Class TokenLoginModule
- java.lang.Object
-
- org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
-
- org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule
-
- All Implemented Interfaces:
javax.security.auth.spi.LoginModule
public final class TokenLoginModule extends org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
LoginModule
implementation that is able to handle login request based onTokenCredentials
. In combination with another login module that handles otherCredentials
implementation this module will also take care of creating new login tokens and the corresponding credentials uponcommit()
that it will be able to deal with in subsequent login calls.Login and Commit
Login
ThisLoginModule
implementation performs the following tasks uponlogin()
.- Try to retrieve
TokenCredentials
credentials (see alsoAbstractLoginModule.getCredentials()
) - Validates the credentials based on the functionality provided by
Authentication.authenticate(javax.jcr.Credentials)
- Upon success it retrieves
userId
from theTokenInfo
and calculates the principals associated with that user, - and finally puts the credentials on the shared state.
TokenProvider
has been configuredlogin()
or if noTokenCredentials
can be obtained this module will returnfalse
.Commit
If login was successfully handled by this module thecommit()
will just populate the subject.If the login was successfully handled by another module in the chain, the
TokenLoginModule
will test if the login was associated with a request for login token generation. This mandates that there are credentials present on the shared state that fulfill the requirements defined byTokenProvider.doCreateToken(javax.jcr.Credentials)
.Example Configurations
The authentication configuration using thisLoginModule
could for example look as follows:TokenLoginModule in combination with another LoginModule
jackrabbit.oak { org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule sufficient; org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl required; };
In this case the TokenLoginModule would handle any login issued withTokenCredentials
while the second module would take care any other credentials implementations as long they are supported by the module. In addition theTokenLoginModule
will issue a new token if the login succeeded and the credentials provided by the shared state can be used to issue a new login token (seeTokenProvider.doCreateToken(javax.jcr.Credentials)
.TokenLoginModule as single way to login
jackrabbit.oak { org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule required; };
If theTokenLoginModule
as single entry in the login configuration the login token must be generated by the application by callingTokenProvider.createToken(Credentials)
orTokenProvider.createToken(String, java.util.Map)
.
-
-
Constructor Summary
Constructors Constructor Description TokenLoginModule()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
clearState()
boolean
commit()
protected @NotNull java.util.Set<java.lang.Class>
getSupportedCredentials()
boolean
login()
boolean
logout()
-
Methods inherited from class org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
abort, closeSystemSession, getCredentials, getLoginModuleMonitor, getPrincipalProvider, getPrincipals, getPrincipals, getRoot, getSecurityProvider, getSharedCredentials, getSharedLoginName, getSharedPreAuthLogin, getUserManager, getWhiteboard, initialize, logout, onError, setAuthInfo
-
-
-
-
Method Detail
-
login
public boolean login() throws javax.security.auth.login.LoginException
- Throws:
javax.security.auth.login.LoginException
-
commit
public boolean commit() throws javax.security.auth.login.LoginException
- Throws:
javax.security.auth.login.LoginException
-
logout
public boolean logout() throws javax.security.auth.login.LoginException
- Specified by:
logout
in interfacejavax.security.auth.spi.LoginModule
- Overrides:
logout
in classorg.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
- Throws:
javax.security.auth.login.LoginException
-
getSupportedCredentials
@NotNull protected @NotNull java.util.Set<java.lang.Class> getSupportedCredentials()
- Specified by:
getSupportedCredentials
in classorg.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
-
clearState
protected void clearState()
- Overrides:
clearState
in classorg.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule
-
-