KeyStoreLoginModule (Java Authentication and Authorization Service ) - JDK 5 Documentation v1.4.1, Java 2 SDK 英文文档

Overview

Package

Class

Use

Tree

Index

Help

JAAS

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.sun.security.auth.module
Class KeyStoreLoginModule

java.lang.Object
  |
  +--com.sun.security.auth.module.KeyStoreLoginModule

All Implemented Interfaces:: LoginModule

public class KeyStoreLoginModule
extends Object
implements LoginModule

Provides a JAAS login module that prompts for a key store alias and populates the subject with the alias's principal and credentials. Stores an X500Principal for the subject distinguished name of the first certificate in the alias's credentials in the subject's principals, the alias's certificate path in the subject's public credentials, and a X500PrivateCredential whose certificate is the first certificate in the alias's certificate path and whose private key is the alias's private key in the subject's private credentials.

Recognizes the following options in the JAAS authentication policy file:

keyStoreURL: A URL that specifies the location of the key store file. Defaults to the .keystore file in the directory specified by the java.home system property.
keyStoreType: The key store type. If not specified, defaults to the result of calling KeyStore.getDefaultType().
keyStoreProvider: The key store provider. If not specified, uses the standard search order to find the provider.
keyStoreAlias: The alias in the key store to login as. Required when no callback handler is provided. No default value.
keyStorePasswordURL: A URL that specifies the location of the key store password. Required when no callback handler is provided. No default value.
privateKeyPasswordURL: A URL that specifies the location of the specific private key password needed to access the private key for this alias. The keystore password is used if this value is not specified.

Constructor Summary

KeyStoreLoginModule()


Method Summary

boolean abort()
           This method is called if the LoginContext's overall authentication failed.

boolean commit()
          Abstract method to commit the authentication process (phase 2).

void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
          Initialize this LoginModule.

boolean login()
          Authenticate the user .

boolean logout()
          Logout a user.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyStoreLoginModule

public KeyStoreLoginModule()

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map sharedState,
                       Map options)

Initialize this LoginModule.

Specified by:: initialize in interface LoginModule

Parameters:: subject - the Subject to be authenticated.; callbackHandler - a CallbackHandler for communicating with the end user (prompting for usernames and passwords, for example).; sharedState - shared LoginModule state.; options - options specified in the login Configuration for this particular LoginModule.

login

public boolean login()
              throws LoginException

Authenticate the user .

Prompt the user for the Keystore alias and the password. Retrieve the alias's principal and credentials from the Keystore.

Specified by:: login in interface LoginModule

Returns:: true in all cases (this LoginModule should not be ignored).
Throws:: FailedLoginException - if the authentication fails.; LoginException

commit

public boolean commit()
               throws LoginException

Abstract method to commit the authentication process (phase 2).

This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).

If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login method), then this method associates a X500Principal for the subject distinguished name of the first certificate in the alias's credentials in the subject's principals,the alias's certificate path in the subject's public credentials, and aX500PrivateCredential whose certificate is the first certificate in the alias's certificate path and whose private key is the alias's private key in the subject's private credentials. If this LoginModule's own authentication attempted failed, then this method removes any state that was originally saved.

Specified by:: commit in interface LoginModule

Returns:: true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
Throws:: LoginException - if the commit fails

abort

public boolean abort()
              throws LoginException

This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).

If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login and commit methods), then this method cleans up any state that was originally saved.

Specified by:: abort in interface LoginModule

Returns:: false if this LoginModule's own login and/or commit attempts failed, and true otherwise.
Throws:: LoginException - if the abort fails.

logout

public boolean logout()
               throws LoginException

Logout a user.

This method removes the Principals, public credentials and the private credentials that were added by the commit method.

Specified by:: logout in interface LoginModule

Returns:: true in all cases since this LoginModule should not be ignored.
Throws:: LoginException - if the logout fails.