A simple implementation of LoginModule for use by JBoss clients for
the establishment of the caller identity and credentials. This simply sets
the SecurityAssociation principal to the value of the NameCallback
filled in by the CallbackHandler, and the SecurityAssociation credential
to the value of the PasswordCallback filled in by the CallbackHandler.
This is a variation of the original ClientLoginModule that does not set the
SecurityAssociation information until commit and that uses the Subject
principal over a SimplePrincipal if available.
It has the following options:
When the multi-threaded option is set to true, the SecurityAssociation.setServer()
so that each login thread has its own principal and credential storage.
When password-stacking option is set, this module first looks for a shared
username and password using "javax.security.auth.login.name" and
"javax.security.auth.login.password" respectively. This allows a module configured
prior to this one to establish a valid username and password that should be passed
- $Revision: 222 $
Shared state between login modules
Flag indicating if the shared password should be used
Initialize this LoginModule.
log.trace("Security domain: " +
log.trace("Enabling multi-threaded mode");
log.trace("Enabling useFirstPass mode");
Method to authenticate a Subject (phase 1).
"to garner authentication information from the user");
password = new char[tmpPassword.length];
" not available to garner authentication information " +
Method to commit the authentication process (phase 2). This is where the
SecurityAssociation information is set. The principal is obtained from:
The shared state javax.security.auth.login.name property when useFirstPass
is true. If the value is a Principal it is used as is, else a SimplePrincipal
using the value.toString() as its name is used. If useFirstPass the
username obtained from the callback handler is used to build the
SimplePrincipal. Both may be overriden if the resulting authenticated
Subject principals set it not empty.
if( principals.isEmpty() == false )
Method to abort the authentication process (phase 2).
for(int n = 0; n < length; n ++)