Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.jackrabbit.core.security.authentication
Class DefaultLoginModule

java.lang.Object
  extended by org.apache.jackrabbit.core.security.authentication.AbstractLoginModule
      extended by org.apache.jackrabbit.core.security.authentication.DefaultLoginModule
All Implemented Interfaces:
LoginModule
public class DefaultLoginModule
extends AbstractLoginModule

The DefaultLoginModule authenticates Credentials related to a User of the Repository
In any other case it is marked to be ignored.

This Module can deal with the following credentials

In both cases the login is successful if the system contains a non-disabled, valid user that matches the given credentials.

Correspondingly impersonation is delegated to the User's Impersonation object.

See Also:
AbstractLoginModule

Field Summary
protected  org.apache.jackrabbit.api.security.user.User user
          The user object retrieved during the authentication process.
 
Fields inherited from class org.apache.jackrabbit.core.security.authentication.AbstractLoginModule
adminId, anonymousId, callbackHandler, credentials, principal, principalProvider, sharedState, subject
 
Constructor Summary
DefaultLoginModule()
           
 
Method Summary
 boolean commit()
          Method to commit the authentication process (phase 2).
protected  void doInit(CallbackHandler callbackHandler, Session session, Map options)
          Retrieves the user manager from the specified session.
protected  Authentication getAuthentication(Principal principal, Credentials creds)
          Retrieve the Authentication.
protected  Principal getPrincipal(Credentials credentials)
          Resolves the userID from the given credentials and obtains the principal from the User object associated with the given userID.
 long getTokenExpiration()
           
protected  String getUserID(Credentials credentials)
          Method supports tries to acquire a UserID in the following order: If passed credentials are GuestCredentials the anonymous user id is returned. Try to access it from the Credentials via SimpleCredentials.getUserID() Ask CallbackHandler for User-ID with use of NameCallback. Test if the 'sharedState' contains a login name. Fallback: return the anonymous UserID.
protected  boolean impersonate(Principal principal, Credentials credentials)
          Handles the impersonation of given Credentials.

Current implementation takes User for the given Principal and delegates the check to Impersonation.allows(javax.security.auth.Subject)
 boolean isDisableTokenAuth()
          Return a flag indicating if token based authentication is disabled.
 void setDisableTokenAuth(boolean disableTokenAuth)
          Set a flag indicating if token based authentication is disabled.
 void setTokenExpiration(long tokenExpiration)
           
protected  boolean supportsCredentials(Credentials creds)
          Return a flag indicating whether the credentials are supported by this login module.
 
Methods inherited from class org.apache.jackrabbit.core.security.authentication.AbstractLoginModule
abort, authenticate, getAdminId, getAnonymousId, getCredentials, getImpersonatorSubject, getPreAuthAttributeName, getPrincipalProvider, getPrincipals, initialize, isAnonymous, isImpersonation, isInitialized, isPreAuthenticated, login, logout, setAdminId, setAnonymousId, setPrincipalProvider
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

user

protected org.apache.jackrabbit.api.security.user.User user
The user object retrieved during the authentication process.

Constructor Detail

DefaultLoginModule

public DefaultLoginModule()
Method Detail

commit

public boolean commit()
               throws LoginException
Description copied from class: AbstractLoginModule
Method to commit the authentication process (phase 2).

This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).

If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login method), then this method associates relevant Principals and Credentials with the Subject located in the LoginModule. If this LoginModule's own authentication attempted failed, then this method removes/destroys any state that was originally saved.

The login is considered as succeeded if there is a principal set.

The implementation stores the principal associated to the UserID and all the Groups it is member of with the Subject and in addition adds an instance of (#link SimpleCredentials} to the Subject's public credentials.

Specified by:
commit in interface LoginModule
Overrides:
commit in class AbstractLoginModule
Returns:
true if this method succeeded, or false if this LoginModule should be ignored.
Throws:
LoginException - if the commit fails
See Also:
LoginModule.commit()

doInit

protected void doInit(CallbackHandler callbackHandler,
                      Session session,
                      Map options)
               throws LoginException
Retrieves the user manager from the specified session. If this fails this login modules initialization must fail.

Specified by:
doInit in class AbstractLoginModule
Parameters:
callbackHandler - as passed by LoginContext
session - to security-workspace of Jackrabbit
options - options from LoginModule config
Throws:
LoginException - in case initialization fails.
See Also:
AbstractLoginModule.doInit(CallbackHandler, Session, Map)

getPrincipal

protected Principal getPrincipal(Credentials credentials)
Resolves the userID from the given credentials and obtains the principal from the User object associated with the given userID. If the the userID cannot be resolved to a User or if obtaining the principal fail, null is returned.

Specified by:
getPrincipal in class AbstractLoginModule
Parameters:
credentials - Credentials to retrieve the principal for.
Returns:
a user principal or null.
See Also:
AbstractLoginModule.getPrincipal(Credentials)

supportsCredentials

protected boolean supportsCredentials(Credentials creds)
Description copied from class: AbstractLoginModule
Return a flag indicating whether the credentials are supported by this login module. Default implementation supports SimpleCredentials and GuestCredentials.

Overrides:
supportsCredentials in class AbstractLoginModule
Parameters:
creds - credentials
Returns:
true if the credentials are supported; false otherwise
See Also:
AbstractLoginModule.supportsCredentials(javax.jcr.Credentials)

getUserID

protected String getUserID(Credentials credentials)
Description copied from class: AbstractLoginModule
Method supports tries to acquire a UserID in the following order:
  1. If passed credentials are GuestCredentials the anonymous user id is returned.
  2. Try to access it from the Credentials via SimpleCredentials.getUserID()
  3. Ask CallbackHandler for User-ID with use of NameCallback.
  4. Test if the 'sharedState' contains a login name.
  5. Fallback: return the anonymous UserID.

Overrides:
getUserID in class AbstractLoginModule
Parameters:
credentials - which, may contain a User-ID
Returns:
The userId retrieved from the credentials or by any other means described above.
See Also:
AbstractLoginModule.getUserID(javax.jcr.Credentials)

getAuthentication

protected Authentication getAuthentication(Principal principal,
                                           Credentials creds)
                                    throws RepositoryException
Description copied from class: AbstractLoginModule
Retrieve the Authentication.

Specified by:
getAuthentication in class AbstractLoginModule
Parameters:
principal - A principal.
creds - The Credentials used for the login.
Returns:
Authentication object for the given principal / credentials.
Throws:
RepositoryException - If an error occurs.
See Also:
AbstractLoginModule.getAuthentication(Principal, Credentials)

impersonate

protected boolean impersonate(Principal principal,
                              Credentials credentials)
                       throws RepositoryException,
                              FailedLoginException
Handles the impersonation of given Credentials.

Current implementation takes User for the given Principal and delegates the check to Impersonation.allows(javax.security.auth.Subject)

Specified by:
impersonate in class AbstractLoginModule
Parameters:
principal - Principal to impersonate.
credentials - Credentials used to create the impersonation subject.
Returns:
false, if there is no User to impersonate, true if impersonation is allowed
Throws:
RepositoryException
FailedLoginException - if credentials don't allow to impersonate to principal
See Also:
AbstractLoginModule.impersonate(Principal, Credentials)

isDisableTokenAuth

public boolean isDisableTokenAuth()
Return a flag indicating if token based authentication is disabled.

Returns:
true if token based authentication is disabled; false otherwise.

setDisableTokenAuth

public void setDisableTokenAuth(boolean disableTokenAuth)
Set a flag indicating if token based authentication is disabled.

Parameters:
disableTokenAuth - true to disable token based authentication; false otherwise

getTokenExpiration

public long getTokenExpiration()
Returns:
The configured expiration time for login tokens in milliseconds.

setTokenExpiration

public void setTokenExpiration(long tokenExpiration)
Parameters:
tokenExpiration - Sets the configured expiration time (in milliseconds) of login tokens.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2012 The Apache Software Foundation. All Rights Reserved.