org.jboss.security.negotiation

Class KerberosLoginModule

java.lang.Object

org.jboss.security.negotiation.KerberosLoginModule

All Implemented Interfaces:

LoginModule

public class KerberosLoginModule
extends Object
implements LoginModule

A Kerberos LoginModule that wraps the JDK supplied module and has the additional capability of adding a GSSCredential to the populated Subject

Author:

Darran Lofthouse

Field Summary

Fields

Modifier and Type	Field and Description
static String	ADD_GSS_CREDENTIAL Module option to enable adding a GSSCredential to the private credentials of the populated Subject.
static String	CREDENTIAL_LIFETIME The lifetime in seconds of the GSSCredential, a negative value will set this to GSSCredential.INDEFINITE_LIFETIME.
static String	DELEGATION_CREDENTIAL Module option to configure how this LoginModule handles delegation credentials.
static String	WRAP_GSS_CREDENTIAL Module option to specify if any GSSCredential being added to the Subject should be wrapped to prevent disposal.

Constructor Summary

Constructors

Constructor and Description
KerberosLoginModule()

Method Summary

Methods

Modifier and Type	Method and Description
boolean	abort()
boolean	commit()
void	initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
boolean	login()
boolean	logout()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DELEGATION_CREDENTIAL

public static final String DELEGATION_CREDENTIAL

Module option to configure how this LoginModule handles delegation credentials. IGNORE - (Default) Do not use the delegation credential, just perform normal Kerberos authentication. USE - If a GSSCredential is available use it to populate the Subject, if it is not available fall back to standard Kerberos authentication. REQUIRE - Require that a GSSCredential is available and use it to populate the Subject, if it is not available then fail authentication.

See Also:

Constant Field Values

ADD_GSS_CREDENTIAL

public static final String ADD_GSS_CREDENTIAL

Module option to enable adding a GSSCredential to the private credentials of the populated Subject. Defaults to false.

See Also:

Constant Field Values

WRAP_GSS_CREDENTIAL

public static final String WRAP_GSS_CREDENTIAL

Module option to specify if any GSSCredential being added to the Subject should be wrapped to prevent disposal. Has no effect if a GSSCredential is not being added to the Subject. Defaults to false.

See Also:

Constant Field Values

CREDENTIAL_LIFETIME

public static final String CREDENTIAL_LIFETIME

The lifetime in seconds of the GSSCredential, a negative value will set this to GSSCredential.INDEFINITE_LIFETIME. Defaults to GSSCredential.DEFAULT_LIFETIME

See Also:

Constant Field Values

Constructor Detail

KerberosLoginModule

public KerberosLoginModule()

Method Detail

initialize

public void initialize(Subject subject,
              CallbackHandler callbackHandler,
              Map<String,?> sharedState,
              Map<String,?> options)

Specified by:

initialize in interface LoginModule

login

public boolean login()
              throws LoginException

Specified by:

login in interface LoginModule

Throws:

LoginException

commit

public boolean commit()
               throws LoginException

Specified by:

commit in interface LoginModule

Throws:

LoginException

abort

public boolean abort()
              throws LoginException

Specified by:

abort in interface LoginModule

Throws:

LoginException

logout

public boolean logout()
               throws LoginException

Specified by:

logout in interface LoginModule

Throws:

LoginException