org.jboss.resource.security
Class PBEIdentityLoginModule

java.lang.Object
  extended by org.jboss.security.auth.spi.AbstractServerLoginModule
      extended by org.jboss.resource.security.AbstractPasswordCredentialLoginModule
          extended by org.jboss.resource.security.PBEIdentityLoginModule
All Implemented Interfaces:
LoginModule

public class PBEIdentityLoginModule
extends AbstractPasswordCredentialLoginModule

An example of how one could encrypt the database password for a jca connection factory. The corresponding login config entry illustrates the usage: sa sa 3fp7R/7TMjyTTxhmePdJVk true PBEWithMD5AndDES testPBEIdentityLoginModule abcdefgh 19 jboss.jca:service=LocalTxCM,name=DefaultDS This uses password based encryption (PBE) with algorithm parameters dervived from pbealgo, pbepass, salt, iterationCount options: + pbealgo - the PBE algorithm to use. Defaults to PBEwithMD5andDES. + pbepass - the PBE password to use. Can use the JaasSecurityDomain {CLASS} and {EXT} syntax to obtain the password from outside of the configuration. Defaults to "jaas is the way". + salt - the PBE salt as a string. Defaults to {1, 7, 2, 9, 3, 11, 4, 13}. + iterationCount - the PBE iterationCount. Defaults to 37.

Version:
$Revision: 57189 $
Author:
Scott.Stark@jboss.org, Noel Rocher 29, june 2004 username & userName issue

Field Summary
 
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, loginOk, options, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
 
Constructor Summary
PBEIdentityLoginModule()
           
 
Method Summary
 boolean abort()
          Method to abort the authentication process (phase 2).
 boolean commit()
          Method to commit the authentication process (phase 2).
protected  Principal getIdentity()
          Overriden by subclasses to return the Principal that corresponds to the user primary identity.
protected  Group[] getRoleSets()
          Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user.
 void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
          Initialize the login module.
 boolean login()
          Return false if there is no mcf, else return super.login().
static void main(String[] args)
          Main entry point to encrypt a password using the hard-coded pass phrase
 
Methods inherited from class org.jboss.resource.security.AbstractPasswordCredentialLoginModule
getMcf, getServer, logout, removeCredentials
 
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
createGroup, createIdentity, getUnauthenticatedIdentity, getUseFirstPass
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PBEIdentityLoginModule

public PBEIdentityLoginModule()
Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler handler,
                       Map sharedState,
                       Map options)
Description copied from class: AbstractServerLoginModule
Initialize the login module. This stores the subject, callbackHandler and sharedState and options for the login session. Subclasses should override if they need to process their own options. A call to super.initialize(...) must be made in the case of an override.

Specified by:
initialize in interface LoginModule
Overrides:
initialize in class AbstractPasswordCredentialLoginModule
Parameters:
subject - the Subject to update after a successful login.
handler - the CallbackHandler that will be used to obtain the the user identity and credentials.
sharedState - a Map shared between all configured login module instances
options - the parameters passed to the login module.

login

public boolean login()
              throws LoginException
Description copied from class: AbstractPasswordCredentialLoginModule
Return false if there is no mcf, else return super.login(). Override to provide custom authentication.

Specified by:
login in interface LoginModule
Overrides:
login in class AbstractPasswordCredentialLoginModule
Returns:
false if there is no mcf, else return super.login().
Throws:
LoginException - if an error occurs

commit

public boolean commit()
               throws LoginException
Description copied from class: AbstractServerLoginModule
Method to commit the authentication process (phase 2). If the login method completed successfully as indicated by loginOk == true, this method adds the getIdentity() value to the subject getPrincipals() Set. It also adds the members of each Group returned by getRoleSets() to the subject getPrincipals() Set.

Specified by:
commit in interface LoginModule
Overrides:
commit in class AbstractServerLoginModule
Returns:
true always.
Throws:
LoginException
See Also:
Subject;, Group;

abort

public boolean abort()
Description copied from class: AbstractServerLoginModule
Method to abort the authentication process (phase 2).

Specified by:
abort in interface LoginModule
Overrides:
abort in class AbstractServerLoginModule
Returns:
true alaways

getIdentity

protected Principal getIdentity()
Description copied from class: AbstractServerLoginModule
Overriden by subclasses to return the Principal that corresponds to the user primary identity.

Specified by:
getIdentity in class AbstractServerLoginModule

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException
Description copied from class: AbstractServerLoginModule
Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user. Subclasses should create at least a Group named "Roles" that contains the roles assigned to the user. A second common group is "CallerPrincipal" that provides the application identity of the user rather than the security domain identity.

Specified by:
getRoleSets in class AbstractServerLoginModule
Returns:
Group[] containing the sets of roles
Throws:
LoginException

main

public static void main(String[] args)
                 throws Exception
Main entry point to encrypt a password using the hard-coded pass phrase

Parameters:
args - - [0] = the password to encode [1] = PBE password [2] = PBE salt [3] = PBE iterationCount [4] = PBE algo
Throws:
Exception


Copyright © 2009 JBoss Inc.. All Rights Reserved.