Class FnClientLoginModuleJB6EAP
- java.lang.Object
-
- com.filenet.api.authentication.jboss.login.FnClientLoginModuleJB6EAP
-
- All Implemented Interfaces:
- javax.security.auth.spi.LoginModule
public class FnClientLoginModuleJB6EAP extends java.lang.Object implements javax.security.auth.spi.LoginModuleA client can useFnClientLoginModulein place of the JBoss-suppliedClientLoginModuleto authenticate its users to the Content Engine. The JBossClientLoginModuledoes not associate a user�s identity with the login�sSubject; instead, it associates the user�s identity with the most recent login operation. This behavior can cause a problem if the client code uses multiple user identities. To illustrate, consider code like this:Subject ident_jane = UserContext.createSubject("jane", JANES_PASSWORD"); Subject ident_joe = UserContext.createSubject("joe", JOES_PASSWORD"); UserContext.pushSubject(ident_jane); // do work as Jane UserContext.pushSubject(ident_joe); // do work as JoeTransparently, the
createSubjectmethod does a JAAS login using the JAAS "FileNetP8" stanza (defined in thejaas.conf.JBossconfiguration file). If the "FileNetP8" stanza is set to use the JBossClientLoginModule, as shown below:FileNetP8 { org.jboss.security.ClientLoginModule required; };then all of the work is performed as if Joe were the user, because Joe was the most recent login. No work would be performed as Jane in this case. To correct this problem, use this setting for the JAAS "FileNetP8" stanza:
FileNetP8 { com.filenet.api.authentication.jboss.login.FnClientLoginModule required; };which is the default on JBoss installations if the client is configured to use <installation_directory>\Programs\FileNet\CE_API\config\samples\jaas.conf.JBoss.
In the more common case, in which the client code uses only one user identity, you can use either
FnClientLoginModuleor the JBossClientLoginModule.You can specify other options as necessary for
FnClientLoginModulewhen you modify the stanza, as follows:- debug - Set
debug=trueto write additional debug messages on the console of the JBoss client. The default isfalse. - multi-threaded - Set
multi-threaded=trueif the client is running in a multi-threaded environment, which is the case for Workplace (in this case Workplace is considered to be a client of the Content Engine) or if the client has several threads each using different user identities. The default isfalse.
Make sure to specify for the client the JAAS configuration file that contains your modifications. The typical way to specify this file for the client is through a JVM argument, similar to the following, when starting the client�s JVM:
–Djava.security.auth.login.config="c:/Program Files/FileNet/CE_API/config/samples/jaas.conf.JBoss"
(For more information and descriptions of the LoginModule methods, see your JBoss documentation for org.jboss.security.ClientLoginModule.)
-
-
Constructor Summary
Constructors Constructor and Description FnClientLoginModuleJB6EAP()
-
Method Summary
Methods Modifier and Type Method and Description booleanabort()booleancommit()voidinitialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)booleanlogin()booleanlogout()
-
-
-
Method Detail
-
initialize
public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)- Specified by:
initializein interfacejavax.security.auth.spi.LoginModule
-
login
public boolean login() throws javax.security.auth.login.LoginException- Specified by:
loginin interfacejavax.security.auth.spi.LoginModule- Throws:
javax.security.auth.login.LoginException
-
commit
public boolean commit()
- Specified by:
commitin interfacejavax.security.auth.spi.LoginModule
-
abort
public boolean abort()
- Specified by:
abortin interfacejavax.security.auth.spi.LoginModule
-
logout
public boolean logout()
- Specified by:
logoutin interfacejavax.security.auth.spi.LoginModule
-
-