org.apache.jackrabbit.oak.spi.security.authentication

Class AbstractLoginModule

java.lang.Object

org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule

All Implemented Interfaces:

LoginModule

@ProviderType
public abstract class AbstractLoginModule
extends Object
implements LoginModule

Abstract implementation of the LoginModule interface that can act as base class for login modules that aim to authenticate subjects against information stored in the content repository.

LoginModule Methods

This base class provides a simple implementation for the following methods of the LoginModule interface:

• Initialize: Initialization of this abstract module sets the following protected instance fields:
  • subject: The subject to be authenticated,
  • callbackHandler: The callback handler passed to the login module,
  • shareState: The map used to share state information with other login modules,
  • options: The configuration options of this login module as specified in the Configuration.
• Logout: If the authenticated subject is not empty this logout implementation attempts to clear both principals and public credentials and returns true.
• Abort: Clears the state of this login module by setting all private instance variables created in phase 1 or 2 to null. Subclasses are in charge of releasing their own state information by either overriding clearState().

Utility Methods

The following methods are provided in addition:

• clearState(): Clears all private state information that has be created during login. This method in called in abort() and subclasses are expected to override this method.
• getSupportedCredentials(): Abstract method used by getCredentials() that reveals which credential implementations are supported by the LoginModule.
• getCredentials(): Tries to retrieve valid (supported) Credentials in the following order:
  1. using a CredentialsCallback,
  2. looking for a SHARED_KEY_CREDENTIALS entry in the shared state (see also getSharedCredentials() and finally by
  3. searching for valid credentials in the subject.
• getSharedCredentials(): This method returns credentials passed to the login module with the share state. The key to share credentials with a another module extending from this base class is SHARED_KEY_CREDENTIALS. Note, that this method does not verify if the credentials provided by the shared state are supported.
• getSharedLoginName(): If the shared state contains an entry for SHARED_KEY_LOGIN_NAME this method returns the value as login name.
• getSecurityProvider(): Returns the configured security provider or null.
• getRoot(): Provides access to the latest state of the repository in order to retrieve user or principal information required to authenticate the subject as well as to write back information during LoginModule.commit().
• getUserManager(): Returns an instance of the configured UserManager or null.
• getPrincipalProvider(): Returns an instance of the configured principal provider or null.
• getPrincipals(String): Utility that returns all principals associated with a given user id. This method might be be called after successful authentication in order to be able to populate the subject during LoginModule.commit(). The implementation is a shortcut for calling getPrincipals(String userId on the provider exposed by getPrincipalProvider()

Field Summary

Fields

Modifier and Type	Field and Description
protected CallbackHandler	callbackHandler
protected ConfigurationParameters	options
static String	SHARED_KEY_ATTRIBUTES Key of the sharedState entry referring to public attributes that are shared between multiple login modules.
static String	SHARED_KEY_CREDENTIALS Key of the sharedState entry referring to validated Credentials that is shared between multiple login modules.
static String	SHARED_KEY_LOGIN_NAME Key of the sharedState entry referring to a valid login ID that is shared between multiple login modules.
static String	SHARED_KEY_PRE_AUTH_LOGIN Key of the sharedState entry referring to pre authenticated login information that is shared between multiple login modules.
protected Map	sharedState
protected Subject	subject

Constructor Summary

Constructors

Constructor and Description
AbstractLoginModule()

Method Summary

Modifier and Type	Method and Description
boolean	abort()
protected void	clearState() Clear state information that has been created during LoginModule.login().
protected @Nullable Credentials	getCredentials() Tries to retrieve valid (supported) Credentials: using a CredentialsCallback, looking for a SHARED_KEY_CREDENTIALS entry in the shared state (see also getSharedCredentials() and finally by searching for valid credentials in the subject.
protected @Nullable PrincipalProvider	getPrincipalProvider() Retrieves the PrincipalProvider that should be used to handle this authentication.
protected @NotNull Set<? extends Principal>	getPrincipals(@NotNull Principal userPrincipal)
protected @NotNull Set<? extends Principal>	getPrincipals(@NotNull String userId) Retrieves all principals associated with the specified userId for the configured principal provider.
protected @Nullable org.apache.jackrabbit.oak.api.Root	getRoot() Tries to obtain a Root object from the callback handler using a new RepositoryCallback and keeps the value as private field.
protected @Nullable SecurityProvider	getSecurityProvider() Tries to obtain the SecurityProvider object from the callback handler using a new SecurityProviderCallback and keeps the value as private field.
protected @Nullable Credentials	getSharedCredentials()
protected @Nullable String	getSharedLoginName()
protected @Nullable PreAuthenticatedLogin	getSharedPreAuthLogin()
protected abstract @NotNull Set<Class>	getSupportedCredentials()
protected @Nullable UserManager	getUserManager() Retrieves the UserManager that should be used to handle this authentication.
protected @Nullable org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard	getWhiteboard() Tries to obtain the Whiteboard object from the callback handler using a new WhiteboardCallback and keeps the value as private field.
void	initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
boolean	logout()
protected static void	setAuthInfo(@NotNull org.apache.jackrabbit.oak.api.AuthInfo authInfo, @NotNull Subject subject)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.security.auth.spi.LoginModule

commit, login

Field Detail

SHARED_KEY_CREDENTIALS

public static final String SHARED_KEY_CREDENTIALS

Key of the sharedState entry referring to validated Credentials that is shared between multiple login modules.

See Also:

Constant Field Values

SHARED_KEY_LOGIN_NAME

public static final String SHARED_KEY_LOGIN_NAME

Key of the sharedState entry referring to a valid login ID that is shared between multiple login modules.

See Also:

Constant Field Values

SHARED_KEY_ATTRIBUTES

public static final String SHARED_KEY_ATTRIBUTES

Key of the sharedState entry referring to public attributes that are shared between multiple login modules.

See Also:

Constant Field Values

SHARED_KEY_PRE_AUTH_LOGIN

public static final String SHARED_KEY_PRE_AUTH_LOGIN

Key of the sharedState entry referring to pre authenticated login information that is shared between multiple login modules.

subject

protected Subject subject

callbackHandler

protected CallbackHandler callbackHandler

sharedState

protected Map sharedState

options

protected ConfigurationParameters options

Constructor Detail

AbstractLoginModule

public AbstractLoginModule()

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,?> sharedState,
                       Map<String,?> options)

Specified by:

initialize in interface LoginModule

logout

public boolean logout()

Specified by:

logout in interface LoginModule

abort

public boolean abort()
              throws LoginException

Specified by:

abort in interface LoginModule

Throws:

LoginException

clearState

protected void clearState()

Clear state information that has been created during LoginModule.login().

getSupportedCredentials

@NotNull
protected abstract @NotNull Set<Class> getSupportedCredentials()

Returns:

A set of supported credential classes.

getCredentials

@Nullable
protected @Nullable Credentials getCredentials()

Tries to retrieve valid (supported) Credentials:

1. using a CredentialsCallback,
2. looking for a SHARED_KEY_CREDENTIALS entry in the shared state (see also getSharedCredentials() and finally by
3. searching for valid credentials in the subject.

Returns:

Valid (supported) credentials or null.

getSharedCredentials

@Nullable
protected @Nullable Credentials getSharedCredentials()

Returns:

The credentials passed to this login module with the shared state.

See Also:

SHARED_KEY_CREDENTIALS

getSharedLoginName

@Nullable
protected @Nullable String getSharedLoginName()

Returns:

The login name passed to this login module with the shared state.

See Also:

SHARED_KEY_LOGIN_NAME

getSharedPreAuthLogin

@Nullable
protected @Nullable PreAuthenticatedLogin getSharedPreAuthLogin()

Returns:

The pre authenticated login or null

See Also:

SHARED_KEY_PRE_AUTH_LOGIN

getSecurityProvider

@Nullable
protected @Nullable SecurityProvider getSecurityProvider()

Tries to obtain the SecurityProvider object from the callback handler using a new SecurityProviderCallback and keeps the value as private field. If the callback handler isn't able to handle the SecurityProviderCallback this method returns null.

Returns:

The SecurityProvider associated with this LoginModule or null.

getWhiteboard

@Nullable
protected @Nullable org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard getWhiteboard()

Tries to obtain the Whiteboard object from the callback handler using a new WhiteboardCallback and keeps the value as private field. If the callback handler isn't able to handle the WhiteboardCallback this method returns null.

Returns:

The Whiteboard associated with this LoginModule or null.

getRoot

@Nullable
protected @Nullable org.apache.jackrabbit.oak.api.Root getRoot()

Tries to obtain a Root object from the callback handler using a new RepositoryCallback and keeps the value as private field. If the callback handler isn't able to handle the RepositoryCallback this method returns null.

Returns:

The Root associated with this LoginModule or null.

getUserManager

@Nullable
protected @Nullable UserManager getUserManager()

Retrieves the UserManager that should be used to handle this authentication. If no user manager has been configure this method returns null.

Returns:

A instance of UserManager or null.

getPrincipalProvider

@Nullable
protected @Nullable PrincipalProvider getPrincipalProvider()

Retrieves the PrincipalProvider that should be used to handle this authentication. If no principal provider has been configure this method returns null.

Returns:

A instance of PrincipalProvider or null.

getPrincipals

@NotNull
protected @NotNull Set<? extends Principal> getPrincipals(@NotNull
                                                                   @NotNull String userId)

Retrieves all principals associated with the specified userId for the configured principal provider.

Parameters:

userId - The id of the user.

Returns:

The set of principals associated with the given userId.

See Also:

getPrincipalProvider()

getPrincipals

@NotNull
protected @NotNull Set<? extends Principal> getPrincipals(@NotNull
                                                                   @NotNull Principal userPrincipal)

setAuthInfo

protected static void setAuthInfo(@NotNull
                                  @NotNull org.apache.jackrabbit.oak.api.AuthInfo authInfo,
                                  @NotNull
                                  @NotNull Subject subject)