com.arsdigita.kernel.security
Class UserLoginModule

java.lang.Object
  extended bycom.arsdigita.kernel.security.CredentialLoginModule
      extended bycom.arsdigita.kernel.security.UserLoginModule
All Implemented Interfaces:
javax.security.auth.spi.LoginModule
Direct Known Subclasses:
CookieLoginModule, RecoveryLoginModule, URLLoginModule

public abstract class UserLoginModule
extends CredentialLoginModule

Authenticates a user (loads a user ID) from a credential stored in the current HTTP request.

Author:
Sameer Ajmani

Field Summary
static String NORMAL_CREDENTIAL_NAME
          Name of the non-secure user authentication credential.
static String SECURE_CREDENTIAL_NAME
          Name of the secure user authentication credential.
static String versionId
           
 
Fields inherited from class com.arsdigita.kernel.security.CredentialLoginModule
FOREVER_SECS, LIFETIME_SECS, RENEW_SECS, TIMEOUT_SECS
 
Constructor Summary
UserLoginModule(CredentialManager manager)
           
 
Method Summary
protected  String getCredentialName()
          Returns the name of the credential.
protected  long getLifetime()
          Returns the lifetime of the credential in milliseconds.
 void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler handler, Map shared, Map options)
          Initializes this login module and its CredentialManager with the given login context information.
protected  boolean shouldInvalidateSession(String value)
          Determines whether the user's session should be invalidated.
 
Methods inherited from class com.arsdigita.kernel.security.CredentialLoginModule
abort, commit, credentialHasValue, credentialIsOld, credentialIsSet, getForever, getRequest, getResponse, isSecure, loadID, login, logout, requestIsExcluded, saveID
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

versionId

public static final String versionId
See Also:
Constant Field Values

NORMAL_CREDENTIAL_NAME

public static final String NORMAL_CREDENTIAL_NAME
Name of the non-secure user authentication credential.

See Also:
Constant Field Values

SECURE_CREDENTIAL_NAME

public static final String SECURE_CREDENTIAL_NAME
Name of the secure user authentication credential.

See Also:
Constant Field Values
Constructor Detail

UserLoginModule

public UserLoginModule(CredentialManager manager)
Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler handler,
                       Map shared,
                       Map options)
Description copied from class: CredentialLoginModule
Initializes this login module and its CredentialManager with the given login context information. This method is called by LoginContext after this class is instantiated.

Specified by:
initialize in interface javax.security.auth.spi.LoginModule
Overrides:
initialize in class CredentialLoginModule

getCredentialName

protected String getCredentialName()
                            throws javax.security.auth.login.LoginException
Returns the name of the credential.

Specified by:
getCredentialName in class CredentialLoginModule
Returns:
SECURE_CREDENTIAL_NAME if the current request is secure, otherwise returns NORMAL_CREDENTIAL_NAME.
Throws:
javax.security.auth.login.LoginException - if an error occurs.

getLifetime

protected long getLifetime()
                    throws javax.security.auth.login.LoginException
Returns the lifetime of the credential in milliseconds.

Specified by:
getLifetime in class CredentialLoginModule
Returns:
FOREVER_SECS in milliseconds if the user requests permanent login, otherwise returns TIMEOUT_SECS in milliseconds.
Throws:
javax.security.auth.login.LoginException - if an error occurs.

shouldInvalidateSession

protected boolean shouldInvalidateSession(String value)
                                   throws javax.security.auth.login.LoginException
Determines whether the user's session should be invalidated.

Specified by:
shouldInvalidateSession in class CredentialLoginModule
Parameters:
value - the new value for the credential
Returns:
true if the credential is set and has the wrong value.
Throws:
javax.security.auth.login.LoginException - if an error occurs.


Copyright (c) 2004 Red Hat, Inc. Corporation. All Rights Reserved. Generated at July 20 2004:2337 UTC