org.apache.catalina.realm

Class JAASMemoryLoginModule

java.lang.Object

org.apache.catalina.util.LifecycleBase

org.apache.catalina.util.LifecycleMBeanBase

org.apache.catalina.realm.RealmBase

org.apache.catalina.realm.MemoryRealm

org.apache.catalina.realm.JAASMemoryLoginModule

All Implemented Interfaces:

MBeanRegistration, LoginModule, Contained, JmxEnabled, Lifecycle, Realm

public class JAASMemoryLoginModule
extends MemoryRealm
implements LoginModule

Implementation of the JAAS LoginModule interface, primarily for use in testing JAASRealm. It utilizes an XML-format data file of username/password/role information identical to that supported by org.apache.catalina.realm.MemoryRealm.

This class recognizes the following string-valued options, which are specified in the configuration file and passed to initialize(Subject, CallbackHandler, Map, Map) in the options argument:

• pathname - Relative (to the pathname specified by the "catalina.base" system property) or absolute pathname to the XML file containing our user information, in the format supported by MemoryRealm. The default value matches the MemoryRealm default.
• credentialHandlerClassName - The fully qualified class name of the CredentialHandler to use. If not specified, MessageDigestCredentialHandler will be used.
• Any additional options will be used to identify and call setters on the CredentialHandler. For example, algorithm=SHA256 would result in a call to MessageDigestCredentialHandler.setAlgorithm(String) with a parameter of "SHA256"

IMPLEMENTATION NOTE - This class implements Realm only to satisfy the calling requirements of the GenericPrincipal constructor. It does not actually perform the functionality required of a Realm implementation.

Author:

Craig R. McClanahan

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.catalina.realm.RealmBase

RealmBase.AllRolesMode

Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

Lifecycle.SingleUse

Field Summary

Fields

Modifier and Type	Field and Description
protected CallbackHandler	callbackHandler The callback handler responsible for answering our requests.
protected boolean	committed Has our own commit() returned successfully?
protected Map<String,?>	options The configuration information for this LoginModule.
protected String	pathname The absolute or relative pathname to the XML configuration file.
protected Principal	principal The Principal identified by our validation, or null if validation failed.
protected Map<String,?>	sharedState The state information that is shared with other configured LoginModule instances.
protected Subject	subject The subject for which we are performing authentication.

Fields inherited from class org.apache.catalina.realm.RealmBase

allRolesMode, container, containerLog, realmPath, sm, stripRealmForGss, support, validate, x509UsernameRetriever, x509UsernameRetrieverClassName

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

mserver

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors

Constructor and Description
JAASMemoryLoginModule()

Method Summary

Modifier and Type	Method and Description
boolean	abort() Phase 2 of authenticating a Subject when Phase 1 fails.
boolean	commit() Phase 2 of authenticating a Subject when Phase 1 was successful.
void	initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options) Initialize this LoginModule with the specified configuration information.
protected void	load() Load the contents of our configuration file.
boolean	login() Phase 1 of authenticating a Subject.
boolean	logout() Log out this user.

Methods inherited from class org.apache.catalina.realm.MemoryRealm

authenticate, getDigester, getPassword, getPathname, getPrincipal, setPathname, startInternal

Methods inherited from class org.apache.catalina.realm.RealmBase

addPropertyChangeListener, authenticate, authenticate, authenticate, authenticate, authenticate, backgroundProcess, findSecurityConstraints, getAllRolesMode, getContainer, getCredentialHandler, getDigest, getDomainInternal, getObjectNameKeyProperties, getPrincipal, getPrincipal, getPrincipal, getRealmPath, getRealmSuffix, getRoles, getServer, getTransportGuaranteeRedirectStatus, getValidate, getX509UsernameRetrieverClassName, hasMessageDigest, hasResourcePermission, hasRole, hasRoleInternal, hasUserDataPermission, initInternal, isStripRealmForGss, main, removePropertyChangeListener, setAllRolesMode, setContainer, setCredentialHandler, setRealmPath, setStripRealmForGss, setTransportGuaranteeRedirectStatus, setValidate, setX509UsernameRetrieverClassName, stopInternal, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase

addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.catalina.Realm

isAvailable

Field Detail

callbackHandler

protected CallbackHandler callbackHandler

The callback handler responsible for answering our requests.

committed

protected boolean committed

Has our own commit() returned successfully?

options

protected Map<String,?> options

The configuration information for this LoginModule.

pathname

protected String pathname

The absolute or relative pathname to the XML configuration file.

principal

protected Principal principal

The Principal identified by our validation, or null if validation failed.

sharedState

protected Map<String,?> sharedState

The state information that is shared with other configured LoginModule instances.

subject

protected Subject subject

The subject for which we are performing authentication.

Constructor Detail

JAASMemoryLoginModule

public JAASMemoryLoginModule()

Method Detail

abort

public boolean abort()
              throws LoginException

Phase 2 of authenticating a Subject when Phase 1 fails. This method is called if the LoginContext failed somewhere in the overall authentication chain.

Specified by:

abort in interface LoginModule

Returns:

true if this method succeeded, or false if this LoginModule should be ignored

Throws:

LoginException - if the abort fails

commit

public boolean commit()
               throws LoginException

Phase 2 of authenticating a Subject when Phase 1 was successful. This method is called if the LoginContext succeeded in the overall authentication chain.

Specified by:

commit in interface LoginModule

Returns:

true if the authentication succeeded, or false if this LoginModule should be ignored

Throws:

LoginException - if the commit fails

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,?> sharedState,
                       Map<String,?> options)

Initialize this LoginModule with the specified configuration information.

Specified by:

initialize in interface LoginModule

Parameters:

subject - The Subject to be authenticated

callbackHandler - A CallbackHandler for communicating with the end user as necessary

sharedState - State information shared with other LoginModule instances

options - Configuration information for this specific LoginModule instance

login

public boolean login()
              throws LoginException

Phase 1 of authenticating a Subject.

Specified by:

login in interface LoginModule

Returns:

true if the authentication succeeded, or false if this LoginModule should be ignored

Throws:

LoginException - if the authentication fails

logout

public boolean logout()
               throws LoginException

Log out this user.

Specified by:

logout in interface LoginModule

Returns:

true in all cases because the LoginModule should not be ignored

Throws:

LoginException - if logging out failed

load

protected void load()

Load the contents of our configuration file.