com.ecyrd.jspwiki.auth.login
Class AbstractLoginModule

java.lang.Object
  extended by com.ecyrd.jspwiki.auth.login.AbstractLoginModule
All Implemented Interfaces:
LoginModule
Direct Known Subclasses:
AnonymousLoginModule, CookieAssertionLoginModule, UserDatabaseLoginModule, WebContainerLoginModule

public abstract class AbstractLoginModule
extends Object
implements LoginModule

Abstract JAAS LoginModulethat implements base functionality. The methods login() and commit() must be implemented by subclasses. The default implementations of initialize(Subject, CallbackHandler, Map, Map), abort() and logout() should be sufficient for most purposes.

Since:
2.3
Version:
$Revision: 1.9 $ $Date: 2006/06/04 19:50:57 $
Author:
Andrew Jaquith

Field Summary
protected static org.apache.log4j.Logger log
           
protected  CallbackHandler m_handler
           
protected  Map m_options
           
protected  Collection m_previousWikiPrincipals
          Collection of Principals set during login module initialization.
protected  Collection m_principals
          Implementing classes should add Principals to this collection; these will be added to the principal set when the overall login succeeds.
protected  Collection m_principalsToOverwrite
          Implementing classes should add Principals to this collection to specify what Principals, perhaps suppled by other LoginModules, must be removed if login for this module, or for the entire login configuration overall, succeeds.
protected  Collection m_principalsToRemove
          Implementing classes should add Principals to this collection to specify what Principals must be removed if login for this module, or for the entire login configuration overall, fails.
protected  Map m_state
           
protected  Subject m_subject
           
protected static String NULL
           
 
Constructor Summary
AbstractLoginModule()
           
 
Method Summary
 boolean abort()
          Aborts the login; called if the LoginContext's overall authentication failed.
 boolean commit()
           
 void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
          Initializes the LoginModule with a given Subject, callback handler, options and shared state.
abstract  boolean login()
          Logs in the user by calling back to the registered CallbackHandler with a series of callbacks.
 boolean logout()
          Logs the user out.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

log

protected static org.apache.log4j.Logger log

m_handler

protected CallbackHandler m_handler

m_options

protected Map m_options

m_previousWikiPrincipals

protected Collection m_previousWikiPrincipals
Collection of Principals set during login module initialization. These represent the user's identities prior to the overall login. Typically these will contain earlier, less-authoritative principals like a WikiPrincipal for the user cookie, or an IP address. These Principals are forcibly removed during the commit phase if login succeeds.


m_principals

protected Collection m_principals
Implementing classes should add Principals to this collection; these will be added to the principal set when the overall login succeeds. These Principals will be added to the Subject during the commit() phase of login.


m_principalsToRemove

protected Collection m_principalsToRemove
Implementing classes should add Principals to this collection to specify what Principals must be removed if login for this module, or for the entire login configuration overall, fails. Generally, these will be Principals of type Role.


m_principalsToOverwrite

protected Collection m_principalsToOverwrite
Implementing classes should add Principals to this collection to specify what Principals, perhaps suppled by other LoginModules, must be removed if login for this module, or for the entire login configuration overall, succeeds. Generally, these will be Principals of type Role. For example, CookieAssertionLoginModule adds Role.ANONYMOUS to its m_principalsToOverwrite collection because when it succeeds, its own Role.AUTHENTICATED should over-write Role.ANONYMOUS.


m_state

protected Map m_state

m_subject

protected Subject m_subject

NULL

protected static final String NULL
See Also:
Constant Field Values
Constructor Detail

AbstractLoginModule

public AbstractLoginModule()
Method Detail

abort

public final boolean abort()
                    throws LoginException
Aborts the login; called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed). Specifically, it removes Principals from the Subject that are associated with the individual LoginModule; these will be those contained in m_principalsToRemove. It always returns true.

Specified by:
abort in interface LoginModule
Throws:
LoginException - if the abort itself fails
See Also:
LoginModule.abort()

commit

public final boolean commit()
                     throws LoginException
Specified by:
commit in interface LoginModule
Throws:
LoginException
See Also:
LoginModule.commit()

initialize

public final void initialize(Subject subject,
                             CallbackHandler callbackHandler,
                             Map sharedState,
                             Map options)
Initializes the LoginModule with a given Subject, callback handler, options and shared state. In particular, the member variable m_principals is initialized as a blank Set.

Specified by:
initialize in interface LoginModule
See Also:
LoginModule.initialize(javax.security.auth.Subject, javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)

login

public abstract boolean login()
                       throws LoginException
Logs in the user by calling back to the registered CallbackHandler with a series of callbacks. If the login succeeds, this method returns true

Specified by:
login in interface LoginModule
Returns:
true if the commit succeeded, or false if this LoginModule should be ignored.
Throws:
LoginException - if the authentication fails
See Also:
LoginModule.login()

logout

public final boolean logout()
                     throws LoginException
Logs the user out. Removes all principals in m_principalsToRemove from the Subject's principal set.

Specified by:
logout in interface LoginModule
Returns:
true if the commit succeeded, or false if this LoginModule should be ignored
Throws:
LoginException - if the logout itself fails
See Also:
LoginModule.logout()