com.filenet.api.authentication.jboss.login

Class FnClientLoginModule

  • java.lang.Object
    • com.filenet.api.authentication.jboss.login.FnClientLoginModule
  • All Implemented Interfaces:
    javax.security.auth.spi.LoginModule

    public class FnClientLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule
    This class is used in JAAS configurations for user name / password logins on JBoss clients (meaning any client of the Content Engine, whether that be from a Java thick-client or a JBoss servlet) using the EJB transport. JBoss 6 EAP requires the use of FnClientLoginModule to property handle the logins for remote client. FnClientLoginModule is strongly recommended for use on either local clients using EJB or JBoss 4.x / 5.x clients running remotely and using EJB. For these latter clients (but not remote JBoss 6 EAP remote ones), there is the option of using JBoss's ClientLoginModule but this has the flaw that it does not associate a user's identity with the login's Subject but, instead, associates the user's identity with the most recent login operation. JBoss's ClientLoginModule behavior can cause a problem if the client code uses multiple user identities. To illustrate, consider code like this: 
     Subject ident_jane = UserContext.createSubject("jane", JANES_PASSWORD");
 Subject ident_joe = UserContext.createSubject("joe", JOES_PASSWORD");
 
 UserContext.pushSubject(ident_jane);
 // do work as Jane
 
 UserContext.pushSubject(ident_joe);
 // do work as Joe

    Transparently, the createSubject method does a JAAS login using the JAAS "FileNetP8" stanza (defined in the jaas.conf.JBoss configuration file). If the "FileNetP8" stanza is set to use the JBoss ClientLoginModule, as shown below:

     FileNetP8 {
     org.jboss.security.ClientLoginModule required;
 };

    then all of the work is performed as if Joe were the user, because Joe was the most recent login. No work would be performed as Jane in this case. To correct this problem, use this setting for the JAAS "FileNetP8" stanza:

     FileNetP8 {
     com.filenet.api.authentication.jboss.login.FnClientLoginModule required;
 };

    which is the default on JBoss installations if the client is configured to use <installation_directory>\Programs\FileNet\CE_API\config\samples\jaas.conf.JBoss.

    In the more common case, in which the client code uses only one user identity, you can use either FnClientLoginModule or the JBoss ClientLoginModule other than as noted above.

    You can specify other options as necessary for FnClientLoginModule when you modify the stanza, as follows:

    • debug - Set debug=true to write additional debug messages on the console of the JBoss client. The default is false.
    • useFirstPass - Set useFirstPass=true so that a principal and a credential may be passed in from a previous login module in the same JASS configuration and used to override the login's normal user name / password. This requires that some previous login module set javax.security.auth.login.name and javax.security.auth.login.password entries in the JAAS shared state. The default is false.
    • tryFirstPass - This option is used in conjuction with useFirstPass=true to indicate whether it is an error (tryFirstPass=false) or if the regular login user name / password is to be used (tryFirstPass=true) in cases where no previous login module has overridden the normal user name / password. The default is false.

    Make sure to specify for the client the JAAS configuration file that contains your modifications. The typical way to specify this file for the client is through a JVM argument, similar to the following, when starting the client's JVM:

    -Djava.security.auth.login.config="c:/Program Files/FileNet/CE_API/config/samples/jaas.conf.JBoss"

    (For more information and descriptions of the LoginModule methods, see your JBoss documentation for org.jboss.security.ClientLoginModule.)

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method and Description
      boolean abort() 
      boolean commit() 
      void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options) 
      boolean login() 
      boolean logout() 

      • Methods inherited from class java.lang.Object

        equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • FnClientLoginModule

        public FnClientLoginModule()

    • Method Detail

      • initialize

        public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map sharedState,
                       java.util.Map options)
        Specified by:
        initialize in interface javax.security.auth.spi.LoginModule

      • login

        public boolean login()
              throws javax.security.auth.login.LoginException
        Specified by:
        login in interface javax.security.auth.spi.LoginModule
        Throws:
        javax.security.auth.login.LoginException

      • commit

        public boolean commit()
        Specified by:
        commit in interface javax.security.auth.spi.LoginModule

      • abort

        public boolean abort()
        Specified by:
        abort in interface javax.security.auth.spi.LoginModule

      • logout

        public boolean logout()
        Specified by:
        logout in interface javax.security.auth.spi.LoginModule
Skip navigation links
  • Prev Class
  • Next Class

© Copyright IBM Corporation 2006, 2019. All rights reserved.