org.jboss.security.auth.spi
Class UsersRolesLoginModule

java.lang.Object
  extended byorg.jboss.security.auth.spi.AbstractServerLoginModule
      extended byorg.jboss.security.auth.spi.UsernamePasswordLoginModule
          extended byorg.jboss.security.auth.spi.UsersRolesLoginModule
All Implemented Interfaces:
LoginModule

public class UsersRolesLoginModule
extends UsernamePasswordLoginModule

A simple properties file based login module that consults two Java Properties formatted text files for username to password("users.properties") and username to roles("roles.properties") mapping. The names of the properties files may be overriden by the usersProperties and rolesProperties options. The properties files are loaded during initialization using the thread context class loader. This means that these files can be placed into the J2EE deployment jar or the JBoss config directory. The users.properties file uses a format: username1=password1 username2=password2 ... to define all valid usernames and their corresponding passwords. The roles.properties file uses a format: username1=role1,role2,... username1.RoleGroup1=role3,role4,... username2=role1,role3,... to define the sets of roles for valid usernames. The "username.XXX" form of property name is used to assign the username roles to a particular named group of roles where the XXX portion of the property name is the group name. The "username=..." form is an abbreviation for "username.Roles=...". The following are therefore equivalent: jduke=TheDuke,AnimatedCharacter jduke.Roles=TheDuke,AnimatedCharacter

Author:
Edward Kenworthy, 12th Dec 2000, Scott.Stark@jboss.org

Field Summary
 
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, log, loginOk, options, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
 
Constructor Summary
UsersRolesLoginModule()
           
 
Method Summary
protected  Group[] getRoleSets()
          Create the set of roles the user belongs to by parsing the roles.properties data for username=role1,role2,...
protected  String getUsersPassword()
          Get the expected password for the current username available via the getUsername() method.
 void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
          Initialize this LoginModule.
protected  void loadRoles()
           
protected  void loadUsers()
           
 boolean login()
          Method to authenticate a Subject (phase 1).
protected  void parseGroupMembers(Group group, String roles)
          Parse the comma delimited roles names given by value and add them to group.
 
Methods inherited from class org.jboss.security.auth.spi.UsernamePasswordLoginModule
createPasswordHash, getCredentials, getIdentity, getUnauthenticatedIdentity, getUsername, getUsernameAndPassword, validatePassword
 
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, commit, createGroup, createIdentity, getUseFirstPass, logout
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

UsersRolesLoginModule

public UsersRolesLoginModule()
Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map sharedState,
                       Map options)
Initialize this LoginModule.

Specified by:
initialize in interface LoginModule
Overrides:
initialize in class UsernamePasswordLoginModule
Parameters:
options - - the login module option map. Supported options include: usersProperties: The name of the properties resource containing user/passwords. The default is "users.properties" rolesProperties: The name of the properties resource containing user/roles The default is "roles.properties". roleGroupSeperator: The character used to seperate the role group name from the username e.g., '.' in jduke.CallerPrincipal=... . The default = '.'. defaultUsersProperties=string: The name of the properties resource containing the username to password mappings that will be used as the defaults Properties passed to the usersProperties Properties. This defaults to defaultUsers.properties. defaultRolesProperties=string: The name of the properties resource containing the username to roles mappings that will be used as the defaults Properties passed to the usersProperties Properties. This defaults to defaultRoles.properties.

login

public boolean login()
              throws LoginException
Method to authenticate a Subject (phase 1). This validates that the users and roles properties files were loaded and then calls super.login to perform the validation of the password.

Specified by:
login in interface LoginModule
Overrides:
login in class UsernamePasswordLoginModule
Throws:
LoginException - thrown if the users or roles properties files were not found or the super.login method fails.

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException
Create the set of roles the user belongs to by parsing the roles.properties data for username=role1,role2,... and username.XXX=role1,role2,... patterns.

Specified by:
getRoleSets in class AbstractServerLoginModule
Returns:
Group[] containing the sets of roles
Throws:
LoginException

getUsersPassword

protected String getUsersPassword()
Description copied from class: UsernamePasswordLoginModule
Get the expected password for the current username available via the getUsername() method. This is called from within the login() method after the CallbackHandler has returned the username and candidate password.

Specified by:
getUsersPassword in class UsernamePasswordLoginModule
Returns:
the valid password String

loadUsers

protected void loadUsers()
                  throws IOException
Throws:
IOException

loadRoles

protected void loadRoles()
                  throws IOException
Throws:
IOException

parseGroupMembers

protected void parseGroupMembers(Group group,
                                 String roles)
Parse the comma delimited roles names given by value and add them to group. The type of Principal created for each name is determined by the createIdentity method.

Parameters:
group - - the Group to add the roles to.
roles - - the comma delimited role names.
See Also:
AbstractServerLoginModule.createIdentity(String)


Copyright © 2002 JBoss Group, LLC. All Rights Reserved.