org.jboss.security.auth.spi
Class RoleMappingLoginModule
java.lang.Object
org.jboss.security.auth.spi.AbstractServerLoginModule
org.jboss.security.auth.spi.RoleMappingLoginModule
- All Implemented Interfaces:
- LoginModule
public class RoleMappingLoginModule
- extends AbstractServerLoginModule
JBAS-3323: Role Mapping Login Module that maps application role to
declarative role
- You will need to provide a properties file name with the option "rolesProperties"
which has the role to be replaced as the key and a comma-separated role names
as replacements.
- This module should be used with the "optional" mode, as it just adds
onto the authenticated subject
- Since:
- Jun 22, 2006
- Version:
- $Revision: 86122 $
- Author:
- Anil Saldhana
Field Summary |
protected boolean |
REPLACE_ROLE
Should the matching role be replaced |
Method Summary |
protected Principal |
getIdentity()
Overriden by subclasses to return the Principal that corresponds to
the user primary identity. |
protected Group[] |
getRoleSets()
Overriden by subclasses to return the Groups that correspond to the
to the role sets assigned to the user. |
boolean |
login()
Looks for javax.security.auth.login.name and javax.security.auth.login.password
values in the sharedState map if the useFirstPass option was true and returns
true if they exist. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
REPLACE_ROLE
protected boolean REPLACE_ROLE
- Should the matching role be replaced
RoleMappingLoginModule
public RoleMappingLoginModule()
login
public boolean login()
throws LoginException
- Description copied from class:
AbstractServerLoginModule
- Looks for javax.security.auth.login.name and javax.security.auth.login.password
values in the sharedState map if the useFirstPass option was true and returns
true if they exist. If they do not or are null this method returns false.
Note that subclasses that override the login method must set the loginOk
ivar to true if the login succeeds in order for the commit phase to
populate the Subject. This implementation sets loginOk to true if the
login() method returns true, otherwise, it sets loginOk to false.
- Specified by:
login
in interface LoginModule
- Overrides:
login
in class AbstractServerLoginModule
- Throws:
LoginException
- See Also:
LoginModule.login()
getIdentity
protected Principal getIdentity()
- Description copied from class:
AbstractServerLoginModule
- Overriden by subclasses to return the Principal that corresponds to
the user primary identity.
- Specified by:
getIdentity
in class AbstractServerLoginModule
- See Also:
AbstractServerLoginModule.getIdentity()
getRoleSets
protected Group[] getRoleSets()
throws LoginException
- Description copied from class:
AbstractServerLoginModule
- Overriden by subclasses to return the Groups that correspond to the
to the role sets assigned to the user. Subclasses should create at
least a Group named "Roles" that contains the roles assigned to the user.
A second common group is "CallerPrincipal" that provides the application
identity of the user rather than the security domain identity.
- Specified by:
getRoleSets
in class AbstractServerLoginModule
- Returns:
- Group[] containing the sets of roles
- Throws:
LoginException
- See Also:
AbstractServerLoginModule.getRoleSets()
Copyright © 2009 JBoss Inc.. All Rights Reserved.