org.jboss.security.auth.spi

Class BaseCertLoginModule

java.lang.Object

org.jboss.security.auth.spi.AbstractServerLoginModule

org.jboss.security.auth.spi.BaseCertLoginModule

All Implemented Interfaces:

LoginModule

Direct Known Subclasses:

CertRolesLoginModule, DatabaseCertLoginModule

public class BaseCertLoginModule
extends AbstractServerLoginModule

Base Login Module that uses X509Certificates as credentials for authentication. This login module uses X509Certificates as a credential. It takes the cert as an object and checks to see if the alias in the truststore/keystore contains the same certificate. Subclasses of this module should implement the getRoleSets() method defined by AbstractServerLoginModule. Much of this module was patterned after the UserNamePasswordLoginModule.

Version:

$Revision$

Author:

Jason Essington, Scott.Stark@jboss.org

Field Summary

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass

Constructor Summary

Constructors

Constructor and Description
BaseCertLoginModule()

Method Summary

Modifier and Type	Method and Description
boolean	commit() Override to add the X509Certificate to the public credentials
protected Object[]	getAliasAndCert()
protected Object	getCredentials()
protected Principal	getIdentity() Overriden by subclasses to return the Principal that corresponds to the user primary identity.
protected Group[]	getRoleSets() Subclasses need to override this to provide the roles for authorization
protected String	getUsername()
void	initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options) Override the super version to pickup the following options after first calling the super method.
boolean	login() Perform the authentication of the username and password.
protected boolean	validateCredential(String alias, X509Certificate cert)

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

abort, addValidOptions, checkOptions, createGroup, createIdentity, getCallerPrincipalGroup, getUnauthenticatedIdentity, getUseFirstPass, logout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BaseCertLoginModule

public BaseCertLoginModule()

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,?> sharedState,
                       Map<String,?> options)

Override the super version to pickup the following options after first calling the super method. option: securityDomain - the name of the SecurityDomain to obtain the trust and keystore from. option: verifier - the class name of the X509CertificateVerifier to use for verification of the login certificate

Specified by:

initialize in interface LoginModule

Overrides:

initialize in class AbstractServerLoginModule

Parameters:

subject - the Subject to update after a successful login.

callbackHandler - the CallbackHandler that will be used to obtain the the user identity and credentials.

sharedState - a Map shared between all configured login module instances

options - the parameters passed to the login module.

See Also:

SecurityDomain, X509CertificateVerifier

login

public boolean login()
              throws LoginException

Perform the authentication of the username and password.

Specified by:

login in interface LoginModule

Overrides:

login in class AbstractServerLoginModule

Throws:

LoginException

commit

public boolean commit()
               throws LoginException

Override to add the X509Certificate to the public credentials

Specified by:

commit in interface LoginModule

Overrides:

commit in class AbstractServerLoginModule

Returns:

Throws:

LoginException

See Also:

Subject;, Group;

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException

Subclasses need to override this to provide the roles for authorization

Specified by:

getRoleSets in class AbstractServerLoginModule

Returns:

Throws:

LoginException

getIdentity

protected Principal getIdentity()

Description copied from class: AbstractServerLoginModule

Overriden by subclasses to return the Principal that corresponds to the user primary identity.

Specified by:

getIdentity in class AbstractServerLoginModule

getCredentials

protected Object getCredentials()

getUsername

protected String getUsername()

getAliasAndCert

protected Object[] getAliasAndCert()
                            throws LoginException

Throws:

LoginException

validateCredential

protected boolean validateCredential(String alias,
                                     X509Certificate cert)