Step 1: Understand the Authentication Technology
The first thing you need to do is understand the authentication
technology to be implemented by your new LoginModule
provider,
and determine its requirements.
One thing you will need to determine is whether or not your LoginModule
will
require some form of user interaction (retrieving a user name and password, for example). If so, you
will need to become familiar with the CallbackHandler
interface and the
javax.security.auth.callback
package. In that package you will find several
possible Callback
implementations to use. (Alternatively, you can create your own
Callback
implementations.) The LoginModule
will invoke the
CallbackHandler
specified by the application itself and passed to the
LoginModule
's initialize
method. The LoginModule
passes the CallbackHandler
an array of appropriate Callback
s. See
the login method in Step 3.
Note that it is possible for LoginModule
implementations
not to have any end-user interactions. Such LoginModule
s
would not need to access the callback
package.
Another thing you should determine is what configuration options
you want to make available to the user, who specifies configuration
information in whatever form the current Configuration implementation
expects (for example, in files). For each option, decide the option
name and possible values. For example, if a LoginModule
may
be configured to consult a particular authentication server host,
decide on the option's key name ("auth_server", for example), as well
as the possible server hostnames valid for that option ("server_one.foo.com"
and "server_two.foo.com", for example).