org.picketbox.datasource.security

Class CallerIdentityLoginModule

java.lang.Object

org.jboss.security.auth.spi.AbstractServerLoginModule

org.picketbox.datasource.security.AbstractPasswordCredentialLoginModule

org.picketbox.datasource.security.CallerIdentityLoginModule

All Implemented Interfaces:

LoginModule

public class CallerIdentityLoginModule
extends AbstractPasswordCredentialLoginModule

A simple login module that simply associates the principal making the connection request with the actual EIS connection requirements. The type of Principal class used is org.jboss.security.SimplePrincipal.

Version:

$Revision: 71545 $

Author:

Scott.Stark@jboss.org, David Jencks, Dan Bunker

See Also:

ConfiguredIdentityLoginModule

Field Summary

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass

Constructor Summary

Constructors

Constructor and Description
CallerIdentityLoginModule() Default Constructor

Method Summary

Modifier and Type	Method and Description
boolean	commit() Method to commit the authentication process (phase 2).
protected Principal	getIdentity() Overriden by subclasses to return the Principal that corresponds to the user primary identity.
protected Group[]	getRoleSets() Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user.
void	initialize(Subject subject, CallbackHandler handler, Map<String,?> sharedState, Map<String,?> options) The initialize method sets up some default connection information for basic connections.
boolean	login() Performs the login association between the caller and the resource for a 1 to 1 mapping.

Methods inherited from class org.picketbox.datasource.security.AbstractPasswordCredentialLoginModule

logout, removeCredentials

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

abort, addValidOptions, checkOptions, createGroup, createIdentity, getCallerPrincipalGroup, getUnauthenticatedIdentity, getUseFirstPass

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CallerIdentityLoginModule

public CallerIdentityLoginModule()

Default Constructor

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler handler,
                       Map<String,?> sharedState,
                       Map<String,?> options)

The initialize method sets up some default connection information for basic connections. This is useful for container initialization connection use or running the application in a non-secure manner. This method is called before the login method.

Specified by:

initialize in interface LoginModule

Overrides:

initialize in class AbstractServerLoginModule

Parameters:

subject -

handler -

sharedState -

options -

login

public boolean login()
              throws LoginException

Performs the login association between the caller and the resource for a 1 to 1 mapping. This acts as a login propagation strategy and is useful for single-sign on requirements

Specified by:

login in interface LoginModule

Overrides:

login in class AbstractServerLoginModule

Returns:

True if authentication succeeds

Throws:

LoginException

commit

public boolean commit()
               throws LoginException

Description copied from class: AbstractServerLoginModule

Method to commit the authentication process (phase 2). If the login method completed successfully as indicated by loginOk == true, this method adds the getIdentity() value to the subject getPrincipals() Set. It also adds the members of each Group returned by getRoleSets() to the subject getPrincipals() Set.

Specified by:

commit in interface LoginModule

Overrides:

commit in class AbstractServerLoginModule

Returns:

true always.

Throws:

LoginException

See Also:

Subject;, Group;

getIdentity

protected Principal getIdentity()

Description copied from class: AbstractServerLoginModule

Overriden by subclasses to return the Principal that corresponds to the user primary identity.

Specified by:

getIdentity in class AbstractServerLoginModule

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException

Description copied from class: AbstractServerLoginModule

Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user. Subclasses should create at least a Group named "Roles" that contains the roles assigned to the user. A second common group is "CallerPrincipal" that provides the application identity of the user rather than the security domain identity.

Specified by:

getRoleSets in class AbstractServerLoginModule

Returns:

Group[] containing the sets of roles

Throws:

LoginException