org.jboss.security.auth.spi

Class RoleMappingLoginModule

java.lang.Object

org.jboss.security.auth.spi.AbstractServerLoginModule

org.jboss.security.auth.spi.RoleMappingLoginModule

All Implemented Interfaces:

LoginModule

public class RoleMappingLoginModule
extends AbstractServerLoginModule

JBAS-3323: Role Mapping Login Module that maps application role to declarative role - You will need to provide a properties file name with the option "rolesProperties" which has the role to be replaced as the key and a comma-separated role names as replacements. - This module should be used with the "optional" mode, as it just adds onto the authenticated subject

Since:

Jun 22, 2006

Version:

$Revision$

Author:

Anil Saldhana

Field Summary

Fields

Modifier and Type	Field and Description
protected boolean	REPLACE_ROLE Should the matching role be replaced

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass

Constructor Summary

Constructors

Constructor and Description
RoleMappingLoginModule()

Method Summary

Modifier and Type	Method and Description
protected Principal	getIdentity() Overriden by subclasses to return the Principal that corresponds to the user primary identity.
protected Group[]	getRoleSets() Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user.
void	initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options) Initialize the login module.
boolean	login() Looks for javax.security.auth.login.name and javax.security.auth.login.password values in the sharedState map if the useFirstPass option was true and returns true if they exist.

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

abort, addValidOptions, checkOptions, commit, createGroup, createIdentity, getCallerPrincipalGroup, getUnauthenticatedIdentity, getUseFirstPass, logout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

REPLACE_ROLE

protected boolean REPLACE_ROLE

Should the matching role be replaced

Constructor Detail

RoleMappingLoginModule

public RoleMappingLoginModule()

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,?> sharedState,
                       Map<String,?> options)

Description copied from class: AbstractServerLoginModule

Initialize the login module. This stores the subject, callbackHandler and sharedState and options for the login session. Subclasses should override if they need to process their own options. A call to super.initialize(...) must be made in the case of an override.

Specified by:

initialize in interface LoginModule

Overrides:

initialize in class AbstractServerLoginModule

Parameters:

subject - the Subject to update after a successful login.

callbackHandler - the CallbackHandler that will be used to obtain the the user identity and credentials.

sharedState - a Map shared between all configured login module instances

options - the parameters passed to the login module.

login

public boolean login()
              throws LoginException

Description copied from class: AbstractServerLoginModule

Looks for javax.security.auth.login.name and javax.security.auth.login.password values in the sharedState map if the useFirstPass option was true and returns true if they exist. If they do not or are null this method returns false. Note that subclasses that override the login method must set the loginOk ivar to true if the login succeeds in order for the commit phase to populate the Subject. This implementation sets loginOk to true if the login() method returns true, otherwise, it sets loginOk to false.

Specified by:

login in interface LoginModule

Overrides:

login in class AbstractServerLoginModule

Throws:

LoginException

See Also:

LoginModule.login()

getIdentity

protected Principal getIdentity()

Description copied from class: AbstractServerLoginModule

Overriden by subclasses to return the Principal that corresponds to the user primary identity.

Specified by:

getIdentity in class AbstractServerLoginModule

See Also:

AbstractServerLoginModule.getIdentity()

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException

Description copied from class: AbstractServerLoginModule

Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user. Subclasses should create at least a Group named "Roles" that contains the roles assigned to the user. A second common group is "CallerPrincipal" that provides the application identity of the user rather than the security domain identity.

Specified by:

getRoleSets in class AbstractServerLoginModule

Returns:

Group[] containing the sets of roles

Throws:

LoginException

See Also:

AbstractServerLoginModule.getRoleSets()