain the SecurityProvider object from the callback handler using a new SecurityProviderCallback and keeps the value as private field. If the callback handler isn't able to handle the SecurityProviderCallback this method returns null.
        Returns:
        The SecurityProvider associated with this LoginModule or null.
      • getWhiteboard

        @Nullable
        protected @Nullable Whiteboard getWhiteboard()
        Tries to obtain the Whiteboard object from the callback handler using a new WhiteboardCallback and keeps the value as private field. If the callback handler isn't able to handle the WhiteboardCallback this method returns null.
        Returns:
        The Whiteboard associated with this LoginModule or null.
      • getRoot

        @Nullable
        protected @Nullable Root getRoot()
        Tries to obtain a Root object from the callback handler using a new RepositoryCallback and keeps the value as private field. If the callback handler isn't able to handle the RepositoryCallback this method returns null.
        Returns:
        The Root associated with this LoginModule or null.
      • getUserManager

        @Nullable
        protected @Nullable UserManager getUserManager()
        Retrieves the UserManager that should be used to handle this authentication. If no user manager has been configure this method returns null.
        Returns:
        A instance of UserManager or null.
      • getPrincipalProvider

        @Nullable
        protected @Nullable PrincipalProvider getPrincipalProvider()
        Retrieves the PrincipalProvider that should be used to handle this authentication. If no principal provider has been configure this method returns null.
        Returns:
        A instance of PrincipalProvider or null.
      • getPrincipals

        @NotNull
        protected @NotNull java.util.Set<? extends java.security.Principal> getPrincipals​(@NotNull
                                                                                          @NotNull java.lang.String userId)
        Retrieves all principals associated with the specified userId for the configured principal provider.
        Parameters:
        userId - The id of the user.
        Returns:
        The set of principals associated with the given userId.
        See Also:
        getPrincipalProvider()
      • getPrincipals

        @NotNull
        protected @NotNull java.util.Set<? extends java.security.Principal> getPrincipals​(@NotNull
                                                                                          @NotNull java.security.Principal userPrincipal)
      • setAuthInfo

        protected static void setAuthInfo​(@NotNull
                                          @NotNull AuthInfo authInfo,
                                          @NotNull
                                          @NotNull javax.security.auth.Subject subject)
      • getLoginModuleMonitor

        @NotNull
        protected @NotNull LoginModuleMonitor getLoginModuleMonitor()
      • onError

        protected void onError()