public abstract class SAMLTokenCertValidatingCommonLoginModule extends SAMLTokenFromHttpRequestAbstractLoginModule
Modifier and Type | Field and Description |
---|---|
protected AssertionType |
assertion |
protected SamlCredential |
credential |
protected boolean |
enableCacheInvalidation |
static String |
ENDPOINT_ADDRESS
Key to specify the end point address
|
protected boolean |
localTestingOnly |
protected String |
localValidationSecurityDomain |
protected Map<String,Object> |
options
Options that are computed by this login module.
|
static String |
PASSWORD_KEY
Key to specify the password
|
static String |
PORT_NAME
Key to specify the port name
|
protected Principal |
principal |
protected Map<String,Object> |
rawOptions
Original Options that are sent by the JDK JAAS Framework
|
protected String |
roleKey |
protected String |
securityDomain |
static String |
SERVICE_NAME
Key to specify the service name
|
static String |
STS_CONFIG_FILE
This is an option that should identify the configuration file for WSTrustClient.
|
static String |
USERNAME_KEY
Key to specify the username
|
BASE64_TOKEN_ENCODING, GZIP_TOKEN_ENCODING, logger, NONE_TOKEN_ENCODING, REG_EX_GROUP_KEY, REG_EX_PATTERN_KEY, SAML_TOKEN_HTTP_HEADER_KEY, TOKEN_ENCODING_TYPE_KEY, tokenEncoding, WEB_REQUEST_KEY
callbackHandler, jbossModuleName, log, loginOk, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
Constructor and Description |
---|
SAMLTokenCertValidatingCommonLoginModule() |
Modifier and Type | Method and Description |
---|---|
boolean |
abort()
Called if the overall authentication failed (phase 2).
|
boolean |
commit()
Method to commit the authentication process (phase 2).
|
protected JBossAuthCacheInvalidationFactory.TimeCacheExpiry |
getCacheExpiry() |
protected Principal |
getIdentity()
Overriden by subclasses to return the Principal that corresponds to
the user primary identity.
|
protected abstract KeyStore |
getKeyStore()
Binding dependent version of getting configured keyStore.
|
protected Group[] |
getRoleSets()
Overriden by subclasses to return the Groups that correspond to the
to the role sets assigned to the user.
|
void |
initialize(Subject subject,
CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
Initialize the login module.
|
boolean |
login()
Looks for javax.security.auth.login.name and javax.security.auth.login.password
values in the sharedState map if the useFirstPass option was true and returns
true if they exist.
|
boolean |
logout()
Remove the user identity and roles added to the Subject during commit.
|
protected void |
validateCertPath(X509Certificate certificate)
Validate certificate path against keystore specified as SecurityDomain in module-option.
|
getCredentialFromHttpRequest, getSamlTokenHttpHeader, getSamlTokenHttpHeaderRegEx, getSamlTokenHttpHeaderRegExGroup, getTokenEncoding
addValidOptions, checkOptions, createGroup, createIdentity, getCallerPrincipalGroup, getUnauthenticatedIdentity, getUseFirstPass
protected Principal principal
protected SamlCredential credential
protected AssertionType assertion
protected boolean enableCacheInvalidation
protected String securityDomain
protected String localValidationSecurityDomain
protected String roleKey
protected Map<String,Object> options
protected Map<String,Object> rawOptions
public static final String STS_CONFIG_FILE
public static final String ENDPOINT_ADDRESS
public static final String PORT_NAME
public static final String SERVICE_NAME
public static final String USERNAME_KEY
public static final String PASSWORD_KEY
protected boolean localTestingOnly
public SAMLTokenCertValidatingCommonLoginModule()
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
AbstractServerLoginModule
initialize
in interface LoginModule
initialize
in class SAMLTokenFromHttpRequestAbstractLoginModule
subject
- the Subject to update after a successful login.callbackHandler
- the CallbackHandler that will be used to obtain the
the user identity and credentials.sharedState
- a Map shared between all configured login module instancesoptions
- the parameters passed to the login module.public boolean login() throws LoginException
AbstractServerLoginModule
login
in interface LoginModule
login
in class AbstractServerLoginModule
LoginException
public boolean commit() throws LoginException
AbstractServerLoginModule
commit
in interface LoginModule
commit
in class AbstractServerLoginModule
LoginException
Subject;
,
Group;
public boolean abort() throws LoginException
abort
in interface LoginModule
abort
in class AbstractServerLoginModule
LoginException
public boolean logout() throws LoginException
AbstractServerLoginModule
logout
in interface LoginModule
logout
in class AbstractServerLoginModule
LoginException
protected Principal getIdentity()
AbstractServerLoginModule
getIdentity
in class AbstractServerLoginModule
protected Group[] getRoleSets() throws LoginException
AbstractServerLoginModule
getRoleSets
in class AbstractServerLoginModule
LoginException
protected JBossAuthCacheInvalidationFactory.TimeCacheExpiry getCacheExpiry() throws Exception
Exception
protected void validateCertPath(X509Certificate certificate) throws LoginException
cert
- LoginException
Copyright © 2019 JBoss by Red Hat. All rights reserved.