Package org.apache.jackrabbit.oak.spi.security.authentication.external.impl

Class ExternalLoginModule

  • All Implemented Interfaces:
    javax.security.auth.spi.LoginModule
    public class ExternalLoginModule
extends AbstractLoginModule
    ExternalLoginModule implements a LoginModule that uses an ExternalIdentityProvider for authentication.

    • Field Detail

      • PARAM_IDP_NAME

        public static final java.lang.String PARAM_IDP_NAME
        Name of the parameter that configures the name of the external identity provider.
        See Also:
        Constant Field Values

      • PARAM_SYNC_HANDLER_NAME

        public static final java.lang.String PARAM_SYNC_HANDLER_NAME
        Name of the parameter that configures the name of the synchronization handler.
        See Also:
        Constant Field Values

    • Constructor Detail

      • ExternalLoginModule

        public ExternalLoginModule()
        Default constructor for the OSGIi LoginModuleFactory case and the default non-OSGi JAAS case.

      • ExternalLoginModule

        public ExternalLoginModule​(ConfigurationParameters osgiConfig)
        Creates a new ExternalLoginModule with the given OSGi config.
        Parameters:
        osgiConfig - the config

    • Method Detail

      • initialize

        public void initialize​(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map<java.lang.String,​?> sharedState,
                       java.util.Map<java.lang.String,​?> opts)
        Specified by:
        initialize in interface javax.security.auth.spi.LoginModule
        Overrides:
        initialize in class AbstractLoginModule

      • login

        public boolean login()
              throws javax.security.auth.login.LoginException
        Throws:
        javax.security.auth.login.LoginException

      • commit

        public boolean commit()

      • abort

        public boolean abort()
        Specified by:
        abort in interface javax.security.auth.spi.LoginModule
        Overrides:
        abort in class AbstractLoginModule

      • logout

        public boolean logout()
               throws javax.security.auth.login.LoginException
        Description copied from class: AbstractLoginModule
        Besteffort default implementation of LoginModule.logout(), which removes all principals and all public credentials of type Credentials and AuthInfo from the subject. It will return false, if either principal set or credentials set is empty. Note, that this implementation is not able to only remove those principals/credentials that have been added by this very login module instance. Therefore subclasses should overwrite this method to provide a fully compliant solution of AbstractLoginModule.logout(). They may however take advantage of AbstractLoginModule.logout(Set, Set) in order to simplify the implementation of a logout that is compatible with the LoginModule.logout() contract incorporating the additional recommendations highlighted at JAAS LoginModule Dev Guide
        Specified by:
        logout in interface javax.security.auth.spi.LoginModule
        Overrides:
        logout in class AbstractLoginModule
        Returns:
        true if neither principals nor public credentials of type Credentials or AuthInfo stored in the Subject are empty; false otherwise
        Throws:
        javax.security.auth.login.LoginException - if the subject is readonly and destroying Destroyable credentials fails with DestroyFailedException.

      • setSyncManager

        public void setSyncManager​(@NotNull
                           @NotNull SyncManager syncManager)