org.jboss.security.auth.spi
Class RoleMappingLoginModule

java.lang.Object
  extended by org.jboss.security.auth.spi.AbstractServerLoginModule
      extended by org.jboss.security.auth.spi.RoleMappingLoginModule
All Implemented Interfaces:
LoginModule

public class RoleMappingLoginModule
extends AbstractServerLoginModule

JBAS-3323: Role Mapping Login Module that maps application role to declarative role - You will need to provide a properties file name with the option "rolesProperties" which has the role to be replaced as the key and a comma-separated role names as replacements. - This module should be used with the "optional" mode, as it just adds onto the authenticated subject

Since:
Jun 22, 2006
Version:
$Revision: 86122 $
Author:
Anil Saldhana

Field Summary
protected  boolean REPLACE_ROLE
          Should the matching role be replaced
 
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, loginOk, options, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
 
Constructor Summary
RoleMappingLoginModule()
           
 
Method Summary
protected  Principal getIdentity()
          Overriden by subclasses to return the Principal that corresponds to the user primary identity.
protected  Group[] getRoleSets()
          Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user.
 boolean login()
          Looks for javax.security.auth.login.name and javax.security.auth.login.password values in the sharedState map if the useFirstPass option was true and returns true if they exist.
 
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, commit, createGroup, createIdentity, getUnauthenticatedIdentity, getUseFirstPass, initialize, logout
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

REPLACE_ROLE

protected boolean REPLACE_ROLE
Should the matching role be replaced

Constructor Detail

RoleMappingLoginModule

public RoleMappingLoginModule()
Method Detail

login

public boolean login()
              throws LoginException
Description copied from class: AbstractServerLoginModule
Looks for javax.security.auth.login.name and javax.security.auth.login.password values in the sharedState map if the useFirstPass option was true and returns true if they exist. If they do not or are null this method returns false. Note that subclasses that override the login method must set the loginOk ivar to true if the login succeeds in order for the commit phase to populate the Subject. This implementation sets loginOk to true if the login() method returns true, otherwise, it sets loginOk to false.

Specified by:
login in interface LoginModule
Overrides:
login in class AbstractServerLoginModule
Throws:
LoginException
See Also:
LoginModule.login()

getIdentity

protected Principal getIdentity()
Description copied from class: AbstractServerLoginModule
Overriden by subclasses to return the Principal that corresponds to the user primary identity.

Specified by:
getIdentity in class AbstractServerLoginModule
See Also:
AbstractServerLoginModule.getIdentity()

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException
Description copied from class: AbstractServerLoginModule
Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user. Subclasses should create at least a Group named "Roles" that contains the roles assigned to the user. A second common group is "CallerPrincipal" that provides the application identity of the user rather than the security domain identity.

Specified by:
getRoleSets in class AbstractServerLoginModule
Returns:
Group[] containing the sets of roles
Throws:
LoginException
See Also:
AbstractServerLoginModule.getRoleSets()


Copyright © 2009 JBoss Inc.. All Rights Reserved.