Class ExternalLoginModule
java.lang.Object
org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule
- All Implemented Interfaces:
LoginModule
ExternalLoginModule
implements a LoginModule
that uses an
ExternalIdentityProvider
for authentication.-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
Name of the parameter that configures the name of the external identity provider.static final String
Name of the parameter that configures the name of the synchronization handler.Fields inherited from class org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
callbackHandler, options, SHARED_KEY_ATTRIBUTES, SHARED_KEY_CREDENTIALS, SHARED_KEY_LOGIN_NAME, SHARED_KEY_PRE_AUTH_LOGIN, sharedState, subject
-
Constructor Summary
ConstructorsConstructorDescriptionDefault constructor for the OSGIi LoginModuleFactory case and the default non-OSGi JAAS case.ExternalLoginModule
(ConfigurationParameters osgiConfig) Creates a new ExternalLoginModule with the given OSGi config. -
Method Summary
Modifier and TypeMethodDescriptionboolean
abort()
protected void
Clear state information that has been created duringLoginModule.login()
.boolean
commit()
void
initialize
(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> opts) boolean
login()
boolean
logout()
Besteffort default implementation ofLoginModule.logout()
, which removes all principals and all public credentials of typeCredentials
andAuthInfo
from the subject.void
setIdpManager
(@NotNull ExternalIdentityProviderManager idpManager) void
setSyncManager
(@NotNull SyncManager syncManager) Methods inherited from class org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
closeSystemSession, getCredentials, getLoginModuleMonitor, getPrincipalProvider, getPrincipals, getPrincipals, getRoot, getSecurityProvider, getSharedCredentials, getSharedLoginName, getSharedPreAuthLogin, getUserManager, getWhiteboard, logout, onError, setAuthInfo
-
Field Details
-
PARAM_IDP_NAME
Name of the parameter that configures the name of the external identity provider.- See Also:
-
PARAM_SYNC_HANDLER_NAME
Name of the parameter that configures the name of the synchronization handler.- See Also:
-
-
Constructor Details
-
ExternalLoginModule
public ExternalLoginModule()Default constructor for the OSGIi LoginModuleFactory case and the default non-OSGi JAAS case. -
ExternalLoginModule
Creates a new ExternalLoginModule with the given OSGi config.- Parameters:
osgiConfig
- the config
-
-
Method Details
-
initialize
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> opts) - Specified by:
initialize
in interfaceLoginModule
- Overrides:
initialize
in classAbstractLoginModule
-
login
- Throws:
LoginException
-
commit
public boolean commit() -
abort
public boolean abort()- Specified by:
abort
in interfaceLoginModule
- Overrides:
abort
in classAbstractLoginModule
-
logout
Description copied from class:AbstractLoginModule
Besteffort default implementation ofLoginModule.logout()
, which removes all principals and all public credentials of typeCredentials
andAuthInfo
from the subject. It will returnfalse
, if either principal set or credentials set is empty. Note, that this implementation is not able to only remove those principals/credentials that have been added bythis
very login module instance. Therefore subclasses should overwrite this method to provide a fully compliant solution ofAbstractLoginModule.logout()
. They may however take advantage ofAbstractLoginModule.logout(Set, Set)
in order to simplify the implementation of a logout that is compatible with theLoginModule.logout()
contract incorporating the additional recommendations highlighted at JAAS LoginModule Dev Guide- Specified by:
logout
in interfaceLoginModule
- Overrides:
logout
in classAbstractLoginModule
- Returns:
true
if neither principals nor public credentials of typeCredentials
orAuthInfo
stored in theSubject
are empty;false
otherwise- Throws:
LoginException
- if the subject is readonly and destroyingDestroyable
credentials fails withDestroyFailedException
.
-
clearState
protected void clearState()Description copied from class:AbstractLoginModule
Clear state information that has been created duringLoginModule.login()
.- Overrides:
clearState
in classAbstractLoginModule
-
getSupportedCredentials
- Specified by:
getSupportedCredentials
in classAbstractLoginModule
- Returns:
- the set of credentials classes as exposed by the configured
CredentialsSupport
implementation.
-
setSyncManager
-
setIdpManager
-