com.ibm.security.auth.module

Class JAASActiveLoginModule

  • java.lang.Object
    • com.ibm.security.auth.module.JAASActiveLoginModule
  • All Implemented Interfaces:
    LoginModule

    public class JAASActiveLoginModule
extends java.lang.Object
implements LoginModule

    This LoginModule interacts with the NT security subsystem to login as a local user, then renders a user's NT security information as some number of Principals and associates them with a Subject.

    One use of this capability might be to log in as a particular NT user, then perform a ThreadSubject.doAs((LoginContext)lc.getSubject(), PrivilegedAction there). This would run the PrivilegedAction as that user, from the perspective of both Java and NT.

    This LoginModule may actually be used in either of two ways. If no CallbackHandlers were specified on the creation of the LoginContext that is constructing this LoginModule then this just queries the underlying OS for the current identity. If, however, CallbackHandlers were specified, then this LoginModule drives a NameCallback and a PasswordCallback to get enough information to perform an OS-level login.

    This LoginModule recognizes the debug option. If set to true in the login Configuration, debug messages will be output to the output stream, System.out.

    See Also:
    LoginModule, NameCallback, PasswordCallback, LoginContext

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method and Description
      boolean abort()
      This method is called if the LoginContext's overall authentication failed.
      boolean commit()
      This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).
      void initialize(Subject subject, CallbackHandler callbackHandler, java.util.Map<java.lang.String,?> sharedState, java.util.Map<java.lang.String,?> options)
      Initialize this LoginModule.
      boolean login()
      Authenticate the user by prompting for a username and password.
      boolean logout()
      Logout the user.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • JAASActiveLoginModule

        public JAASActiveLoginModule()

    • Method Detail

      • initialize

        public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       java.util.Map<java.lang.String,?> sharedState,
                       java.util.Map<java.lang.String,?> options)
        Initialize this LoginModule.

        Specified by:
        initialize in interface LoginModule
        Parameters:
        subject - the Subject to be authenticated.

        callbackHandler - a CallbackHandler for communicating with the end user (prompting for usernames and passwords, for example).

        sharedState - shared LoginModule state.

        options - options specified in the login Configuration for this particular LoginModule.

      • login

        public boolean login()
              throws LoginException
        Authenticate the user by prompting for a username and password.

        Specified by:
        login in interface LoginModule
        Returns:
        true in all cases since this LoginModule should not be ignored.
        Throws:
        FailedLoginException - if the authentication fails.

        LoginException - if this LoginModule is unable to perform the authentication.

      • commit

        public boolean commit()
               throws LoginException

        This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).

        If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login method), then this method associates some number of various Principals with the Subject located in the LoginModuleContext. If this LoginModule's own authentication attempted failed, then this method removes any state that was originally saved.

        Specified by:
        commit in interface LoginModule
        Returns:
        true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
        Throws:
        LoginException - if the commit fails.

      • abort

        public boolean abort()
              throws LoginException

        This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).

        If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login and commit methods), then this method cleans up any state that was originally saved.

        Specified by:
        abort in interface LoginModule
        Returns:
        false if this LoginModule's own login and/or commit attempts failed, and true otherwise.
        Throws:
        LoginException - if the abort fails.

      • logout

        public boolean logout()
               throws LoginException
        Logout the user.

        This method removes the UsernamePrincipal, UserIDPrincipal, DomainPrincipal, DomainIDPrincipal, GroupIDPrincipals, PrimaryGroupIDPrincipal and NTNumericCredential that may have been added by the commit method.

        Specified by:
        logout in interface LoginModule
        Returns:
        true in all cases since this LoginModule should not be ignored.
        Throws:
        LoginException - if the logout fails.
Skip navigation links

© Copyright 2003, 2015 IBM Corporation. All rights reserved.
© Copyright 2003, 2015, Oracle and/or its affiliates. All rights reserved.