Package org.ldaptive.jaas
Class AbstractLoginModule
java.lang.Object
org.ldaptive.jaas.AbstractLoginModule
- All Implemented Interfaces:
LoginModule
- Direct Known Subclasses:
LdapDnAuthorizationModule
,LdapLoginModule
,LdapRoleAuthorizationModule
Provides functionality common to ldap based JAAS login modules.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected CallbackHandler
Initialized callback handler.protected boolean
Whether credentials should be removed from the shared state map.protected boolean
Whether commit was successful.protected Set<LdapCredential>
Credentials to add to the subject.Default roles.protected final org.slf4j.Logger
Logger for this class.static final String
Constant for entryDn stored in shared state.static final String
Constant for login name stored in shared state.static final String
Constant for login password stored in shared state.protected boolean
Whether authentication was successful.protected String
Name of group to add all principals to.Principals to add to the subject.protected String
Name of group to add all roles to.Roles to add to the subject.protected boolean
Whether ldap credential data should be set.protected boolean
Whether ldap dn principal data should be set.protected boolean
Whether ldap principal data should be set.protected Map
Shared state from other login module.protected boolean
Whether credentials should be stored in the shared state map.protected Subject
Initialized subject.protected boolean
Whether credentials from the shared state should be used if they are available.protected boolean
Whether credentials from the shared state should be used. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionboolean
abort()
protected void
Removes any stateful principals, credentials, or roles stored by login.boolean
commit()
protected void
getCredentials
(NameCallback nameCb, PasswordCallback passCb, boolean useCallback) Attempts to retrieve credentials for the supplied name and password callbacks.void
initialize
(Subject subj, CallbackHandler handler, Map<String, ?> state, Map<String, ?> options) boolean
login()
protected abstract boolean
login
(NameCallback nameCb, PasswordCallback passCb) Authenticates aSubject
with the supplied callbacks.boolean
logout()
protected void
storeCredentials
(NameCallback nameCb, PasswordCallback passCb, String loginDn) Stores the supplied name, password, and entry dn in the stored state map.
-
Field Details
-
LOGIN_NAME
Constant for login name stored in shared state.- See Also:
-
LOGIN_DN
Constant for entryDn stored in shared state.- See Also:
-
LOGIN_PASSWORD
Constant for login password stored in shared state.- See Also:
-
logger
protected final org.slf4j.Logger loggerLogger for this class. -
defaultRole
Default roles. -
subject
Initialized subject. -
callbackHandler
Initialized callback handler. -
useFirstPass
protected boolean useFirstPassWhether credentials from the shared state should be used. -
tryFirstPass
protected boolean tryFirstPassWhether credentials from the shared state should be used if they are available. -
storePass
protected boolean storePassWhether credentials should be stored in the shared state map. -
clearPass
protected boolean clearPassWhether credentials should be removed from the shared state map. -
setLdapPrincipal
protected boolean setLdapPrincipalWhether ldap principal data should be set. -
setLdapDnPrincipal
protected boolean setLdapDnPrincipalWhether ldap dn principal data should be set. -
setLdapCredential
protected boolean setLdapCredentialWhether ldap credential data should be set. -
principalGroupName
Name of group to add all principals to. -
roleGroupName
Name of group to add all roles to. -
loginSuccess
protected boolean loginSuccessWhether authentication was successful. -
commitSuccess
protected boolean commitSuccessWhether commit was successful. -
principals
Principals to add to the subject. -
credentials
Credentials to add to the subject. -
roles
Roles to add to the subject.
-
-
Constructor Details
-
AbstractLoginModule
public AbstractLoginModule()
-
-
Method Details
-
initialize
public void initialize(Subject subj, CallbackHandler handler, Map<String, ?> state, Map<String, ?> options) - Specified by:
initialize
in interfaceLoginModule
-
login
- Specified by:
login
in interfaceLoginModule
- Throws:
LoginException
-
login
protected abstract boolean login(NameCallback nameCb, PasswordCallback passCb) throws LoginException Authenticates aSubject
with the supplied callbacks.- Parameters:
nameCb
- callback handler for subject's namepassCb
- callback handler for subject's password- Returns:
- true if authentication succeeded, false to ignore this module
- Throws:
LoginException
- if the authentication fails
-
commit
- Specified by:
commit
in interfaceLoginModule
- Throws:
LoginException
-
abort
- Specified by:
abort
in interfaceLoginModule
- Throws:
LoginException
-
logout
- Specified by:
logout
in interfaceLoginModule
- Throws:
LoginException
-
clearState
protected void clearState()Removes any stateful principals, credentials, or roles stored by login. Also removes shared state name, dn, and password if clearPass is set. -
getCredentials
protected void getCredentials(NameCallback nameCb, PasswordCallback passCb, boolean useCallback) throws LoginException Attempts to retrieve credentials for the supplied name and password callbacks. If useFirstPass or tryFirstPass is set, then name and password data is retrieved from shared state. Otherwise a callback handler is used to get the data. Set useCallback to force a callback handler to be used.- Parameters:
nameCb
- to set name forpassCb
- to set password foruseCallback
- whether to force a callback handler- Throws:
LoginException
- if the callback handler fails
-
storeCredentials
Stores the supplied name, password, and entry dn in the stored state map. storePass must be set for this method to have any affect.- Parameters:
nameCb
- to storepassCb
- to storeloginDn
- to store
-