Class IdentityAssertionLoginModule

All Implemented Interfaces:

public class IdentityAssertionLoginModule extends Object implements LoginModule

Identity Assertion login module

A principal will be logged in if a trust is established. This login module considers trust to be established if the shared state contains a Map called The Map should contain the following variables:

  • set to true
  • containing a java.Security.Principal to hold the login identity.
  • OR containing a[] to hold the login identity.

If the Map is provided in the shared state then the identity will be logged in.

  • Constructor Details

    • IdentityAssertionLoginModule

      public IdentityAssertionLoginModule()
  • Method Details

    • initialize

      public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)

      Initialize this login module.

      This is called by the LoginContext after this login module is instantiated. The relevant information is passed from the LoginContext to this login module. If the login module does not understands any of the data stored in the sharedState and options parameters, they can be ignored.

      Specified by:
      initialize in interface LoginModule
      subject - The subject to be authenticated.
      callbackHandler - A CallbackHandler for communicating with the end user to gather login information (e.g., username and password).
      sharedState - The state shared with other configured login modules.
      options - The options specified in the login configuration for this particular login module.
    • login

      public boolean login() throws

      Method to authenticate a Subject (first phase).

      This method authenticates a Subject. It uses the Map stored in the shared state property The key in the Map is used to determine trust. If true then trusted if false then it not trusted. When trust is established then the principal stored in either the or key will contain the identity to login as.

      Specified by:
      login in interface LoginModule
      true if the authentication succeeded, or false if this login module should be ignored.
      Throws: - If the authentication fails.
    • commit

      public boolean commit() throws
      Commit the authentication (phase 2).

      If the login module authentication attempted in phase 1 succeeded, then relevant principals and credentials are associated with the subject. If the authentication attempted in phase 1 failed, then this method removes/destroys any state that was originally saved.

      Specified by:
      commit in interface LoginModule
      true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
      Throws: - if the commit fails
    • abort

      public boolean abort() throws LoginException
      Abort the authentication (second phase).

      This method is called if the LoginContext's overall authentication failed.

      If this login module's authentication attempt succeeded, then this method cleans up the previous state saved in phase 1.

      Specified by:
      abort in interface LoginModule
      false if this LoginModule's own login and/or commit attempts failed, and true otherwise.
      LoginException - if the abort fails
    • logout

      public boolean logout() throws LoginException
      Logout the user

      The principals and credentials are removed from the Shared state.

      Specified by:
      logout in interface LoginModule
      true in all cases (this LoginModule should not be ignored).
      LoginException - if the logout fails