BaseCertLoginModule (JBoss Security(JBossSX) API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jboss.security.auth.spi
Class BaseCertLoginModule

java.lang.Object
  org.jboss.security.auth.spi.AbstractServerLoginModule
      org.jboss.security.auth.spi.BaseCertLoginModule

All Implemented Interfaces:: LoginModule

Direct Known Subclasses:: CertRolesLoginModule, DatabaseCertLoginModule

public class BaseCertLoginModule
extends AbstractServerLoginModule
extends AbstractServerLoginModule

Base Login Module that uses X509Certificates as credentials for authentication. This login module uses X509Certificates as a credential. It takes the cert as an object and checks to see if the alias in the truststore/keystore contains the same certificate. Subclasses of this module should implement the getRoleSets() method defined by AbstractServerLoginModule. Much of this module was patterned after the UserNamePasswordLoginModule.

Version:: $Revision: 1.4.2.4 $
Author:: Jason Essington, Scott.Stark@jboss.org

Field Summary

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
`callbackHandler, log, loginOk, options, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass`

Constructor Summary
`BaseCertLoginModule()`

Method Summary
`boolean`	`commit()` Override to add the X509Certificate to the public credentials
`protected Object[]`	`getAliasAndCert()`
`protected Object`	`getCredentials()`
`protected Principal`	`getIdentity()` Overriden by subclasses to return the Principal that corresponds to the user primary identity.
`protected Group[]`	`getRoleSets()` Subclasses need to override this to provide the roles for authorization
`protected String`	`getUsername()`
`void`	`initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)` Override the super version to pickup the following options after first calling the super method.
`boolean`	`login()` Perform the authentication of the username and password.
`protected boolean`	`validateCredential(String alias, X509Certificate cert)`

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
`abort, createGroup, createIdentity, getUnauthenticatedIdentity, getUseFirstPass, logout`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

BaseCertLoginModule

public BaseCertLoginModule()

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map sharedState,
                       Map options)

Override the super version to pickup the following options after first calling the super method. option: securityDomain - the name of the SecurityDomain to obtain the trust and keystore from. option: verifier - the class name of the X509CertificateVerifier to use for verification of the login certificate

Specified by:: initialize in interface LoginModule
Overrides:: initialize in class AbstractServerLoginModule

Parameters:: subject - the Subject to update after a successful login.; callbackHandler - the CallbackHandler that will be used to obtain the the user identity and credentials.; sharedState - a Map shared between all configured login module instances; options - the parameters passed to the login module.
See Also:: SecurityDomain, X509CertificateVerifier

login

public boolean login()
              throws LoginException

Perform the authentication of the username and password.

Specified by:: login in interface LoginModule
Overrides:: login in class AbstractServerLoginModule

Throws:: LoginException

commit

public boolean commit()
               throws LoginException

Override to add the X509Certificate to the public credentials

Specified by:: commit in interface LoginModule
Overrides:: commit in class AbstractServerLoginModule

Returns:
Throws:: LoginException
See Also:: Subject;, Group;

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException

Subclasses need to override this to provide the roles for authorization

Specified by:: getRoleSets in class AbstractServerLoginModule

Returns:
Throws:: LoginException

getIdentity

protected Principal getIdentity()

Description copied from class: AbstractServerLoginModule

Overriden by subclasses to return the Principal that corresponds to the user primary identity.

Specified by:: getIdentity in class AbstractServerLoginModule

getCredentials

protected Object getCredentials()

getUsername

protected String getUsername()

getAliasAndCert

protected Object[] getAliasAndCert()
                            throws LoginException

Throws:: LoginException

validateCredential

protected boolean validateCredential(String alias,
                                     X509Certificate cert)