org.wildfly.iiop.openjdk.security

Class TrustedIdentityTokenLoginModule

java.lang.Object

org.jboss.security.auth.spi.AbstractServerLoginModule

org.wildfly.iiop.openjdk.security.TrustedIdentityTokenLoginModule

All Implemented Interfaces:

LoginModule

public class TrustedIdentityTokenLoginModule
extends org.jboss.security.auth.spi.AbstractServerLoginModule

Login module that allows a user to authenticate as long as an identity token is present.

Subclasses can override #validateCredential(String, org.wildfly.iiop.openjdk.csiv2.idl.SASCurrent) to implement identity token validation logic.

WARNING: Installing this class as a login module without subclassing and implementing validation essentially means that the server will trust any incoming CORBA invocation.

Author:

Stuart Douglas

Field Summary

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass

Constructor Summary

Constructors

Constructor and Description
TrustedIdentityTokenLoginModule()

Method Summary

Modifier and Type	Method and Description
protected Principal	getIdentity()
protected Group[]	getRoleSets()
protected Principal	getUnauthenticatedIdentity()
protected String	getUsername()
void	initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
boolean	login()
protected void	safeClose(InputStream fis)
protected void	validateCredential(String username, org.jboss.iiop.csiv2.SASCurrent credential) Validates the credential.

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

abort, addValidOptions, checkOptions, commit, createGroup, createIdentity, getCallerPrincipalGroup, getUseFirstPass, logout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TrustedIdentityTokenLoginModule

public TrustedIdentityTokenLoginModule()

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,?> sharedState,
                       Map<String,?> options)

Specified by:

initialize in interface LoginModule

Overrides:

initialize in class org.jboss.security.auth.spi.AbstractServerLoginModule

login

public boolean login()
              throws LoginException

Specified by:

login in interface LoginModule

Overrides:

login in class org.jboss.security.auth.spi.AbstractServerLoginModule

Throws:

LoginException

validateCredential

protected void validateCredential(String username,
                                  org.jboss.iiop.csiv2.SASCurrent credential)
                           throws LoginException

Validates the credential. Unfortunately there is not much we can do here by default.

This method can be overridden to provide some real validation logic

Parameters:

username - The username

credential - The SASCurrent.

Throws:

LoginException

getIdentity

protected Principal getIdentity()

Specified by:

getIdentity in class org.jboss.security.auth.spi.AbstractServerLoginModule

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException

Specified by:

getRoleSets in class org.jboss.security.auth.spi.AbstractServerLoginModule

Throws:

LoginException

getUnauthenticatedIdentity

protected Principal getUnauthenticatedIdentity()

Overrides:

getUnauthenticatedIdentity in class org.jboss.security.auth.spi.AbstractServerLoginModule

getUsername

protected String getUsername()

safeClose

protected void safeClose(InputStream fis)