Class FnClientLoginModule
- java.lang.Object
-
- com.filenet.api.authentication.jboss.login.FnClientLoginModule
-
- All Implemented Interfaces:
- javax.security.auth.spi.LoginModule
public class FnClientLoginModule extends java.lang.Object implements javax.security.auth.spi.LoginModule
This class is used in JAAS configurations for user name / password logins on JBoss clients (meaning any client of the Content Engine, whether that be from a Java thick-client or a JBoss servlet) using the EJB transport. JBoss 6 EAP requires the use ofFnClientLoginModule
to property handle the logins for remote client.FnClientLoginModule
is strongly recommended for use on either local clients using EJB or JBoss 4.x / 5.x clients running remotely and using EJB. For these latter clients (but not remote JBoss 6 EAP remote ones), there is the option of using JBoss'sClientLoginModule
but this has the flaw that it does not associate a user's identity with the login'sSubject
but, instead, associates the user's identity with the most recent login operation. JBoss'sClientLoginModule
behavior can cause a problem if the client code uses multiple user identities. To illustrate, consider code like this:Subject ident_jane = UserContext.createSubject("jane", JANES_PASSWORD"); Subject ident_joe = UserContext.createSubject("joe", JOES_PASSWORD"); UserContext.pushSubject(ident_jane); // do work as Jane UserContext.pushSubject(ident_joe); // do work as Joe
Transparently, the
createSubject
method does a JAAS login using the JAAS "FileNetP8" stanza (defined in thejaas.conf.JBoss
configuration file). If the "FileNetP8" stanza is set to use the JBossClientLoginModule
, as shown below:FileNetP8 { org.jboss.security.ClientLoginModule required; };
then all of the work is performed as if Joe were the user, because Joe was the most recent login. No work would be performed as Jane in this case. To correct this problem, use this setting for the JAAS "FileNetP8" stanza:
FileNetP8 { com.filenet.api.authentication.jboss.login.FnClientLoginModule required; };
which is the default on JBoss installations if the client is configured to use <installation_directory>\Programs\FileNet\CE_API\config\samples\jaas.conf.JBoss.
In the more common case, in which the client code uses only one user identity, you can use either
FnClientLoginModule
or the JBossClientLoginModule
other than as noted above.You can specify other options as necessary for
FnClientLoginModule
when you modify the stanza, as follows:- debug - Set
debug=true
to write additional debug messages on the console of the JBoss client. The default isfalse
. - useFirstPass - Set
useFirstPass=true
so that a principal and a credential may be passed in from a previous login module in the same JASS configuration and used to override the login's normal user name / password. This requires that some previous login module setjavax.security.auth.login.name
andjavax.security.auth.login.password
entries in the JAAS shared state. The default isfalse
. - tryFirstPass - This option is used in conjuction with
useFirstPass=true
to indicate whether it is an error (tryFirstPass=false
) or if the regular login user name / password is to be used (tryFirstPass=true
) in cases where no previous login module has overridden the normal user name / password. The default isfalse
.
Make sure to specify for the client the JAAS configuration file that contains your modifications. The typical way to specify this file for the client is through a JVM argument, similar to the following, when starting the client's JVM:
-Djava.security.auth.login.config="c:/Program Files/FileNet/CE_API/config/samples/jaas.conf.JBoss"
(For more information and descriptions of the LoginModule methods, see your JBoss documentation for org.jboss.security.ClientLoginModule.)
-
-
Constructor Summary
Constructors Constructor and Description FnClientLoginModule()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method and Description boolean
abort()
boolean
commit()
void
initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
boolean
login()
boolean
logout()
-
-
-
Method Detail
-
initialize
public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
- Specified by:
initialize
in interfacejavax.security.auth.spi.LoginModule
-
login
public boolean login() throws javax.security.auth.login.LoginException
- Specified by:
login
in interfacejavax.security.auth.spi.LoginModule
- Throws:
javax.security.auth.login.LoginException
-
commit
public boolean commit()
- Specified by:
commit
in interfacejavax.security.auth.spi.LoginModule
-
abort
public boolean abort()
- Specified by:
abort
in interfacejavax.security.auth.spi.LoginModule
-
logout
public boolean logout()
- Specified by:
logout
in interfacejavax.security.auth.spi.LoginModule
-
-