Class JAASMemoryLoginModule

All Implemented Interfaces:
MBeanRegistration, LoginModule, Contained, JmxEnabled, Lifecycle, Realm

public class JAASMemoryLoginModule extends MemoryRealm implements LoginModule

Implementation of the JAAS LoginModule interface, primarily for use in testing JAASRealm. It utilizes an XML-format data file of username/password/role information identical to that supported by org.apache.catalina.realm.MemoryRealm.

This class recognizes the following string-valued options, which are specified in the configuration file and passed to initialize(Subject, CallbackHandler, Map, Map) in the options argument:

  • pathname - Relative (to the pathname specified by the "catalina.base" system property) or absolute pathname to the XML file containing our user information, in the format supported by MemoryRealm. The default value matches the MemoryRealm default.
  • credentialHandlerClassName - The fully qualified class name of the CredentialHandler to use. If not specified, MessageDigestCredentialHandler will be used.
  • Any additional options will be used to identify and call setters on the CredentialHandler. For example, algorithm=SHA256 would result in a call to MessageDigestCredentialHandler.setAlgorithm(String) with a parameter of "SHA256"

IMPLEMENTATION NOTE - This class implements Realm only to satisfy the calling requirements of the GenericPrincipal constructor. It does not actually perform the functionality required of a Realm implementation.

Author:
Craig R. McClanahan
  • Field Details

    • callbackHandler

      protected CallbackHandler callbackHandler
      The callback handler responsible for answering our requests.
    • committed

      protected boolean committed
      Has our own commit() returned successfully?
    • options

      protected Map<String,?> options
      The configuration information for this LoginModule.
    • pathname

      protected String pathname
      The absolute or relative pathname to the XML configuration file.
    • principal

      protected Principal principal
      The Principal identified by our validation, or null if validation failed.
    • sharedState

      protected Map<String,?> sharedState
      The state information that is shared with other configured LoginModule instances.
    • subject

      protected Subject subject
      The subject for which we are performing authentication.
  • Constructor Details

    • JAASMemoryLoginModule

      public JAASMemoryLoginModule()
  • Method Details

    • abort

      public boolean abort() throws LoginException
      Phase 2 of authenticating a Subject when Phase 1 fails. This method is called if the LoginContext failed somewhere in the overall authentication chain.
      Specified by:
      abort in interface LoginModule
      Returns:
      true if this method succeeded, or false if this LoginModule should be ignored
      Throws:
      LoginException - if the abort fails
    • commit

      public boolean commit() throws LoginException
      Phase 2 of authenticating a Subject when Phase 1 was successful. This method is called if the LoginContext succeeded in the overall authentication chain.
      Specified by:
      commit in interface LoginModule
      Returns:
      true if the authentication succeeded, or false if this LoginModule should be ignored
      Throws:
      LoginException - if the commit fails
    • initialize

      public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
      Initialize this LoginModule with the specified configuration information.
      Specified by:
      initialize in interface LoginModule
      Parameters:
      subject - The Subject to be authenticated
      callbackHandler - A CallbackHandler for communicating with the end user as necessary
      sharedState - State information shared with other LoginModule instances
      options - Configuration information for this specific LoginModule instance
    • login

      public boolean login() throws LoginException
      Phase 1 of authenticating a Subject.
      Specified by:
      login in interface LoginModule
      Returns:
      true if the authentication succeeded, or false if this LoginModule should be ignored
      Throws:
      LoginException - if the authentication fails
    • logout

      public boolean logout() throws LoginException
      Log out this user.
      Specified by:
      logout in interface LoginModule
      Returns:
      true in all cases because the LoginModule should not be ignored
      Throws:
      LoginException - if logging out failed
    • load

      protected void load()
      Load the contents of our configuration file.