com.tivoli.mts
Class PDLoginModule

java.lang.Object
  |
  +--com.tivoli.mts.PDLoginModule
All Implemented Interfaces:
javax.security.auth.spi.LoginModule

public class PDLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule

This PDLoginModule represents the JAAS authentication mechanism for Policy Director.

A CallbackHandler is required to retrieve a Policy Director username and password pair.

The objective of the PDLoginModule class is to authenticate a Policy Director user, create a PDPrincipal based on the username as well as a PDCredential containing the user's Policy Director credentials if authentication is successful.

This LoginModule recognizes the debug option. If set to true in the login Configuration, debug messages will be output to the output stream, System.out.

This LoginModule recognizes the nameOnly option. If set to true in the login Configuration, the login method will not prompt for a password through the Callback mechanism, but will only prompt for a name.

Author:
D. Kent Soper

Constructor Summary
PDLoginModule()
           
 
Method Summary
 boolean abort()
          Abort the authentication (second phase).
 boolean commit()
          Commit the authentication (second phase).
 void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
          Initialize this LoginModule.
 boolean login()
          Authenticate the user (first phase).
 boolean logout()
          Logout the user
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PDLoginModule

public PDLoginModule()
Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map sharedState,
                       java.util.Map options)
Initialize this LoginModule.

Specified by:
initialize in interface javax.security.auth.spi.LoginModule
Parameters:
subject - the Subject to be authenticated.

callbackHandler - a CallbackHandler for communicating with the end user (prompting for usernames and passwords, for example).

sharedState - shared LoginModule state.

options - options specified in the login Configuration for this particular LoginModule.

login

public boolean login()
              throws javax.security.auth.login.AccountExpiredException,
                     javax.security.auth.login.CredentialExpiredException,
                     javax.security.auth.login.FailedLoginException,
                     javax.security.auth.login.LoginException
Authenticate the user (first phase).

This method attempts to authenticate the user to Policy Director and retrieve the user's credentials.

Specified by:
login in interface javax.security.auth.spi.LoginModule
Returns:
true in all cases (this LoginModule should not be ignored).
Throws:
javax.security.auth.login.AccountExpiredException - if the account has been disabled.
javax.security.auth.login.CredentialExpiredException - if the password is rejected.
javax.security.auth.login.LoginException - if environmental or setup errors occur when trying to login.
javax.security.auth.login.FailedLoginException - if any other difficulties occur when trying to login.

commit

public boolean commit()
               throws javax.security.auth.login.LoginException
Commit the authentication (second phase).

This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).

If this LoginModule's own authentication attempt succeeded (the importing of the Policy Director authentication information succeeded), then this method associates the Policy Director Principals with the Subject currently tied to the LoginModule. If this LoginModule's authentication attempted failed, then this method removes any state that was originally saved.

Specified by:
commit in interface javax.security.auth.spi.LoginModule
Returns:
true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
Throws:
javax.security.auth.login.LoginException - if the commit fails

abort

public boolean abort()
              throws javax.security.auth.login.LoginException
Abort the authentication (second phase).

This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).

This method cleans up any state that was originally saved as part of the authentication attempt from the login and commit methods.

Specified by:
abort in interface javax.security.auth.spi.LoginModule
Returns:
false if this LoginModule's own login and/or commit attempts failed, and true otherwise.
Throws:
javax.security.auth.login.LoginException - if the abort fails

logout

public boolean logout()
               throws javax.security.auth.login.LoginException
Logout the user

This method removes the Principals associated with the Subject.

Specified by:
logout in interface javax.security.auth.spi.LoginModule
Returns:
true in all cases (this LoginModule should not be ignored).
Throws:
javax.security.auth.login.LoginException - if the logout fails