public abstract class SagAbstractLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule
This class also takes care of handling the inter-LoginModule SSO. When successfully authenticated, the used SagCredentials are put into the sharedState Map for use by other LoginModules in the stack, replacing SagCredentials already in the sharedState Map. If the authentication fails, the SagCredentials in the sharedState Map are left unaltered. The SagCredentials are stored under the following key:
com.softwareag.security.jaas.sagcredentials
This login module can create the SagUserPrincipal
object using
the information from the SagCredentials
in the sharedState Map. To
create the SagUserPrincipal
in this way, go to the JAAS configuration
and set the
create_user_principal flag should to TRUE for the login
modules. The default value of this flag is FALSE. Once you set any of the
login modules in
the logincontext stack to TRUE, you cannot reset them
to FALSE.
This login module can add the SagCredentials
from the sharedState Map
like a privateCredential of the Subject. The password in the credentials
are not removed unless the flag keep_password is set as FALSE.
If one login module from the login context changes the default values
of the flags, it effects the behavior of the whole
authentication process.
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
rcsId
Version information in binary form.
|
static java.lang.String |
SHARED_SAG_CREDENTIALS
SagCredentials in the shared state.
|
Constructor and Description |
---|
SagAbstractLoginModule() |
Modifier and Type | Method and Description |
---|---|
boolean |
commit()
This commit method will be invoked from every inheritor of this class
on commit phase.
|
void |
initialize(javax.security.auth.Subject subject,
javax.security.auth.callback.CallbackHandler callbackHandler,
java.util.Map sharedState,
java.util.Map options)
Initialize this LoginModule.
|
boolean |
login()
Method to authenticate a
Subject (phase 1). |
public static final java.lang.String rcsId
public static final java.lang.String SHARED_SAG_CREDENTIALS
public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
This method is called by the LoginContext
after this LoginModule
has been instantiated.
The purpose of this method is to initialize this
LoginModule
with the relevant information.
If this LoginModule
does not understand
any of the data stored in sharedState
or
options
parameters, they can be ignored.
initialize
in interface javax.security.auth.spi.LoginModule
subject
- the Subject
to be authenticated. callbackHandler
- A CallbackHandler
for communicating
with the end user (prompting for usernames and
passwords, for example). sharedState
- State shared with other configured LoginModules. options
- Options specified in the login
Configuration
for this particular
LoginModule
.public boolean login() throws javax.security.auth.login.LoginException
Subject
(phase 1).
The implementation of this method authenticates
a Subject
. For example, it may prompt for
Subject
information such
as a username and password and then attempt to verify the password.
This method saves the result of the authentication attempt
as a private state within the LoginModule.
login
in interface javax.security.auth.spi.LoginModule
LoginModule
should be ignored.javax.security.auth.login.LoginException
- Whether the authentication failspublic boolean commit() throws javax.security.auth.login.LoginException
SagUserPrincipal
object
with information from the SagCredentials. This methods also add these
credentials in the private fields of the Subject.commit
in interface javax.security.auth.spi.LoginModule
javax.security.auth.login.LoginException