PDLoginModule

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.tivoli.mts
Class PDLoginModule

java.lang.Object
  com.tivoli.mts.PDLoginModule

All Implemented Interfaces:: javax.security.auth.spi.LoginModule

public class PDLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule

This PDLoginModule represents the JAAS authentication mechanism for Security Access Manager.

A CallbackHandler is required to retrieve a Security Access Manager username and password pair.

The objective of the PDLoginModule class is to authenticate a Security Access Manager user and create a PDPrincipal containing the user's Security Access Manager credentials if authentication is successful.

This LoginModule recognizes the debug option. If set to true in the login Configuration, debug messages will be output to the output stream, System.out.

This LoginModule recognizes the nameOnly option. If set to true in the login Configuration, the login method will not prompt for a password through the Callback mechanism, but will only prompt for a name.

This LoginModule also recognizes the configURLName option. This provides a mechanism for the administrator to configure this LoginModule to construct its PDPrincipals with the specified configuration (the result of running SvrSslCfg). If this parameter is omitted, the LoginModule will use the default configuration. NOTE: As of IBM Tivoli Access Manager for e-business v5.1, this entire class is deprecated. Equivalent function is in the com.tivoli.pd.jazn.PDLoginModule class.

See Also:: PDLoginModule

Constructor Summary
`PDLoginModule()`

Method Summary
`boolean`	`abort()` Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced by the equivalent method in the `PDLoginModule` class.
`boolean`	`commit()` Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced by the equivalent method in the `PDLoginModule` class.
`void`	`initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)` Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced by the equivalent method in the `PDLoginModule` class.
`boolean`	`login()` Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced by the equivalent method in the `PDLoginModule` class.
`boolean`	`logout()` Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced by the equivalent method in the `PDLoginModule` class.

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

PDLoginModule

public PDLoginModule()

Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map sharedState,
                       java.util.Map options)

Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced by the equivalent method in the PDLoginModule class.

Initialize this LoginModule.

Specified by:: initialize in interface javax.security.auth.spi.LoginModule

Parameters:: subject - the Subject to be authenticated.; callbackHandler - a CallbackHandler for communicating with the end user (prompting for usernames and passwords, for example).; sharedState - shared LoginModule state.; options - options specified in the login Configuration for this particular LoginModule.

login

public boolean login()
              throws javax.security.auth.login.AccountExpiredException,
                     javax.security.auth.login.CredentialExpiredException,
                     javax.security.auth.login.FailedLoginException,
                     javax.security.auth.login.LoginException

Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced by the equivalent method in the PDLoginModule class.

Authenticate the user (first phase).

This method attempts to validate the user with Security Access Manager and retrieve the user's credentials.

Before attempting the normal JAAS mechanism of prompting for user information through the CallbackHandler, this LoginModule will look for override information that may have been recorded in the LoginModule sharedState Map (see the initialize method). This override information would have been put there from LoginModules that were configured to be called before this one. The overrides that this LoginModule is prepared to process are USER_DN, iv-user and iv-creds. If USER_DN is found in the sharedState (and maps to a String), this is used as the definitive name for the user, and no prompting is done for a password, so credentials will simply be obtained from the server for this user. If USER_DN is not found, then we look for iv-user. If iv-user is found in the sharedState (and maps to a String), then we look for iv-creds in the sharedState. If iv-creds is found in the sharedState (and maps to a String), then this is used as credentials to construct a PDPrincipal. If iv-creds is not found, then iv-user is used as the definitive name for the user, and no prompting is done for a password, so credentials will simply be obtained from the server for this user.

If none of this override information is found in the sharedState, then normal processing takes place. The "normal" processing will be to prompt for user information through the CallbackHandler. If this LoginModule was configured with the "nameOnly" option, then we only perform a NameCallback, otherwise both a NameCallback and a PasswordCallback are performed. If we are not configured for "nameOnly", then the username and password are verified with the server. In either case, the credentials for this username are obtained from the server and a PDPrincipal is constructed.

Specified by:: login in interface javax.security.auth.spi.LoginModule

Returns:: true in all cases (this LoginModule should not be ignored).
Throws:: javax.security.auth.login.AccountExpiredException - if the account has been disabled.; javax.security.auth.login.CredentialExpiredException - if the password is rejected.; javax.security.auth.login.LoginException - if environmental or setup errors occur when trying to login.; javax.security.auth.login.FailedLoginException - if any other difficulties occur when trying to login.

commit

public boolean commit()
               throws javax.security.auth.login.LoginException

Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced by the equivalent method in the PDLoginModule class.

Commit the authentication (second phase).

This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).

If this LoginModule's own authentication attempt succeeded (the importing of the Security Access Manager authentication information succeeded), then this method associates the Security Access Manager Principals with the Subject currently tied to the LoginModule. If this LoginModule's authentication attempted failed, then this method removes any state that was originally saved.

Specified by:: commit in interface javax.security.auth.spi.LoginModule

Returns:: true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
Throws:: javax.security.auth.login.LoginException - if the commit fails

abort

public boolean abort()
              throws javax.security.auth.login.LoginException

Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced by the equivalent method in the PDLoginModule class.

Abort the authentication (second phase).

This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).

This method cleans up any state that was originally saved as part of the authentication attempt from the login and commit methods.

Specified by:: abort in interface javax.security.auth.spi.LoginModule

Returns:: false if this LoginModule's own login and/or commit attempts failed, and true otherwise.
Throws:: javax.security.auth.login.LoginException - if the abort fails

logout

public boolean logout()
               throws javax.security.auth.login.LoginException

Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced by the equivalent method in the PDLoginModule class.

Logout the user

This method removes the Principals associated with the Subject.

Specified by:: logout in interface javax.security.auth.spi.LoginModule

Returns:: true in all cases (this LoginModule should not be ignored).
Throws:: javax.security.auth.login.LoginException - if the logout fails

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.tivoli.mts Class PDLoginModule

PDLoginModule

initialize

login

commit

abort

logout

com.tivoli.mts
Class PDLoginModule