Package org.apache.jackrabbit.oak.spi.security.authentication.external.impl

Class ExternalLoginModule

java.lang.Object

org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule

org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule

All Implemented Interfaces:

LoginModule

public class ExternalLoginModule
extends AbstractLoginModule

ExternalLoginModule implements a LoginModule that uses an ExternalIdentityProvider for authentication.

Field Summary

Fields

Modifier and Type	Field	Description
static String	PARAM_IDP_NAME	Name of the parameter that configures the name of the external identity provider.
static String	PARAM_SYNC_HANDLER_NAME	Name of the parameter that configures the name of the synchronization handler.

Fields inherited from class org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule

callbackHandler, options, SHARED_KEY_ATTRIBUTES, SHARED_KEY_CREDENTIALS, SHARED_KEY_LOGIN_NAME, SHARED_KEY_PRE_AUTH_LOGIN, sharedState, subject

Constructor Summary

Constructors

Constructor	Description
ExternalLoginModule()	Default constructor for the OSGIi LoginModuleFactory case and the default non-OSGi JAAS case.
ExternalLoginModule(ConfigurationParameters osgiConfig)	Creates a new ExternalLoginModule with the given OSGi config.

Method Summary

Modifier and Type	Method	Description
boolean	abort()
protected void	clearState()	Clear state information that has been created during LoginModule.login().
boolean	commit()
protected @NotNull Set<Class>	getSupportedCredentials()
void	initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> opts)
boolean	login()
boolean	logout()	Besteffort default implementation of LoginModule.logout(), which removes all principals and all public credentials of type Credentials and AuthInfo from the subject.
void	setIdpManager(@NotNull ExternalIdentityProviderManager idpManager)
void	setSyncManager(@NotNull SyncManager syncManager)

Methods inherited from class org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule

closeSystemSession, getCredentials, getLoginModuleMonitor, getPrincipalProvider, getPrincipals, getPrincipals, getRoot, getSecurityProvider, getSharedCredentials, getSharedLoginName, getSharedPreAuthLogin, getUserManager, getWhiteboard, logout, onError, setAuthInfo

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PARAM_IDP_NAME

public static final String PARAM_IDP_NAME

Name of the parameter that configures the name of the external identity provider.

See Also:

Constant Field Values

PARAM_SYNC_HANDLER_NAME

public static final String PARAM_SYNC_HANDLER_NAME

Name of the parameter that configures the name of the synchronization handler.

See Also:

Constant Field Values

Constructor Detail

ExternalLoginModule

public ExternalLoginModule()

Default constructor for the OSGIi LoginModuleFactory case and the default non-OSGi JAAS case.

ExternalLoginModule

public ExternalLoginModule(ConfigurationParameters osgiConfig)

Creates a new ExternalLoginModule with the given OSGi config.

Parameters:

osgiConfig - the config

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,?> sharedState,
                       Map<String,?> opts)

Specified by:

initialize in interface LoginModule

Overrides:

initialize in class AbstractLoginModule

login

public boolean login()
              throws LoginException

Throws:

LoginException

commit

public boolean commit()

abort

public boolean abort()

Specified by:

abort in interface LoginModule

Overrides:

abort in class AbstractLoginModule

logout

public boolean logout()
               throws LoginException

Description copied from class: AbstractLoginModule

Besteffort default implementation of LoginModule.logout(), which removes all principals and all public credentials of type Credentials and AuthInfo from the subject. It will return false, if either principal set or credentials set is empty. Note, that this implementation is not able to only remove those principals/credentials that have been added by this very login module instance. Therefore subclasses should overwrite this method to provide a fully compliant solution of AbstractLoginModule.logout(). They may however take advantage of AbstractLoginModule.logout(Set, Set) in order to simplify the implementation of a logout that is compatible with the LoginModule.logout() contract incorporating the additional recommendations highlighted at JAAS LoginModule Dev Guide

Specified by:

logout in interface LoginModule

Overrides:

logout in class AbstractLoginModule

Returns:

true if neither principals nor public credentials of type Credentials or AuthInfo stored in the Subject are empty; false otherwise

Throws:

LoginException - if the subject is readonly and destroying Destroyable credentials fails with DestroyFailedException.

clearState

protected void clearState()

Description copied from class: AbstractLoginModule

Clear state information that has been created during LoginModule.login().

Overrides:

clearState in class AbstractLoginModule

getSupportedCredentials

@NotNull
protected @NotNull Set<Class> getSupportedCredentials()

Specified by:

getSupportedCredentials in class AbstractLoginModule

Returns:

the set of credentials classes as exposed by the configured CredentialsSupport implementation.

setSyncManager

public void setSyncManager(@NotNull
                           @NotNull SyncManager syncManager)

setIdpManager

public void setIdpManager(@NotNull
                          @NotNull ExternalIdentityProviderManager idpManager)