public abstract class UsernamePasswordLoginModule extends AbstractServerLoginModule
Subclasses override the getUsersPassword()
and getRoleSets()
methods to return the expected password and roles
for the user.
getUsername()
,
getUsersPassword()
,
AbstractServerLoginModule.getRoleSets()
,
AbstractServerLoginModule.createIdentity(String)
callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
Constructor and Description |
---|
UsernamePasswordLoginModule() |
Modifier and Type | Method and Description |
---|---|
protected String |
createPasswordHash(String username,
String password,
String digestOption)
If hashing is enabled, this method is called from
login()
prior to password validation. |
protected Object |
getCredentials() |
protected Principal |
getIdentity()
Overriden by subclasses to return the Principal that corresponds to
the user primary identity.
|
protected Principal |
getUnauthenticatedIdentity() |
protected String |
getUsername() |
protected String[] |
getUsernameAndPassword()
Called by login() to acquire the username and password strings for
authentication.
|
protected abstract String |
getUsersPassword()
Get the expected password for the current username available via
the getUsername() method.
|
protected Throwable |
getValidateError()
Get the error associated with the validatePassword failure
|
void |
initialize(Subject subject,
CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
Override the superclass method to look for the following options after
first invoking the super version.
|
boolean |
login()
Perform the authentication of the username and password.
|
protected void |
safeClose(InputStream fis) |
protected void |
setValidateError(Throwable validateError)
Set the error associated with the validatePassword failure
|
protected boolean |
validatePassword(String inputPassword,
String expectedPassword)
A hook that allows subclasses to change the validation of the input
password against the expected password.
|
abort, addValidOptions, checkOptions, commit, createGroup, createIdentity, getCallerPrincipalGroup, getRoleSets, getUseFirstPass, logout
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
initialize
in interface LoginModule
initialize
in class AbstractServerLoginModule
options
- :
option: hashAlgorithm - the message digest algorithm used to hash passwords.
If null then plain passwords will be used.
option: hashCharset - the name of the charset/encoding to use when converting
the password String to a byte array. Default is the platform's default
encoding.
option: hashEncoding - the string encoding format to use. Defaults to base64.
option: ignorePasswordCase: A flag indicating if the password comparison
should ignore case.
option: digestCallback - The class name of the DigestCallback DigestCallback
implementation that includes pre/post digest content like salts for hashing
the input password. Only used if hashAlgorithm has been specified.
option: hashStorePassword - A flag indicating if the store password returned
from #getUsersPassword() should be hashed .
option: hashUserPassword - A flag indicating if the user entered password should be hashed.
option: storeDigestCallback - The class name of the DigestCallback DigestCallback
implementation that includes pre/post digest content like salts for hashing
the store/expected password. Only used if hashStorePassword or hashUserPassword is true and
hashAlgorithm has been specified.subject
- the Subject to update after a successful login.callbackHandler
- the CallbackHandler that will be used to obtain the
the user identity and credentials.sharedState
- a Map shared between all configured login module instancespublic boolean login() throws LoginException
login
in interface LoginModule
login
in class AbstractServerLoginModule
LoginException
protected Principal getIdentity()
AbstractServerLoginModule
getIdentity
in class AbstractServerLoginModule
protected Principal getUnauthenticatedIdentity()
getUnauthenticatedIdentity
in class AbstractServerLoginModule
protected Object getCredentials()
protected String getUsername()
protected String[] getUsernameAndPassword() throws LoginException
LoginException
- thrown if CallbackHandler is not set or fails.protected String createPasswordHash(String username, String password, String digestOption) throws LoginException
login()
prior to password validation.
Subclasses may override it to provide customized password hashing, for example by adding user-specific information or salting. If the legacyCreatePasswordHash option is set, this method tries to delegate to the legacy createPasswordHash(String, String) method via reflection and this is the value returned.
The default version calculates the hash based on the following options:
validatePassword()
to fail.username
- ignored in default versionpassword
- the password string to be hasheddigestOption
- - the login module option name of the DigestCallbackSecurityException
- - thrown if there is a failure to load the
digestOption DigestCallbackLoginException
protected Throwable getValidateError()
protected void setValidateError(Throwable validateError)
validateError
- protected boolean validatePassword(String inputPassword, String expectedPassword)
protected abstract String getUsersPassword() throws LoginException
LoginException
protected void safeClose(InputStream fis)
Copyright © 2016 JBoss by Red Hat. All rights reserved.