public class DefaultLoginModule extends AbstractLoginModule
DefaultLoginModule
authenticates Credentials related to
a User
of the RepositoryThis Module can deal with the following credentials
SimpleCredentials
-> handled by SimpleCredentialsAuthentication
.TokenCredentials
-> handled by TokenBasedAuthentication
.
Correspondingly impersonation is delegated to the User
's
Impersonation
object.
AbstractLoginModule
Modifier and Type | Field and Description |
---|---|
protected User |
user
The user object retrieved during the authentication process.
|
adminId, anonymousId, callbackHandler, credentials, principal, principalProvider, sharedState, subject
Constructor and Description |
---|
DefaultLoginModule() |
Modifier and Type | Method and Description |
---|---|
boolean |
commit()
Method to commit the authentication process (phase 2).
|
protected void |
doInit(CallbackHandler callbackHandler,
Session session,
Map options)
Retrieves the user manager from the specified session.
|
protected Authentication |
getAuthentication(Principal principal,
Credentials creds)
Retrieve the
Authentication . |
protected Principal |
getPrincipal(Credentials credentials)
Resolves the userID from the given credentials and obtains the
principal from the User object associated with the given userID.
|
long |
getTokenExpiration() |
protected String |
getUserID(Credentials credentials)
Method supports tries to acquire a UserID in the following order:
If passed credentials are
GuestCredentials the anonymous user id
is returned.
Try to access it from the Credentials via SimpleCredentials.getUserID()
Ask CallbackHandler for User-ID with use of NameCallback .
Test if the 'sharedState' contains a login name.
Fallback: return the anonymous UserID.
|
protected boolean |
impersonate(Principal principal,
Credentials credentials)
Handles the impersonation of given Credentials.
|
boolean |
isDisableTokenAuth()
Return a flag indicating if token based authentication is disabled.
|
void |
setDisableTokenAuth(boolean disableTokenAuth)
Set a flag indicating if token based authentication is disabled.
|
void |
setTokenExpiration(long tokenExpiration) |
protected boolean |
supportsCredentials(Credentials creds)
Return a flag indicating whether the credentials are supported by
this login module.
|
abort, authenticate, getAdminId, getAnonymousId, getCredentials, getImpersonatorSubject, getPreAuthAttributeName, getPrincipalProvider, getPrincipals, initialize, isAnonymous, isImpersonation, isInitialized, isPreAuthenticated, login, logout, setAdminId, setAnonymousId, setPrincipalProvider
protected User user
public boolean commit() throws LoginException
AbstractLoginModule
This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).
If this LoginModule's own authentication attempt succeeded (checked
by retrieving the private state saved by the login
method),
then this method associates relevant Principals and Credentials with the
Subject
located in the LoginModule
. If this
LoginModule's own authentication attempted failed, then this method
removes/destroys any state that was originally saved.
The login is considered as succeeded if there is a principal set.
The implementation stores the principal associated to the UserID and all the Groups it is member of with the Subject and in addition adds an instance of (#link SimpleCredentials} to the Subject's public credentials.
commit
in interface LoginModule
commit
in class AbstractLoginModule
LoginModule
should be ignored.LoginException
- if the commit failsLoginModule.commit()
protected void doInit(CallbackHandler callbackHandler, Session session, Map options) throws LoginException
doInit
in class AbstractLoginModule
callbackHandler
- as passed by LoginContext
session
- to security-workspace of Jackrabbitoptions
- options from LoginModule configLoginException
- in case initialization fails.AbstractLoginModule.doInit(CallbackHandler, Session, Map)
protected Principal getPrincipal(Credentials credentials)
null
is returned.getPrincipal
in class AbstractLoginModule
credentials
- Credentials to retrieve the principal for.null
.AbstractLoginModule.getPrincipal(Credentials)
protected boolean supportsCredentials(Credentials creds)
AbstractLoginModule
SimpleCredentials
and GuestCredentials
.supportsCredentials
in class AbstractLoginModule
creds
- credentialstrue
if the credentials are supported;
false
otherwiseAbstractLoginModule.supportsCredentials(javax.jcr.Credentials)
protected String getUserID(Credentials credentials)
AbstractLoginModule
GuestCredentials
the anonymous user id
is returned.Credentials
via SimpleCredentials.getUserID()
NameCallback
.getUserID
in class AbstractLoginModule
credentials
- which, may contain a User-IDAbstractLoginModule.getUserID(javax.jcr.Credentials)
protected Authentication getAuthentication(Principal principal, Credentials creds) throws RepositoryException
AbstractLoginModule
Authentication
.getAuthentication
in class AbstractLoginModule
principal
- A principal.creds
- The Credentials used for the login.RepositoryException
- If an error occurs.AbstractLoginModule.getAuthentication(Principal, Credentials)
protected boolean impersonate(Principal principal, Credentials credentials) throws RepositoryException, FailedLoginException
Current implementation takes User
for the given Principal and
delegates the check to
Impersonation.allows(javax.security.auth.Subject)
impersonate
in class AbstractLoginModule
principal
- Principal to impersonate.credentials
- Credentials used to create the impersonation subject.RepositoryException
FailedLoginException
- if credentials don't allow to impersonate to principalAbstractLoginModule.impersonate(Principal, Credentials)
public boolean isDisableTokenAuth()
true
if token based authentication is disabled;
false
otherwise.public void setDisableTokenAuth(boolean disableTokenAuth)
disableTokenAuth
- true
to disable token based
authentication; false
otherwisepublic long getTokenExpiration()
public void setTokenExpiration(long tokenExpiration)
tokenExpiration
- Sets the configured expiration time (in milliseconds)
of login tokens.Copyright © 2004–2022 The Apache Software Foundation. All rights reserved.