BaseCertLoginModule (Red Hat JBoss Enterprise Application Platform 7.1.0.Beta1 public API)

java.lang.Object
- org.jboss.security.auth.spi.AbstractServerLoginModule
- - org.jboss.security.auth.spi.BaseCertLoginModule

All Implemented Interfaces:

LoginModule

Direct Known Subclasses:

CertRolesLoginModule, DatabaseCertLoginModule
```
public class BaseCertLoginModule
extends AbstractServerLoginModule
```
Base Login Module that uses X509Certificates as credentials for authentication. This login module uses X509Certificates as a credential. It takes the cert as an object and checks to see if the alias in the truststore/keystore contains the same certificate. Subclasses of this module should implement the getRoleSets() method defined by AbstractServerLoginModule. Much of this module was patterned after the UserNamePasswordLoginModule.

Version:

$Revision$

Author:

Jason Essington, Scott.Stark@jboss.org

Field Summary
- Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
  callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass

Constructor Summary

Constructors
Constructor and Description

BaseCertLoginModule()

Constructors
Constructor and Description
`BaseCertLoginModule()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`commit()` Override to add the X509Certificate to the public credentials
`protected Object[]`	`getAliasAndCert()`
`protected Object`	`getCredentials()`
`protected Principal`	`getIdentity()` Overriden by subclasses to return the Principal that corresponds to the user primary identity.
`protected Group[]`	`getRoleSets()` Subclasses need to override this to provide the roles for authorization
`protected String`	`getUsername()`
`void`	`initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)` Override the super version to pickup the following options after first calling the super method.
`boolean`	`login()` Perform the authentication of the username and password.
`protected boolean`	`validateCredential(String alias, X509Certificate cert)`

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, addValidOptions, checkOptions, createGroup, createIdentity, getCallerPrincipalGroup, getUnauthenticatedIdentity, getUseFirstPass, logout

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - BaseCertLoginModule
```
public BaseCertLoginModule()
```
- Method Detail
  - initialize
```
public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,?> sharedState,
                       Map<String,?> options)
```
    Override the super version to pickup the following options after first calling the super method. option: securityDomain - the name of the SecurityDomain to obtain the trust and keystore from. option: verifier - the class name of the X509CertificateVerifier to use for verification of the login certificate
    
    Specified by:
    
    initialize in interface LoginModule
    
    Overrides:
    
    initialize in class AbstractServerLoginModule
    
    Parameters:
    
    subject - the Subject to update after a successful login.
    
    callbackHandler - the CallbackHandler that will be used to obtain the the user identity and credentials.
    
    sharedState - a Map shared between all configured login module instances
    
    options - the parameters passed to the login module.
    
    See Also:
    
    SecurityDomain, X509CertificateVerifier
  - login
```
public boolean login()
              throws LoginException
```
    Perform the authentication of the username and password.
    
    Specified by:
    
    login in interface LoginModule
    
    Overrides:
    
    login in class AbstractServerLoginModule
    
    Throws:
    
    LoginException
  - commit
```
public boolean commit()
               throws LoginException
```
    Override to add the X509Certificate to the public credentials
    
    Specified by:
    
    commit in interface LoginModule
    
    Overrides:
    
    commit in class AbstractServerLoginModule
    
    Returns:
    
    Throws:
    
    LoginException
    
    See Also:
    
    Subject;, Group;
  - getRoleSets
```
protected Group[] getRoleSets()
                       throws LoginException
```
    Subclasses need to override this to provide the roles for authorization
    
    Specified by:
    
    getRoleSets in class AbstractServerLoginModule
    
    Returns:
    
    Throws:
    
    LoginException
  - getIdentity
```
protected Principal getIdentity()
```
    Description copied from class: AbstractServerLoginModule
    
    Overriden by subclasses to return the Principal that corresponds to the user primary identity.
    
    Specified by:
    
    getIdentity in class AbstractServerLoginModule
  - getCredentials
```
protected Object getCredentials()
```
  - getUsername
```
protected String getUsername()
```
  - getAliasAndCert
```
protected Object[] getAliasAndCert()
                            throws LoginException
```
    Throws:
    
    LoginException
  - validateCredential
```
protected boolean validateCredential(String alias,
                                     X509Certificate cert)
```

Class BaseCertLoginModule

Field Summary

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

Constructor Summary

Method Summary

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

Methods inherited from class java.lang.Object

Constructor Detail

BaseCertLoginModule

Method Detail

initialize

login

commit

getRoleSets

getIdentity

getCredentials

getUsername

getAliasAndCert

validateCredential