Package org.apache.catalina.realm

Class JAASMemoryLoginModule

java.lang.Object

org.apache.catalina.util.LifecycleBase

org.apache.catalina.util.LifecycleMBeanBase

org.apache.catalina.realm.RealmBase

org.apache.catalina.realm.MemoryRealm

org.apache.catalina.realm.JAASMemoryLoginModule

All Implemented Interfaces:

javax.management.MBeanRegistration, javax.security.auth.spi.LoginModule, Contained, JmxEnabled, Lifecycle, Realm

public class JAASMemoryLoginModule
extends MemoryRealm
implements javax.security.auth.spi.LoginModule

Implementation of the JAAS LoginModule interface, primarily for use in testing JAASRealm. It utilizes an XML-format data file of username/password/role information identical to that supported by org.apache.catalina.realm.MemoryRealm.

This class recognizes the following string-valued options, which are specified in the configuration file and passed to initialize(Subject, CallbackHandler, Map, Map) in the options argument:

• pathname - Relative (to the pathname specified by the "catalina.base" system property) or absolute pathname to the XML file containing our user information, in the format supported by MemoryRealm. The default value matches the MemoryRealm default.
• credentialHandlerClassName - The fully qualified class name of the CredentialHandler to use. If not specified, MessageDigestCredentialHandler will be used.
• Any additional options will be used to identify and call setters on the CredentialHandler. For example, algorithm=SHA256 would result in a call to MessageDigestCredentialHandler.setAlgorithm(String) with a parameter of "SHA256"

IMPLEMENTATION NOTE - This class implements Realm only to satisfy the calling requirements of the GenericPrincipal constructor. It does not actually perform the functionality required of a Realm implementation.

Author:

Craig R. McClanahan

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

Lifecycle.SingleUse

Nested classes/interfaces inherited from class org.apache.catalina.realm.RealmBase

RealmBase.AllRolesMode

Field Summary

Fields

Modifier and Type	Field	Description
protected javax.security.auth.callback.CallbackHandler	callbackHandler	The callback handler responsible for answering our requests.
protected boolean	committed	Has our own commit() returned successfully?
protected java.util.Map<java.lang.String,?>	options	The configuration information for this LoginModule.
protected java.lang.String	pathname	The absolute or relative pathname to the XML configuration file.
protected java.security.Principal	principal	The Principal identified by our validation, or null if validation failed.
protected java.util.Map<java.lang.String,?>	sharedState	The state information that is shared with other configured LoginModule instances.
protected javax.security.auth.Subject	subject	The subject for which we are performing authentication.

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

mserver

Fields inherited from class org.apache.catalina.realm.RealmBase

allRolesMode, container, containerLog, realmPath, sm, stripRealmForGss, support, validate, x509UsernameRetriever, x509UsernameRetrieverClassName

Constructor Summary

Constructors

Constructor	Description
JAASMemoryLoginModule()

Method Summary

Modifier and Type	Method	Description
boolean	abort()	Phase 2 of authenticating a Subject when Phase 1 fails.
boolean	commit()	Phase 2 of authenticating a Subject when Phase 1 was successful.
void	initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map<java.lang.String,?> sharedState, java.util.Map<java.lang.String,?> options)	Initialize this LoginModule with the specified configuration information.
protected void	load()	Load the contents of our configuration file.
boolean	login()	Phase 1 of authenticating a Subject.
boolean	logout()	Log out this user.

Methods inherited from class org.apache.catalina.util.LifecycleBase

addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister

Methods inherited from class org.apache.catalina.realm.MemoryRealm

authenticate, getDigester, getPassword, getPathname, getPrincipal, setPathname, startInternal

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.catalina.Realm

isAvailable

Methods inherited from class org.apache.catalina.realm.RealmBase

addPropertyChangeListener, authenticate, authenticate, authenticate, authenticate, backgroundProcess, findSecurityConstraints, getAllRolesMode, getContainer, getCredentialHandler, getDigest, getDomainInternal, getObjectNameKeyProperties, getPrincipal, getPrincipal, getRealmPath, getRealmSuffix, getRoles, getServer, getTransportGuaranteeRedirectStatus, getValidate, getX509UsernameRetrieverClassName, hasMessageDigest, hasResourcePermission, hasRole, hasRoleInternal, hasUserDataPermission, initInternal, isStripRealmForGss, main, removePropertyChangeListener, setAllRolesMode, setContainer, setCredentialHandler, setRealmPath, setStripRealmForGss, setTransportGuaranteeRedirectStatus, setValidate, setX509UsernameRetrieverClassName, stopInternal, toString

Field Detail

callbackHandler

protected javax.security.auth.callback.CallbackHandler callbackHandler

The callback handler responsible for answering our requests.

committed

protected boolean committed

Has our own commit() returned successfully?

options

protected java.util.Map<java.lang.String,?> options

The configuration information for this LoginModule.

pathname

protected java.lang.String pathname

The absolute or relative pathname to the XML configuration file.

principal

protected java.security.Principal principal

The Principal identified by our validation, or null if validation failed.

sharedState

protected java.util.Map<java.lang.String,?> sharedState

The state information that is shared with other configured LoginModule instances.

subject

protected javax.security.auth.Subject subject

The subject for which we are performing authentication.

Constructor Detail

JAASMemoryLoginModule

public JAASMemoryLoginModule()

Method Detail

abort

public boolean abort()
              throws javax.security.auth.login.LoginException

Phase 2 of authenticating a Subject when Phase 1 fails. This method is called if the LoginContext failed somewhere in the overall authentication chain.

Specified by:

abort in interface javax.security.auth.spi.LoginModule

Returns:

true if this method succeeded, or false if this LoginModule should be ignored

Throws:

javax.security.auth.login.LoginException - if the abort fails

commit

public boolean commit()
               throws javax.security.auth.login.LoginException

Phase 2 of authenticating a Subject when Phase 1 was successful. This method is called if the LoginContext succeeded in the overall authentication chain.

Specified by:

commit in interface javax.security.auth.spi.LoginModule

Returns:

true if the authentication succeeded, or false if this LoginModule should be ignored

Throws:

javax.security.auth.login.LoginException - if the commit fails

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map<java.lang.String,?> sharedState,
                       java.util.Map<java.lang.String,?> options)

Initialize this LoginModule with the specified configuration information.

Specified by:

initialize in interface javax.security.auth.spi.LoginModule

Parameters:

subject - The Subject to be authenticated

callbackHandler - A CallbackHandler for communicating with the end user as necessary

sharedState - State information shared with other LoginModule instances

options - Configuration information for this specific LoginModule instance

login

public boolean login()
              throws javax.security.auth.login.LoginException

Phase 1 of authenticating a Subject.

Specified by:

login in interface javax.security.auth.spi.LoginModule

Returns:

true if the authentication succeeded, or false if this LoginModule should be ignored

Throws:

javax.security.auth.login.LoginException - if the authentication fails

logout

public boolean logout()
               throws javax.security.auth.login.LoginException

Log out this user.

Specified by:

logout in interface javax.security.auth.spi.LoginModule

Returns:

true in all cases because the LoginModule should not be ignored

Throws:

javax.security.auth.login.LoginException - if logging out failed

load

protected void load()

Load the contents of our configuration file.