Package org.ldaptive.jaas

Class AbstractLoginModule

java.lang.Object
org.ldaptive.jaas.AbstractLoginModule
All Implemented Interfaces:
LoginModule
Direct Known Subclasses:
LdapDnAuthorizationModule, LdapLoginModule, LdapRoleAuthorizationModule
public abstract class AbstractLoginModule extends Object implements LoginModule
Provides functionality common to ldap based JAAS login modules.

  • Field Details

    • LOGIN_NAME

      public static final String LOGIN_NAME
      Constant for login name stored in shared state.
      See Also:

    • LOGIN_DN

      public static final String LOGIN_DN
      Constant for entryDn stored in shared state.
      See Also:

    • LOGIN_PASSWORD

      public static final String LOGIN_PASSWORD
      Constant for login password stored in shared state.
      See Also:

    • logger

      protected final Logger logger
      Logger for this class.

    • defaultRole

      protected final List<LdapRole> defaultRole
      Default roles.

    • subject

      protected Subject subject
      Initialized subject.

    • callbackHandler

      protected CallbackHandler callbackHandler
      Initialized callback handler.

    • sharedState

      protected Map sharedState
      Shared state from other login module.

    • useFirstPass

      protected boolean useFirstPass
      Whether credentials from the shared state should be used.

    • tryFirstPass

      protected boolean tryFirstPass
      Whether credentials from the shared state should be used if they are available.

    • storePass

      protected boolean storePass
      Whether credentials should be stored in the shared state map.

    • clearPass

      protected boolean clearPass
      Whether credentials should be removed from the shared state map.

    • setLdapPrincipal

      protected boolean setLdapPrincipal
      Whether ldap principal data should be set.

    • setLdapDnPrincipal

      protected boolean setLdapDnPrincipal
      Whether ldap dn principal data should be set.

    • setLdapCredential

      protected boolean setLdapCredential
      Whether ldap credential data should be set.

    • principalGroupName

      protected String principalGroupName
      Name of group to add all principals to.

    • roleGroupName

      protected String roleGroupName
      Name of group to add all roles to.

    • loginSuccess

      protected boolean loginSuccess
      Whether authentication was successful.

    • commitSuccess

      protected boolean commitSuccess
      Whether commit was successful.

    • principals

      protected Set<Principal> principals
      Principals to add to the subject.

    • credentials

      protected Set<LdapCredential> credentials
      Credentials to add to the subject.

    • roles

      protected Set<Principal> roles
      Roles to add to the subject.

  • Constructor Details

    • AbstractLoginModule

      public AbstractLoginModule()

  • Method Details

    • initialize

      public void initialize(Subject subj, CallbackHandler handler, Map<String,?> state, Map<String,?> options)
      Specified by:
      initialize in interface LoginModule

    • login

      public boolean login() throws LoginException
      Specified by:
      login in interface LoginModule
      Throws:
      LoginException

    • login

      protected abstract boolean login(NameCallback nameCb, PasswordCallback passCb) throws LoginException
      Authenticates a Subject with the supplied callbacks.
      Parameters:
      nameCb - callback handler for subject's name
      passCb - callback handler for subject's password
      Returns:
      true if authentication succeeded, false to ignore this module
      Throws:
      LoginException - if the authentication fails

    • commit

      public boolean commit() throws LoginException
      Specified by:
      commit in interface LoginModule
      Throws:
      LoginException

    • abort

      public boolean abort() throws LoginException
      Specified by:
      abort in interface LoginModule
      Throws:
      LoginException

    • logout

      public boolean logout() throws LoginException
      Specified by:
      logout in interface LoginModule
      Throws:
      LoginException

    • clearState

      protected void clearState()
      Removes any stateful principals, credentials, or roles stored by login. Also removes shared state name, dn, and password if clearPass is set.

    • getCredentials

      protected void getCredentials(NameCallback nameCb, PasswordCallback passCb, boolean useCallback) throws LoginException
      Attempts to retrieve credentials for the supplied name and password callbacks. If useFirstPass or tryFirstPass is set, then name and password data is retrieved from shared state. Otherwise, a callback handler is used to get the data. Set useCallback to force a callback handler to be used.
      Parameters:
      nameCb - to set name for
      passCb - to set password for
      useCallback - whether to force a callback handler
      Throws:
      LoginException - if the callback handler fails

    • storeCredentials

      protected void storeCredentials(NameCallback nameCb, PasswordCallback passCb, String loginDn)
      Stores the supplied name, password, and entry dn in the stored state map. storePass must be set for this method to have any affect.
      Parameters:
      nameCb - to store
      passCb - to store
      loginDn - to store