FileDocCategorySizeDatePackage
ClientPasswordLoginModule.javaAPI DocGlassfish v2 API11563Fri May 04 22:35:26 BST 2007com.sun.enterprise.security.auth.login

ClientPasswordLoginModule

public class ClientPasswordLoginModule extends Object implements LoginModule

This sample LoginModule authenticates users with a password.

If testUser successfully authenticates itself, a PrincipalImpl with the testUser's username is added to the Subject.

author
Harpreet Singh (harpreet.singh@sun.com)

Fields Summary
private static final Logger
_logger
private static final String
DEFAULT_REALMNAME
private static final com.sun.enterprise.util.LocalStringManagerImpl
localStrings
private Subject
subject
private CallbackHandler
callbackHandler
private Map
sharedState
private Map
options
private boolean
succeeded
private boolean
commitSucceeded
private String
username
private char[]
password
private com.sun.enterprise.deployment.PrincipalImpl
userPrincipal
public static final String
LOGIN_NAME
public static final String
LOGIN_PASSWORD
Constructors Summary
Methods Summary
public booleanabort()

This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).

If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login and commit methods), then this method cleans up any state that was originally saved.

exception
LoginException if the abort fails.
return
false if this LoginModule's own login and/or commit attempts failed, and true otherwise.

	if (succeeded == false) {
	    return false;
	} else if (succeeded == true && commitSucceeded == false) {
	    // login succeeded but overall authentication failed
	    succeeded = false;
	    username = null;
	    if (password != null) {
		for (int i = 0; i < password.length; i++){
		    password[i] = ' ";
                }
		password = null;
	    }
	    userPrincipal = null;
	} else {
	    // overall authentication succeeded and commit succeeded,
	    // but someone else's commit failed
	    logout();
	}
	return true;
public booleancommit()

This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).

If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login method), then this method associates a PrincipalImpl with the Subject located in the LoginModule. If this LoginModule's own authentication attempted failed, then this method removes any state that was originally saved.

exception
LoginException if the commit fails.
return
true if this LoginModule's own login and commit attempts succeeded, or false otherwise.

	if (succeeded == false) {
	    return false;
	} else {
	    // add a Principal (authenticated identity)
	    // to the Subject

	    // assume the user we authenticated is the PrincipalImpl
	    userPrincipal = new PrincipalImpl(username);
	    if (!subject.getPrincipals().contains(userPrincipal)){
		subject.getPrincipals().add(userPrincipal);
            }
            _logger.log(Level.FINE,"\t\t[ClientPasswordLoginModule] " +
                        "added PrincipalImpl to Subject");
            
	    String realm = DEFAULT_REALMNAME;

	    PasswordCredential pc = 
		new PasswordCredential(username, new String(password), realm);
	    if(!subject.getPrivateCredentials().contains(pc)) {
		subject.getPrivateCredentials().add(pc);
            }
	    // in any case, clean out state
	    username = null;
	    for (int i = 0; i < password.length; i++){
		password[i] = ' ";
            }
	    password = null;
	    commitSucceeded = true;
	    return true;
	}
public voidinitialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
Initialize this LoginModule.

param
subject the Subject to be authenticated.

param
callbackHandler a CallbackHandler for communicating with the end user (prompting for usernames and passwords, for example).

param
sharedState shared LoginModule state.

param
options options specified in the login Configuration for this particular LoginModule.



                      			       			                			   			     
         
			    
 
	this.subject = subject;
	this.callbackHandler = callbackHandler;
	this.sharedState = sharedState;
	this.options = options;
public booleanlogin()
Authenticate the user by prompting for a username and password.

return
true in all cases since this LoginModule should not be ignored.
exception
FailedLoginException if the authentication fails.

exception
LoginException if this LoginModule is unable to perform the authentication.


	// prompt for a username and password
	if (callbackHandler == null){
	    String failure = localStrings.getLocalString("login.nocallback","Error: no CallbackHandler available to garner authentication information from the user");
	    throw new LoginException(failure);
	}

        // Get the username from the exchange mechanism
        String uname = UsernamePasswordStore.getUsername();
        String pswd = UsernamePasswordStore.getPassword();
        boolean doSet = false;
        
        // bugfix# 6412539
        if (uname == null) {
            uname = System.getProperty(LOGIN_NAME);
            doSet = true;
        }
        if (pswd == null) {
            pswd = System.getProperty(LOGIN_PASSWORD);
            doSet = true;
        }

        if (doSet) {
            UsernamePasswordStore.set(uname, pswd);
        }

        if (uname != null && pswd != null) {
            username = uname;

            int length = pswd.length();
            char[] dest = new char[length];
            pswd.getChars(0, length, dest, 0 );
            password = new char[length];
            System.arraycopy (dest, 0, password, 0, dest.length);
	} else{ 
	    Callback[] callbacks = new Callback[2];
	    callbacks[0] = new NameCallback(localStrings.getLocalString("login.username", "ClientPasswordModule username: "));
	    callbacks[1] = new PasswordCallback(localStrings.getLocalString("login.password", "ClientPasswordModule password: "), false);
	    
	    try {
		callbackHandler.handle(callbacks);
		username = ((NameCallback)callbacks[0]).getName();
		if(username == null){
		    String fail = localStrings.getLocalString("login.nousername", "No user specified");
		    throw new LoginException(fail);
		}
		char[] tmpPassword = ((PasswordCallback)callbacks[1]).getPassword();
		if (tmpPassword == null) {
		    // treat a NULL password as an empty password
		    tmpPassword = new char[0];
		}
		password = new char[tmpPassword.length];
		System.arraycopy(tmpPassword, 0,
				 password, 0, tmpPassword.length);
		((PasswordCallback)callbacks[1]).clearPassword();
		
	    } catch (java.io.IOException ioe) {
		throw new LoginException(ioe.toString());
	    } catch (UnsupportedCallbackException uce) {
		String nocallback = localStrings.getLocalString("login.callback","Error: Callback not available to garner authentication information from user(CallbackName):" );
		throw new LoginException(nocallback +
					 uce.getCallback().toString());
	    } 
	}

	// by default -  the client side login module will always say
	// that the login successful. The actual login will take place 
	// on the server side.

        _logger.log(Level.FINEST,"\t\t[ClientPasswordLoginModule] " +
                    "authentication succeeded");
	succeeded = true;
	return true;
public booleanlogout()
Logout the user.

This method removes the PrincipalImpl that was added by the commit method.

exception
LoginException if the logout fails.
return
true in all cases since this LoginModule should not be ignored.


	subject.getPrincipals().remove(userPrincipal);
	succeeded = false;
	succeeded = commitSucceeded;
	username = null;
	if (password != null) {
	    for (int i = 0; i < password.length; i++){
		password[i] = ' ";
            }
	    password = null;
	}
	userPrincipal = null;
	return true;