Class IdentityAssertionLoginModule
- java.lang.Object
- 
- com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule
 
- 
- All Implemented Interfaces:
- javax.security.auth.spi.LoginModule
 
 public class IdentityAssertionLoginModule extends java.lang.Object implements javax.security.auth.spi.LoginModuleIdentity Assertion login module A principal will be logged in if a trust is established. This login module considers trust to be established if the shared state contains a Map called com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.state. The Map should contain the following variables: - com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.trust set to true
- com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.principal containing a java.Security.Principal to hold the login identity.
- OR com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.certificates containing a java.security.cert.X509Certificate[] to hold the login identity.
 If the Map is provided in the shared state then the identity will be logged in. - Since:
- 1.0
 
- 
- 
Constructor SummaryConstructors Constructor Description IdentityAssertionLoginModule()
 - 
Method SummaryAll Methods Instance Methods Concrete Methods Modifier and Type Method Description booleanabort()Abort the authentication (second phase).booleancommit()Commit the authentication (phase 2).voidinitialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)Initialize this login module.booleanlogin()Method to authenticate a Subject (first phase).booleanlogout()Logout the user
 
- 
- 
- 
Method Detail- 
initializepublic void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)Initialize this login module. This is called by the LoginContextafter this login module is instantiated. The relevant information is passed from theLoginContextto this login module. If the login module does not understands any of the data stored in thesharedStateandoptionsparameters, they can be ignored.- Specified by:
- initializein interface- javax.security.auth.spi.LoginModule
- Parameters:
- subject- The subject to be authenticated.
- callbackHandler- A- CallbackHandlerfor communicating with the end user to gather login information (e.g., username and password).
- sharedState- The state shared with other configured login modules.
- options- The options specified in the login configuration for this particular login module.
 
 - 
loginpublic boolean login() throws com.ibm.websphere.security.auth.WSLoginFailedExceptionMethod to authenticate a Subject (first phase). This method authenticates a Subject. It uses the Map stored in the shared state property com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.state. The com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.trusted key in the Map is used to determine trust. If true then trusted if false then it not trusted. When trust is established then the principal stored in either the com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.principal or com.ibm.wsspi.security.common.auth.module.IdentityAssertionLoginModule.certificates key will contain the identity to login as. - Specified by:
- loginin interface- javax.security.auth.spi.LoginModule
- Returns:
- trueif the authentication succeeded, or- falseif this login module should be ignored.
- Throws:
- com.ibm.websphere.security.auth.WSLoginFailedException- If the authentication fails.
 
 - 
commitpublic boolean commit() throws com.ibm.websphere.security.auth.WSLoginFailedExceptionCommit the authentication (phase 2).If the login module authentication attempted in phase 1 succeeded, then relevant principals and credentials are associated with the subject. If the authentication attempted in phase 1 failed, then this method removes/destroys any state that was originally saved. - Specified by:
- commitin interface- javax.security.auth.spi.LoginModule
- Returns:
- true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
- Throws:
- com.ibm.websphere.security.auth.WSLoginFailedException- if the commit fails
 
 - 
abortpublic boolean abort() throws javax.security.auth.login.LoginExceptionAbort the authentication (second phase).This method is called if the LoginContext's overall authentication failed.If this login module's authentication attempt succeeded, then this method cleans up the previous state saved in phase 1. - Specified by:
- abortin interface- javax.security.auth.spi.LoginModule
- Returns:
- false if this LoginModule's own login and/or commit attempts failed, and true otherwise.
- Throws:
- javax.security.auth.login.LoginException- if the abort fails
 
 - 
logoutpublic boolean logout() throws javax.security.auth.login.LoginExceptionLogout the userThe principals and credentials are removed from the Shared state. - Specified by:
- logoutin interface- javax.security.auth.spi.LoginModule
- Returns:
- true in all cases (this LoginModuleshould not be ignored).
- Throws:
- javax.security.auth.login.LoginException- if the logout fails
 
 
- 
 
-