org.apache.geronimo.security.realm.providers
Class CertificatePropertiesFileLoginModule

java.lang.Object
  org.apache.geronimo.security.realm.providers.CertificatePropertiesFileLoginModule

All Implemented Interfaces:

LoginModule

public class CertificatePropertiesFileLoginModule
extends Object
implements LoginModule

An example LoginModule that reads a list of users and group from a file on disk. Authentication is provided by the SSL layer supplying the client certificate. All we check is that it is present. The file should be formatted using standard Java properties syntax. Expects to be run by a GenericSecurityRealm (doesn't work on its own). The usersURI property file should have lines of the form token=certificatename where certificate name is X509Certificate.getSubjectX500Principal().getName() The groupsURI property file should have lines of the form group=token1,token2,... where the tokens were associated to the certificate names in the usersURI properties file.

Field Summary

static String	GROUPS_URI
static String	USERS_URI

Constructor Summary

CertificatePropertiesFileLoginModule()

Method Summary

boolean	abort()
boolean	commit()
String[]	getPrincipalClassNames() Gets the names of all principal classes that may be populated into a Subject.
String[]	getPrincipalsOfClass(String className) Gets a list of all the principals of a particular type (identified by the principal class).
void	initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
void	loadProperties(org.apache.geronimo.system.serverinfo.ServerInfo serverInfo, URI usersURI, URI groupURI)
boolean	login()
boolean	logout()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

USERS_URI

public static final String USERS_URI

See Also:

Constant Field Values

GROUPS_URI

public static final String GROUPS_URI

See Also:

Constant Field Values

Constructor Detail

CertificatePropertiesFileLoginModule

public CertificatePropertiesFileLoginModule()

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map sharedState,
                       Map options)

Specified by:

initialize in interface LoginModule

loadProperties

public void loadProperties(org.apache.geronimo.system.serverinfo.ServerInfo serverInfo,
                           URI usersURI,
                           URI groupURI)
                    throws org.apache.geronimo.common.GeronimoSecurityException

Throws:

org.apache.geronimo.common.GeronimoSecurityException

login

public boolean login()
              throws LoginException

Specified by:

login in interface LoginModule

Throws:

LoginException

commit

public boolean commit()
               throws LoginException

Specified by:

commit in interface LoginModule

Throws:

LoginException

abort

public boolean abort()
              throws LoginException

Specified by:

abort in interface LoginModule

Throws:

LoginException

logout

public boolean logout()
               throws LoginException

Specified by:

logout in interface LoginModule

Throws:

LoginException

getPrincipalClassNames

public String[] getPrincipalClassNames()

Gets the names of all principal classes that may be populated into a Subject.

getPrincipalsOfClass

public String[] getPrincipalsOfClass(String className)

Gets a list of all the principals of a particular type (identified by the principal class). These are available for manual role mapping.