|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.jackrabbit.core.security.authentication.AbstractLoginModule
public abstract class AbstractLoginModule
AbstractLoginModule
provides the means for the common
authentication tasks within the Repository.
PrincipalProvider
configured for this LoginModule
Jackrabbit distinguishes between Login and Impersonation dispatching the
the correspoding Repository/Session methods to
authenticate(java.security.Principal, javax.jcr.Credentials)
and
impersonate(java.security.Principal, javax.jcr.Credentials)
, respectively.
LoginModule
Field Summary | |
---|---|
protected String |
adminId
|
protected String |
anonymousId
|
protected SimpleCredentials |
credentials
|
protected Principal |
principal
|
protected PrincipalProvider |
principalProvider
|
protected Subject |
subject
|
Constructor Summary | |
---|---|
AbstractLoginModule()
|
Method Summary | |
---|---|
boolean |
abort()
Method to abort the authentication process (phase 2). |
protected boolean |
authenticate(Principal principal,
Credentials credentials)
|
boolean |
commit()
Method to commit the authentication process (phase 2). |
protected abstract void |
doInit(CallbackHandler callbackHandler,
Session session,
Map options)
Implementations may set-up their own state. |
String |
getAdminId()
Returns the admin user id. |
String |
getAnonymousId()
Returns the anonymous user id. |
protected abstract Authentication |
getAuthentication(Principal principal,
Credentials creds)
|
protected Credentials |
getCredentials()
Method tries to resolve the Credentials used for login. |
protected Subject |
getImpersonatorSubject(Credentials credentials)
Method tries to acquire an Impersonator in the follwing order: Try to access it from the Credentials via SimpleCredentials.getAttribute(String)
Ask CallbackHandler for Impersonator with use of ImpersonationCallback . |
protected abstract Principal |
getPrincipal(Credentials credentials)
Authentication process associates a Principal to Credentials This method resolves the Principal for the given Credentials. |
String |
getPrincipalProvider()
Returns the configured name of the principal provider class. |
protected Set |
getPrincipals()
|
protected String |
getUserID(Credentials credentials)
Method supports tries to acquire a UserID in the follwing order: If passed credentials are GuestCredentials the anonymous user id
is returned. |
protected abstract boolean |
impersonate(Principal principal,
Credentials credentials)
Handles the impersonation of given Credentials. |
void |
initialize(Subject subject,
CallbackHandler callbackHandler,
Map sharedState,
Map options)
Initialize this LoginModule. |
protected boolean |
isAnonymous(Credentials credentials)
Indicate if the given Credentials are considered to be anonymous. |
protected boolean |
isImpersonation(Credentials credentials)
Test if the current request is an Impersonation attempt. |
protected boolean |
isInitialized()
Returns true if this module has been successfully initialized. |
boolean |
login()
Method to authenticate a Subject (phase 1). |
boolean |
logout()
Method which logs out a Subject . |
void |
setAdminId(String adminId)
Sets the administrator's user id. |
void |
setAnonymousId(String anonymousId)
Sets the anonymous user id. |
void |
setPrincipalProvider(String principalProvider)
Sets the configured name of the principal provider class |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected String adminId
protected String anonymousId
protected Principal principal
protected SimpleCredentials credentials
protected Subject subject
protected PrincipalProvider principalProvider
Constructor Detail |
---|
public AbstractLoginModule()
Method Detail |
---|
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
PrincipalManager
for group-membership resoultionPrincipalProvider
for user-Principal
resolution.LoginModuleConfig.PARAM_ADMIN_ID
option is evaluatedLoginModuleConfig.PARAM_ANONYMOUS_ID
option is evaluateddoInit(CallbackHandler, Session, Map)
to implement
additional initalization
initialize
in interface LoginModule
subject
- the Subject
to be authenticated. callbackHandler
- a CallbackHandler
for communicating
with the end user (prompting for usernames and
passwords, for example). sharedState
- state shared with other configured
LoginModules.options
- options specified in the login Configuration
for this particular LoginModule
.LoginModule.initialize(Subject, CallbackHandler, Map, Map)
,
doInit(CallbackHandler, Session, Map)
,
isInitialized()
protected abstract void doInit(CallbackHandler callbackHandler, Session session, Map options) throws LoginException
callbackHandler
- as passed by LoginContext
session
- to security-workspace of Jackrabbitoptions
- options from Logini config
LoginException
- in case initializeaiton failesprotected boolean isInitialized()
true
if this module has been successfully initialized.
true
if this module has been successfully initialized.LoginModule.initialize(Subject, CallbackHandler, Map, Map)
public boolean login() throws LoginException
Subject
(phase 1).
The login is devided into 3 Phases:
1) User-ID resolutionCredentials
interface, credentials are accessed in this phase.PrincipalProvider
has a principal
for the given ID and the principal can be found via
PrincipalProvider.findPrincipals(String)
.principal_provider.class
.
If the option is missing, the system default prinvipal provider will
be used.
3) VerficationSession.impersonate(Credentials)
or of a login to the Repository (Repository.login(Credentials)
). The concrete implementation
of the LoginModule is responsible for both impersonation and login:
Under the following conditions, the login process is aborted and the
module is marked to be ignored:
login
in interface LoginModule
LoginModule
should be ignored.
LoginException
- if the authentication failsLoginModule.login()
,
getCredentials()
,
getUserID(Credentials)
,
getImpersonatorSubject(Credentials)
public boolean commit() throws LoginException
login
method),
then this method associates relevant Principals and Credentials with the
Subject
located in the LoginModule
. If this
LoginModule's own authentication attempted failed, then this method
removes/destroys any state that was originally saved.
The login is considers as succeeded if the credentials field is set. If
there is no principal set the login is considered as ignored.
The implementation stores the principal associated to the UserID and all
the Groups it is member of. PrincipalManager.getGroupMembership(Principal)
An instance of (#link SimpleCredentials} containing only the UserID used
to login is set to the Subject's public Credentials.
commit
in interface LoginModule
LoginModule
should be ignored.
LoginException
- if the commit failsLoginModule.commit()
,
login()
public boolean abort() throws LoginException
This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).
If this LoginModule's own authentication attempt succeeded (checked
by retrieving the private state saved by the login
method),
then this method cleans up any state that was originally saved.
abort
in interface LoginModule
LoginModule
should be ignored.
LoginException
- if the abort failspublic boolean logout() throws LoginException
Subject
.
An implementation of this method might remove/destroy a Subject's Principals and Credentials.
logout
in interface LoginModule
LoginModule
should be ignored.
LoginException
- if the logout failsprotected boolean authenticate(Principal principal, Credentials credentials) throws RepositoryException, FailedLoginException
principal
- credentials
-
true
if Credentails authenticate,
false
if no Authentication
can handle
the given Credentials
FailedLoginException
- if the authentication failed.
RepositoryException
getAuthentication(java.security.Principal, javax.jcr.Credentials)
,
authenticate(java.security.Principal, javax.jcr.Credentials)
protected boolean isImpersonation(Credentials credentials)
true
if an
subject
for the
impersonation can be retrieved.
credentials
- potentially containing impersonation data
getImpersonatorSubject(Credentials)
protected abstract boolean impersonate(Principal principal, Credentials credentials) throws RepositoryException, LoginException
User
for the given Principal and
delegates the check to Impersonation.allows(javax.security.auth.Subject)
}
principal
- credentials
-
RepositoryException
FailedLoginException
- if credentials don't allow to impersonate to principal
LoginException
protected abstract Authentication getAuthentication(Principal principal, Credentials creds) throws RepositoryException
principal
- creds
-
RepositoryException
protected Subject getImpersonatorSubject(Credentials credentials)
Credentials
via SimpleCredentials.getAttribute(String)
ImpersonationCallback
.
credentials
- which, may contain an impersonation Subject
login()
,
impersonate(java.security.Principal, javax.jcr.Credentials)
protected Credentials getCredentials()
Credentials
used for login. It takes
authentication-extension of an already authenticated Subject
into
accout.
Therefore the credentials are searchred as follows:
CredentialsCallback
. Expects CredentialsCallback.getCredentials()
to return an instance of Credentials
.SimpleCredentials
see
Subject.getPublicCredentials(Class)
, thus enabling to
preauthenticate the Subject.
login()
protected String getUserID(Credentials credentials)
GuestCredentials
the anonymous user id
is returned.Credentials
via SimpleCredentials.getUserID()
NameCallback
.
credentials
- which, may contain a User-ID
login()
protected boolean isAnonymous(Credentials credentials)
credentials
-
protected abstract Principal getPrincipal(Credentials credentials)
credentials
-
null
.protected Set getPrincipals()
public String getAdminId()
public void setAdminId(String adminId)
adminId
- the administrator's user id.public String getAnonymousId()
public void setAnonymousId(String anonymousId)
anonymousId
- anonymous user idpublic String getPrincipalProvider()
public void setPrincipalProvider(String principalProvider)
principalProvider
- Name of the principal provider class.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |