com.ibm.wsspi.wim

Class VMMSAFMappingModule

  • java.lang.Object
    • com.ibm.wsspi.wim.VMMSAFMappingModule
  • All Implemented Interfaces:
    javax.security.auth.spi.LoginModule

    public class VMMSAFMappingModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule
    VMMSAFMappingModule demonstrates a custom login module that maps the existing WSPrincipal from the shared state to a z/OS user id for a Federated Repository. The following values will be set into the shared state if authentication succeeds. If authentication fails, this login module will still indicate success, but no values are set into the shared state. AttributeNameConstants.ZOS_USERID AttributeNameConstants.ZOS_AUDIT_STRING AttributeNameConstants.CALLER_PRINCIPAL_CLASS This login module does not use any callbacks, nor does it modify the Subject in any way.

    • Field Summary

      Fields 
      Modifier and Type Field and Description
      static java.lang.String CLASSNAME 

    • Constructor Summary

      Constructors 
      Constructor and Description
      VMMSAFMappingModule()
      Construct an uninitialized mapping module object.

    • Method Summary

      Methods 
      Modifier and Type Method and Description
      boolean abort()
      Method to abort the authentication process (Phase 2).
      boolean commit()
      Method to commit the authentication result.
      void initialize(javax.security.auth.Subject newSubject, javax.security.auth.callback.CallbackHandler newCallbackHandler, java.util.Map newSharedState, java.util.Map newOptions)
      Initialize this login module.
      boolean login()
      Method to map the WSPrincipal to a ZOS_USERID This method derives a ZOS_USERID and stores it into the Shared State for use by a later Login Module.
      boolean logout()
      Method which logs out a Subject.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • CLASSNAME

        public static final java.lang.String CLASSNAME

    • Constructor Detail

      • VMMSAFMappingModule

        public VMMSAFMappingModule()
        Construct an uninitialized mapping module object.

    • Method Detail

      • initialize

        public void initialize(javax.security.auth.Subject newSubject,
              javax.security.auth.callback.CallbackHandler newCallbackHandler,
              java.util.Map newSharedState,
              java.util.Map newOptions)
        Initialize this login module. This is called by the LoginContext after this login module is instantiated. The relevant information is passed from the LoginContext to this login module. If the login module does not understand any of the data stored in the sharedState and options parameters, they can be ignored.
        Specified by:
        initialize in interface javax.security.auth.spi.LoginModule
        Parameters:
        subject - The subject that this LoginContext is authenticating
        callbackHandler - A CallbackHandler for communicating with the end user to gather login information (e.g., username and password).
        sharedState - The state shared with other configured login modules.
        options - The options specified in the login configuration for this particular login module.

      • login

        public boolean login()
              throws javax.security.auth.login.LoginException
        Method to map the WSPrincipal to a ZOS_USERID This method derives a ZOS_USERID and stores it into the Shared State for use by a later Login Module.
        Specified by:
        login in interface javax.security.auth.spi.LoginModule
        Throws:
        javax.security.auth.login.LoginException - if the authentication fails, which is impossible for this Login Module
        Return:
        true if the authentication succeeded, or false if this Login Module should be ignored

      • commit

        public boolean commit()
               throws javax.security.auth.login.LoginException
        Method to commit the authentication result. This Login Module does not need to commit any data, so we will simply return.
        Specified by:
        commit in interface javax.security.auth.spi.LoginModule
        Throws:
        javax.security.auth.login.LoginException - if the commit fails, which cannot happen in this Login Module
        Return:
        true if the original login succeeded, or false if the original login failed

      • abort

        public boolean abort()
              throws javax.security.auth.login.LoginException
        Method to abort the authentication process (Phase 2). No matter whether our original login succeeded or failed, this method cleans up our state and returns.
        Specified by:
        abort in interface javax.security.auth.spi.LoginModule
        Throws:
        javax.security.auth.login.LoginException - if the abort fails, which cannot happen in this Login Module
        Return:
        true if the original login succeeded, or false if the original login failed

      • logout

        public boolean logout()
               throws javax.security.auth.login.LoginException
        Method which logs out a Subject. Since our commit method did not modify the Subject, we don't have anything to logout or clean up and can just return true.
        Specified by:
        logout in interface javax.security.auth.spi.LoginModule
        Throws:
        javax.security.auth.login.LoginException - if the logout fails, which cannot happen in the Login Module
        Return:
        true if the logout succeeded
Virtual member manager