Class FnClientLoginModule
- java.lang.Object
-
- com.filenet.api.authentication.jboss.login.FnClientLoginModule
-
- All Implemented Interfaces:
- javax.security.auth.spi.LoginModule
public class FnClientLoginModule extends java.lang.Object implements javax.security.auth.spi.LoginModule
A client can useFnClientLoginModule
in place of the JBoss-suppliedClientLoginModule
to authenticate its users to the Content Engine. The JBossClientLoginModule
does not associate a user�s identity with the login�sSubject
; instead, it associates the user�s identity with the most recent login operation. This behavior can cause a problem if the client code uses multiple user identities. To illustrate, consider code like this:Subject ident_jane = UserContext.createSubject("jane", JANES_PASSWORD"); Subject ident_joe = UserContext.createSubject("joe", JOES_PASSWORD"); UserContext.pushSubject(ident_jane); // do work as Jane UserContext.pushSubject(ident_joe); // do work as Joe
Transparently, the
createSubject
method does a JAAS login using the JAAS "FileNetP8" stanza (defined in thejaas.conf.JBoss
configuration file). If the "FileNetP8" stanza is set to use the JBossClientLoginModule
, as shown below:FileNetP8 { org.jboss.security.ClientLoginModule required; };
then all of the work is performed as if Joe were the user, because Joe was the most recent login. No work would be performed as Jane in this case. To correct this problem, use this setting for the JAAS "FileNetP8" stanza:
FileNetP8 { com.filenet.api.authentication.jboss.login.FnClientLoginModule required; };
which is the default on JBoss installations if the client is configured to use <installation_directory>\Programs\FileNet\CE_API\config\samples\jaas.conf.JBoss.
In the more common case, in which the client code uses only one user identity, you can use either
FnClientLoginModule
or the JBossClientLoginModule
.You can specify other options as necessary for
FnClientLoginModule
when you modify the stanza, as follows:- debug - Set
debug=true
to write additional debug messages on the console of the JBoss client. The default isfalse
. - multi-threaded - Set
multi-threaded=true
if the client is running in a multi-threaded environment, which is the case for Workplace (in this case Workplace is considered to be a client of the Content Engine) or if the client has several threads each using different user identities. The default isfalse
.
Make sure to specify for the client the JAAS configuration file that contains your modifications. The typical way to specify this file for the client is through a JVM argument, similar to the following, when starting the client�s JVM:
–Djava.security.auth.login.config="c:/Program Files/FileNet/CE_API/config/samples/jaas.conf.JBoss"
(For more information and descriptions of the LoginModule methods, see your JBoss documentation for org.jboss.security.ClientLoginModule.)
-
-
Constructor Summary
Constructors Constructor and Description FnClientLoginModule()
-
Method Summary
Methods Modifier and Type Method and Description boolean
abort()
boolean
commit()
void
initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
boolean
login()
boolean
logout()
-
-
-
Method Detail
-
initialize
public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
- Specified by:
initialize
in interfacejavax.security.auth.spi.LoginModule
-
login
public boolean login() throws javax.security.auth.login.LoginException
- Specified by:
login
in interfacejavax.security.auth.spi.LoginModule
- Throws:
javax.security.auth.login.LoginException
-
commit
public boolean commit()
- Specified by:
commit
in interfacejavax.security.auth.spi.LoginModule
-
abort
public boolean abort()
- Specified by:
abort
in interfacejavax.security.auth.spi.LoginModule
-
logout
public boolean logout()
- Specified by:
logout
in interfacejavax.security.auth.spi.LoginModule
-
-