com.ibm.wsspi.security.common.auth.module

Class IdentityAssertionLoginModule

  • java.lang.Object
    • com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule
  • All Implemented Interfaces:
    javax.security.auth.spi.LoginModule


    public class IdentityAssertionLoginModule
    extends java.lang.Object
    implements javax.security.auth.spi.LoginModule

    Identity Assertion login module

    A principal will be logged in if a trust is established. This login module considers trust to be established if the shared state contains a Map called com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.state. The Map should contain the folowing variables:

    • com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.trust set to true
    • com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.principal containing a java.Security.Principal to hold the login identity.
    • OR com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.certifictes containing a java.security.cert.X509Certificate[] to hold the login identity.

    If the above are provided in the shared state then the identity be logged in.

    Since:
    1.0
    Version:
    1.0
    • Field Summary

      Fields 
      Modifier and Type Field and Description
      protected boolean debug 
    • Constructor Summary

      Constructors 
      Constructor and Description
      IdentityAssertionLoginModule()
      Construct an uninitialized IdentityAssertionLoginModule object.
    • Method Summary

      Methods 
      Modifier and Type Method and Description
      boolean abort()
      Abort the authentication (second phase).
      boolean commit()
      Commit the authentication (phase 2).
      void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
      Initialize this login module.
      boolean login()
      Method to authenticate a Subject (first phase).
      boolean logout()
      Logout the user The principals and credentials are removed from the Shared state.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • debug

        protected boolean debug
    • Constructor Detail

      • IdentityAssertionLoginModule

        public IdentityAssertionLoginModule()

        Construct an uninitialized IdentityAssertionLoginModule object.

    • Method Detail

      • initialize

        public void initialize(javax.security.auth.Subject subject,
                      javax.security.auth.callback.CallbackHandler callbackHandler,
                      java.util.Map sharedState,
                      java.util.Map options)

        Initialize this login module.

        This is called by the LoginContext after this login module is instantiated. The relevant information is passed from the LoginContext to this login module. If the login module does not understands any of the data stored in the sharedState and options parameters, they can be ignored.

        Specified by:
        initialize in interface javax.security.auth.spi.LoginModule
        Parameters:
        subject - The subject to be authenticated.
        callbackHandler - A CallbackHandler for communicating with the end user to gather login information (e.g., username and password).
        sharedState - The state shared with other configured login modules.
        options - The options specified in the login configuration for this particular login module.
      • login

        public boolean login()
                      throws com.ibm.websphere.security.auth.WSLoginFailedException

        Method to authenticate a Subject (first phase).

        This method authenticates a Subject. It uses the Map stored in the shared state property com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.state. The com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.trusted key in the Map is used to determine trust. If true then trusted if false then it not trusted. When trust is established then the principal stored in either the com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.principal or com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.certificates key will contian the identity to login as.

        Specified by:
        login in interface javax.security.auth.spi.LoginModule
        Returns:
        true if the authentication succeeded, or false if this login module should be ignored.
        Throws:
        WSLloginFailedException - If the authentication fails.
        com.ibm.websphere.security.auth.WSLoginFailedException
      • commit

        public boolean commit()
                       throws com.ibm.websphere.security.auth.WSLoginFailedException
        Commit the authentication (phase 2).

        If the login module authentication attempted in phase 1 succeeded, then relevent principals and credentials are associated with the subject. If the authentication attempted in phase 1 failed, then this method removes/destroys any state that was originally saved.

        Specified by:
        commit in interface javax.security.auth.spi.LoginModule
        Returns:
        true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
        Throws:
        com.ibm.websphere.security.auth.WSLoginFailedException - if the commit fails
      • abort

        public boolean abort()
                      throws javax.security.auth.login.LoginException
        Abort the authentication (second phase).

        This method is called if the LoginContext's overall authentication failed.

        If this login module's authentication attempt succeeded, then this method cleans up the previous state saved in phase 1.

        Specified by:
        abort in interface javax.security.auth.spi.LoginModule
        Returns:
        false if this LoginModule's own login and/or commit attempts failed, and true otherwise.
        Throws:
        javax.security.auth.login.LoginException - if the abort fails
      • logout

        public boolean logout()
                       throws javax.security.auth.login.LoginException
        Logout the user

        The principals and credentials are removed from the Shared state.

        Specified by:
        logout in interface javax.security.auth.spi.LoginModule
        Returns:
        true in all cases (this LoginModule should not be ignored).
        Throws:
        javax.security.auth.login.LoginException - if the logout fails
IBM WebSphere Application ServerTM
Release 8.5