public final class LoginModuleImpl extends AbstractLoginModule
Credentials
against the repository. Based on the credentials the Principal
s
associated with user are retrieved from a configurable
PrincipalProvider
.
Credentials
are collected during login()
using the
following logic:
Credentials
as specified in Repository.login(javax.jcr.Credentials)
in which case they are retrieved from the CallbackHandler
.AbstractLoginModule.SHARED_KEY_CREDENTIALS
entry in the shared state. The
expected value is a validated single Credentials
object.Subject.getSubject(java.security.AccessControlContext)
LoginModule
currently supports the following
types of JCR Credentials:
The Credentials
obtained during the #login()
are added to
the shared state and - upon successful #commit()
to the Subject
.
AbstractLoginModule.getPrincipals(String)
. These principals
are finally added to the subject during #commit()
.
Session.impersonate(javax.jcr.Credentials)
is covered by this login module by the means of ImpersonationCredentials
.
Impersonation will succeed if the base credentials
refer to a valid user that has not been disabled. If the authenticating
subject is not allowed to impersonate the specified user, the login attempt
will fail with LoginException
.
Please note, that a user will always be allowed to impersonate him/herself
irrespective of the impersonation definitions exposed by
User.getImpersonation()
Modifier and Type | Field and Description |
---|---|
protected static java.util.Set<java.lang.Class> |
SUPPORTED_CREDENTIALS |
callbackHandler, options, SHARED_KEY_ATTRIBUTES, SHARED_KEY_CREDENTIALS, SHARED_KEY_LOGIN_NAME, SHARED_KEY_PRE_AUTH_LOGIN, sharedState, subject
Constructor and Description |
---|
LoginModuleImpl() |
Modifier and Type | Method and Description |
---|---|
protected void |
clearState()
Clear state information that has been created during
LoginModule.login() . |
boolean |
commit() |
protected @NotNull java.util.Set<java.lang.Class> |
getSupportedCredentials() |
boolean |
login() |
boolean |
logout()
Besteffort default implementation of
LoginModule.logout() , which removes all principals and all public
credentials of type Credentials and AuthInfo from the subject. |
abort, closeSystemSession, getCredentials, getLoginModuleMonitor, getPrincipalProvider, getPrincipals, getPrincipals, getRoot, getSecurityProvider, getSharedCredentials, getSharedLoginName, getSharedPreAuthLogin, getUserManager, getWhiteboard, initialize, logout, onError, setAuthInfo
protected static final java.util.Set<java.lang.Class> SUPPORTED_CREDENTIALS
public boolean login() throws javax.security.auth.login.LoginException
javax.security.auth.login.LoginException
public boolean commit()
public boolean logout() throws javax.security.auth.login.LoginException
AbstractLoginModule
LoginModule.logout()
, which removes all principals and all public
credentials of type Credentials
and AuthInfo
from the subject.
It will return false
, if either principal set or credentials set is empty.
Note, that this implementation is not able to only remove those principals/credentials that have been added
by this
very login module instance. Therefore subclasses should overwrite this method to provide a fully
compliant solution of AbstractLoginModule.logout()
. They may however take advantage of AbstractLoginModule.logout(Set, Set)
in order to simplify the implementation of a logout that is compatible with the LoginModule.logout()
contract incorporating the additional recommendations highlighted at
JAAS LoginModule Dev Guidelogout
in interface javax.security.auth.spi.LoginModule
logout
in class AbstractLoginModule
true
if neither principals nor public credentials of type Credentials
or AuthInfo
stored in the Subject
are empty; false
otherwisejavax.security.auth.login.LoginException
- if the subject is readonly and destroying Destroyable
credentials fails
with DestroyFailedException
.@NotNull protected @NotNull java.util.Set<java.lang.Class> getSupportedCredentials()
getSupportedCredentials
in class AbstractLoginModule
protected void clearState()
AbstractLoginModule
LoginModule.login()
.clearState
in class AbstractLoginModule
Copyright © 2012–2022 The Apache Software Foundation. All rights reserved.