public final class TokenLoginModule extends AbstractLoginModule
LoginModule implementation that is able to handle login request
based on TokenCredentials. In combination with another login module
that handles other Credentials implementation this module will also
take care of creating new login tokens and the corresponding credentials
upon commit()that it will be able to deal with in subsequent
login calls.
LoginModule implementation performs the following tasks upon
login().
TokenCredentials credentials (see also
AbstractLoginModule.getCredentials())TokenAuthentication.authenticate(javax.jcr.Credentials)userId from the TokenInfo
and calculates the principals associated with that user,TokenProvider has been configured login() or if
no TokenCredentials can be obtained this module will return false.
commit() will
just populate the subject.
If the login was successfully handled by another module in the chain, the
TokenLoginModule will test if the login was associated with a
request for login token generation. This mandates that there are credentials
present on the shared state that fulfill the requirements defined by
TokenProvider.doCreateToken(javax.jcr.Credentials).
LoginModule could for
example look as follows:
jackrabbit.oak {
org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule sufficient;
org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl required;
};
In this case the TokenLoginModule would handle any login issued with
TokenCredentials while the second module would take care any other
credentials implementations as long they are supported by the module. In
addition the TokenLoginModule will issue a new token if the login
succeeded and the credentials provided by the shared state can be used
to issue a new login token (see TokenProvider.doCreateToken(javax.jcr.Credentials).
jackrabbit.oak {
org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule required;
};
If the TokenLoginModule as single entry in the login configuration
the login token must be generated by the application by calling
TokenProvider.createToken(Credentials) or
TokenProvider.createToken(String, java.util.Map).callbackHandler, options, SHARED_KEY_ATTRIBUTES, SHARED_KEY_CREDENTIALS, SHARED_KEY_LOGIN_NAME, SHARED_KEY_PRE_AUTH_LOGIN, sharedState, subject| Constructor and Description |
|---|
TokenLoginModule() |
| Modifier and Type | Method and Description |
|---|---|
protected void |
clearState()
Clear state information that has been created during
LoginModule.login(). |
boolean |
commit() |
protected @NotNull Set<Class> |
getSupportedCredentials() |
boolean |
login() |
abort, getCredentials, getLoginModuleMonitor, getPrincipalProvider, getPrincipals, getPrincipals, getRoot, getSecurityProvider, getSharedCredentials, getSharedLoginName, getSharedPreAuthLogin, getUserManager, getWhiteboard, initialize, logout, onError, setAuthInfopublic boolean login()
throws LoginException
LoginExceptionpublic boolean commit()
throws LoginException
LoginException@NotNull protected @NotNull Set<Class> getSupportedCredentials()
getSupportedCredentials in class AbstractLoginModuleprotected void clearState()
AbstractLoginModuleLoginModule.login().clearState in class AbstractLoginModuleCopyright © 2012–2019 The Apache Software Foundation. All rights reserved.