Package org.apache.catalina.realm
Class JAASMemoryLoginModule
java.lang.Object
org.apache.catalina.util.LifecycleBase
org.apache.catalina.util.LifecycleMBeanBase
org.apache.catalina.realm.RealmBase
org.apache.catalina.realm.MemoryRealm
org.apache.catalina.realm.JAASMemoryLoginModule
- All Implemented Interfaces:
MBeanRegistration
,LoginModule
,Contained
,JmxEnabled
,Lifecycle
,Realm
Implementation of the JAAS LoginModule interface, primarily for use in testing
JAASRealm
. It utilizes an XML-format data file of username/password/role information identical to that
supported by org.apache.catalina.realm.MemoryRealm
.
This class recognizes the following string-valued options, which are specified in the configuration file and passed
to initialize(Subject, CallbackHandler, Map, Map)
in the options
argument:
- pathname - Relative (to the pathname specified by the "catalina.base" system property) or
absolute pathname to the XML file containing our user information, in the format supported by
MemoryRealm
. The default value matches the MemoryRealm default. - credentialHandlerClassName - The fully qualified class name of the CredentialHandler to use. If
not specified,
MessageDigestCredentialHandler
will be used. - Any additional options will be used to identify and call setters on the
CredentialHandler
. For example,algorithm=SHA256
would result in a call toMessageDigestCredentialHandler.setAlgorithm(String)
with a parameter of"SHA256"
IMPLEMENTATION NOTE - This class implements Realm
only to satisfy the calling
requirements of the GenericPrincipal
constructor. It does not actually perform the functionality
required of a Realm
implementation.
- Author:
- Craig R. McClanahan
-
Nested Class Summary
Nested classes/interfaces inherited from class org.apache.catalina.realm.RealmBase
RealmBase.AllRolesMode
Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle
Lifecycle.SingleUse
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected CallbackHandler
The callback handler responsible for answering our requests.protected boolean
Has our owncommit()
returned successfully?The configuration information for thisLoginModule
.protected String
The absolute or relative pathname to the XML configuration file.protected Principal
ThePrincipal
identified by our validation, ornull
if validation failed.The state information that is shared with other configuredLoginModule
instances.protected Subject
The subject for which we are performing authentication.Fields inherited from class org.apache.catalina.realm.RealmBase
allRolesMode, container, containerLog, realmPath, sm, stripRealmForGss, support, validate, x509UsernameRetriever, x509UsernameRetrieverClassName
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionboolean
abort()
Phase 2 of authenticating aSubject
when Phase 1 fails.boolean
commit()
Phase 2 of authenticating aSubject
when Phase 1 was successful.void
initialize
(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) Initialize thisLoginModule
with the specified configuration information.protected void
load()
Load the contents of our configuration file.boolean
login()
Phase 1 of authenticating aSubject
.boolean
logout()
Log out this user.Methods inherited from class org.apache.catalina.realm.MemoryRealm
authenticate, getDigester, getPassword, getPathname, getPrincipal, setPathname, startInternal
Methods inherited from class org.apache.catalina.realm.RealmBase
addPropertyChangeListener, authenticate, authenticate, authenticate, authenticate, authenticate, backgroundProcess, findSecurityConstraints, getAllRolesMode, getContainer, getCredentialHandler, getDigest, getDomainInternal, getObjectNameKeyProperties, getPrincipal, getPrincipal, getRealmPath, getRealmSuffix, getServer, getTransportGuaranteeRedirectStatus, getValidate, getX509UsernameRetrieverClassName, hasMessageDigest, hasResourcePermission, hasRole, hasRoleInternal, hasUserDataPermission, initInternal, isStripRealmForGss, main, removePropertyChangeListener, setAllRolesMode, setContainer, setCredentialHandler, setRealmPath, setStripRealmForGss, setTransportGuaranteeRedirectStatus, setValidate, setX509UsernameRetrieverClassName, stopInternal, toString
Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregister
Methods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface org.apache.catalina.Realm
isAvailable
-
Field Details
-
callbackHandler
The callback handler responsible for answering our requests. -
committed
protected boolean committedHas our owncommit()
returned successfully? -
options
The configuration information for thisLoginModule
. -
pathname
The absolute or relative pathname to the XML configuration file. -
principal
ThePrincipal
identified by our validation, ornull
if validation failed. -
subject
The subject for which we are performing authentication.
-
-
Constructor Details
-
JAASMemoryLoginModule
public JAASMemoryLoginModule()
-
-
Method Details
-
abort
Phase 2 of authenticating aSubject
when Phase 1 fails. This method is called if theLoginContext
failed somewhere in the overall authentication chain.- Specified by:
abort
in interfaceLoginModule
- Returns:
true
if this method succeeded, orfalse
if thisLoginModule
should be ignored- Throws:
LoginException
- if the abort fails
-
commit
Phase 2 of authenticating aSubject
when Phase 1 was successful. This method is called if theLoginContext
succeeded in the overall authentication chain.- Specified by:
commit
in interfaceLoginModule
- Returns:
true
if the authentication succeeded, orfalse
if thisLoginModule
should be ignored- Throws:
LoginException
- if the commit fails
-
initialize
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) Initialize thisLoginModule
with the specified configuration information.- Specified by:
initialize
in interfaceLoginModule
- Parameters:
subject
- TheSubject
to be authenticatedcallbackHandler
- ACallbackHandler
for communicating with the end user as necessarysharedState
- State information shared with otherLoginModule
instancesoptions
- Configuration information for this specificLoginModule
instance
-
login
Phase 1 of authenticating aSubject
.- Specified by:
login
in interfaceLoginModule
- Returns:
true
if the authentication succeeded, orfalse
if thisLoginModule
should be ignored- Throws:
LoginException
- if the authentication fails
-
logout
Log out this user.- Specified by:
logout
in interfaceLoginModule
- Returns:
true
in all cases because theLoginModule
should not be ignored- Throws:
LoginException
- if logging out failed
-
load
protected void load()Load the contents of our configuration file.
-