Class ExternalLoginModule
- java.lang.Object
-
- org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
-
- org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule
-
- All Implemented Interfaces:
javax.security.auth.spi.LoginModule
public class ExternalLoginModule extends AbstractLoginModule
ExternalLoginModule
implements aLoginModule
that uses anExternalIdentityProvider
for authentication.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
PARAM_IDP_NAME
Name of the parameter that configures the name of the external identity provider.static java.lang.String
PARAM_SYNC_HANDLER_NAME
Name of the parameter that configures the name of the synchronization handler.-
Fields inherited from class org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
callbackHandler, options, SHARED_KEY_ATTRIBUTES, SHARED_KEY_CREDENTIALS, SHARED_KEY_LOGIN_NAME, SHARED_KEY_PRE_AUTH_LOGIN, sharedState, subject
-
-
Constructor Summary
Constructors Constructor Description ExternalLoginModule()
Default constructor for the OSGIi LoginModuleFactory case and the default non-OSGi JAAS case.ExternalLoginModule(ConfigurationParameters osgiConfig)
Creates a new ExternalLoginModule with the given OSGi config.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
abort()
protected void
clearState()
Clear state information that has been created duringLoginModule.login()
.boolean
commit()
protected @NotNull java.util.Set<java.lang.Class>
getSupportedCredentials()
void
initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map<java.lang.String,?> sharedState, java.util.Map<java.lang.String,?> opts)
boolean
login()
boolean
logout()
Besteffort default implementation ofLoginModule.logout()
, which removes all principals and all public credentials of typeCredentials
andAuthInfo
from the subject.void
setIdpManager(@NotNull ExternalIdentityProviderManager idpManager)
void
setSyncManager(@NotNull SyncManager syncManager)
-
Methods inherited from class org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
closeSystemSession, getCredentials, getLoginModuleMonitor, getPrincipalProvider, getPrincipals, getPrincipals, getRoot, getSecurityProvider, getSharedCredentials, getSharedLoginName, getSharedPreAuthLogin, getUserManager, getWhiteboard, logout, onError, setAuthInfo
-
-
-
-
Field Detail
-
PARAM_IDP_NAME
public static final java.lang.String PARAM_IDP_NAME
Name of the parameter that configures the name of the external identity provider.- See Also:
- Constant Field Values
-
PARAM_SYNC_HANDLER_NAME
public static final java.lang.String PARAM_SYNC_HANDLER_NAME
Name of the parameter that configures the name of the synchronization handler.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
ExternalLoginModule
public ExternalLoginModule()
Default constructor for the OSGIi LoginModuleFactory case and the default non-OSGi JAAS case.
-
ExternalLoginModule
public ExternalLoginModule(ConfigurationParameters osgiConfig)
Creates a new ExternalLoginModule with the given OSGi config.- Parameters:
osgiConfig
- the config
-
-
Method Detail
-
initialize
public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map<java.lang.String,?> sharedState, java.util.Map<java.lang.String,?> opts)
- Specified by:
initialize
in interfacejavax.security.auth.spi.LoginModule
- Overrides:
initialize
in classAbstractLoginModule
-
login
public boolean login() throws javax.security.auth.login.LoginException
- Throws:
javax.security.auth.login.LoginException
-
commit
public boolean commit()
-
abort
public boolean abort()
- Specified by:
abort
in interfacejavax.security.auth.spi.LoginModule
- Overrides:
abort
in classAbstractLoginModule
-
logout
public boolean logout() throws javax.security.auth.login.LoginException
Description copied from class:AbstractLoginModule
Besteffort default implementation ofLoginModule.logout()
, which removes all principals and all public credentials of typeCredentials
andAuthInfo
from the subject. It will returnfalse
, if either principal set or credentials set is empty. Note, that this implementation is not able to only remove those principals/credentials that have been added bythis
very login module instance. Therefore subclasses should overwrite this method to provide a fully compliant solution ofAbstractLoginModule.logout()
. They may however take advantage ofAbstractLoginModule.logout(Set, Set)
in order to simplify the implementation of a logout that is compatible with theLoginModule.logout()
contract incorporating the additional recommendations highlighted at JAAS LoginModule Dev Guide- Specified by:
logout
in interfacejavax.security.auth.spi.LoginModule
- Overrides:
logout
in classAbstractLoginModule
- Returns:
true
if neither principals nor public credentials of typeCredentials
orAuthInfo
stored in theSubject
are empty;false
otherwise- Throws:
javax.security.auth.login.LoginException
- if the subject is readonly and destroyingDestroyable
credentials fails withDestroyFailedException
.
-
clearState
protected void clearState()
Description copied from class:AbstractLoginModule
Clear state information that has been created duringLoginModule.login()
.- Overrides:
clearState
in classAbstractLoginModule
-
getSupportedCredentials
@NotNull protected @NotNull java.util.Set<java.lang.Class> getSupportedCredentials()
- Specified by:
getSupportedCredentials
in classAbstractLoginModule
- Returns:
- the set of credentials classes as exposed by the configured
CredentialsSupport
implementation.
-
setSyncManager
public void setSyncManager(@NotNull @NotNull SyncManager syncManager)
-
setIdpManager
public void setIdpManager(@NotNull @NotNull ExternalIdentityProviderManager idpManager)
-
-