com.arsdigita.kernel.security
Class CredentialLoginModule

java.lang.Object
  extended bycom.arsdigita.kernel.security.CredentialLoginModule
All Implemented Interfaces:
javax.security.auth.spi.LoginModule
Direct Known Subclasses:
UserLoginModule

public abstract class CredentialLoginModule
extends Object
implements javax.security.auth.spi.LoginModule

Loads an ID from a credential stored in the current HTTP request (for example, cookie or URL parameter). If the credential is invalid but the ID is loaded successfully using another LoginModule, this module sets a new credential containing the ID. This class uses the Strategy design pattern to manage the persistent credential value; it delegates to the CredentialManager provided at construction to get, set, and delete the credential value.

Author:
Sameer Ajmani
See Also:
CredentialManager

Field Summary
static long FOREVER_SECS
          Maximum time that a "permanent" credential can last, in seconds.
static long LIFETIME_SECS
          Maximum time that a single session can last, in seconds.
static long RENEW_SECS
          Minimum time allowed between session renewals, in seconds.
static long TIMEOUT_SECS
          Maximum time allowed between clicks in a single session, in seconds.
static String versionId
           
 
Constructor Summary
CredentialLoginModule(CredentialManager manager)
          Creates a new CredentialLoginModule associated with the given CredentialManager.
 
Method Summary
 boolean abort()
          Deletes the credential.
 boolean commit()
          Sets the ID for the Subject to the value of the credential if no ID is already set.
protected  boolean credentialHasValue(String value)
          Determines whether the credential has the given value.
protected  boolean credentialIsOld()
          Determines whether the credential should be renewed.
protected  boolean credentialIsSet()
          Determines whether the credential is set.
protected abstract  String getCredentialName()
          Returns the name of the credential.
protected  boolean getForever()
          Determines whether the credential should last "forever" or should expire at the end of this session.
protected abstract  long getLifetime()
          Returns the lifetime of the credential in milliseconds.
protected  javax.servlet.http.HttpServletRequest getRequest()
          Returns the current HTTP request.
protected  javax.servlet.http.HttpServletResponse getResponse()
          Returns the current HTTP response.
 void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler handler, Map shared, Map options)
          Initializes this login module and its CredentialManager with the given login context information.
protected  boolean isSecure()
          Determines whether the current request is secure.
protected  BigDecimal loadID()
          Loads the ID from the Subject.
 boolean login()
          Checks whether the current request contains a valid credential.
 boolean logout()
          Deletes the credential and invalidates the client session.
protected  boolean requestIsExcluded()
          Determines whether the requested URI ends in an "excluded" extension.
protected  void saveID(BigDecimal id)
          Saves the given ID in the Subject.
protected abstract  boolean shouldInvalidateSession(String value)
          Determines whether the client session should be invalidated.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

versionId

public static final String versionId
See Also:
Constant Field Values

RENEW_SECS

public static final long RENEW_SECS
Minimum time allowed between session renewals, in seconds.

See Also:
Constant Field Values

TIMEOUT_SECS

public static final long TIMEOUT_SECS
Maximum time allowed between clicks in a single session, in seconds.

See Also:
Constant Field Values

LIFETIME_SECS

public static final long LIFETIME_SECS
Maximum time that a single session can last, in seconds.

See Also:
Constant Field Values

FOREVER_SECS

public static final long FOREVER_SECS
Maximum time that a "permanent" credential can last, in seconds.

See Also:
Constant Field Values
Constructor Detail

CredentialLoginModule

public CredentialLoginModule(CredentialManager manager)
Creates a new CredentialLoginModule associated with the given CredentialManager. This module uses the given manager to get, set, and delete the credential value.

Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler handler,
                       Map shared,
                       Map options)
Initializes this login module and its CredentialManager with the given login context information. This method is called by LoginContext after this class is instantiated.

Specified by:
initialize in interface javax.security.auth.spi.LoginModule

login

public boolean login()
              throws javax.security.auth.login.LoginException
Checks whether the current request contains a valid credential.

Specified by:
login in interface javax.security.auth.spi.LoginModule
Returns:
true.
Throws:
CredentialNotFoundException - if the credential is missing.
CredentialParsingException - if the credential is invalid.
CredentialExpiredException - if the credential has expired.
javax.security.auth.login.LoginException - if an error occurs.

logout

public boolean logout()
               throws javax.security.auth.login.LoginException
Deletes the credential and invalidates the client session.

Specified by:
logout in interface javax.security.auth.spi.LoginModule
Returns:
true.
Throws:
javax.security.auth.login.LoginException - if an error occurs.

abort

public boolean abort()
              throws javax.security.auth.login.LoginException
Deletes the credential.

Specified by:
abort in interface javax.security.auth.spi.LoginModule
Returns:
true
Throws:
javax.security.auth.login.LoginException - if an error occurs

commit

public boolean commit()
               throws javax.security.auth.login.LoginException
Sets the ID for the Subject to the value of the credential if no ID is already set. If needed, updates the credential. If the Subject has an ID different from the one in the credential, invalidates the client session.

Specified by:
commit in interface javax.security.auth.spi.LoginModule
Returns:
true.
Throws:
javax.security.auth.login.FailedLoginException - if unable to set ID.
javax.security.auth.login.LoginException - if an error occurs.

loadID

protected final BigDecimal loadID()
                           throws NoSuchElementException
Loads the ID from the Subject.

Throws:
NoSuchElementException

saveID

protected final void saveID(BigDecimal id)
Saves the given ID in the Subject.

Parameters:
id - the ID to save

isSecure

protected final boolean isSecure()
                          throws javax.security.auth.login.LoginException
Determines whether the current request is secure.

Returns:
true if the current request is secure, false otherwise.
Throws:
javax.security.auth.login.LoginException - if an error occurs.

getCredentialName

protected abstract String getCredentialName()
                                     throws javax.security.auth.login.LoginException
Returns the name of the credential.

Returns:
the name of the credential.
Throws:
javax.security.auth.login.LoginException - if an error occurs.

getLifetime

protected abstract long getLifetime()
                             throws javax.security.auth.login.LoginException
Returns the lifetime of the credential in milliseconds.

Returns:
the lifetime of the credential in milliseconds.
Throws:
javax.security.auth.login.LoginException - if an error occurs.

shouldInvalidateSession

protected abstract boolean shouldInvalidateSession(String value)
                                            throws javax.security.auth.login.LoginException
Determines whether the client session should be invalidated.

Parameters:
value - the new value for the credential
Returns:
true if the client session should be invalidated, false otherwise.
Throws:
javax.security.auth.login.LoginException - if an error occurs.

credentialIsSet

protected final boolean credentialIsSet()
Determines whether the credential is set. Subclasses may call this to determine whether this login module succeeded.

Returns:
true if credential is set, false otherwise.

credentialHasValue

protected final boolean credentialHasValue(String value)
Determines whether the credential has the given value.

Parameters:
value - the value to check
Returns:
true if credential's value equals the given value, false otherwise.
Throws:
NullPointerException - if !credentialIsSet().

credentialIsOld

protected final boolean credentialIsOld()
Determines whether the credential should be renewed. Returns true if the credential is more than RENEW_SECS old.

Returns:
true if credential is old; false otherwise.
Throws:
NullPointerException - if !credentialIsSet().

requestIsExcluded

protected final boolean requestIsExcluded()
                                   throws javax.security.auth.login.LoginException
Determines whether the requested URI ends in an "excluded" extension. Extensions in the "excluded" list specify file types for which credentials should never be set, such as image and media files.

Returns:
true if the request URI ends with an "excluded" extension, false otherwise.
Throws:
javax.security.auth.login.LoginException - if an error occurs.

getRequest

protected final javax.servlet.http.HttpServletRequest getRequest()
                                                          throws javax.security.auth.login.LoginException
Returns the current HTTP request.

Returns:
the current HTTP request.
Throws:
javax.security.auth.login.LoginException - if an error occurs.

getResponse

protected final javax.servlet.http.HttpServletResponse getResponse()
                                                            throws javax.security.auth.login.LoginException
Returns the current HTTP response.

Returns:
the current HTTP response.
Throws:
javax.security.auth.login.LoginException - if an error occurs.

getForever

protected final boolean getForever()
                            throws javax.security.auth.login.LoginException
Determines whether the credential should last "forever" or should expire at the end of this session.

Returns:
true if the credential should last "forever", false if the credential should expire at the end of this session.
Throws:
KernelLoginException - if an error occurs.
javax.security.auth.login.LoginException


Copyright (c) 2004 Red Hat, Inc. Corporation. All Rights Reserved. Generated at July 21 2004:2337 UTC