com.ibm.websphere.objectgrid.security.plugins.builtins
Class KeyStoreLoginModule

java.lang.Object
  com.ibm.websphere.objectgrid.security.plugins.builtins.KeyStoreLoginModule

All Implemented Interfaces:

LoginModule

public class KeyStoreLoginModule
extends Object
implements LoginModule

The KeyStoreLoginModule is a keystore authentication login module based on JAAS authentication.

A login configuration should provide an option "keyStoreFile" to indicate where the keystore file is located. If the keyStoreFile value contains a system property in the form, ${system.property}, it will be expanded to the value of the system property.

If an option "keyStoreFile" is not provided, the default keystore file name is "${java.home}${/}.keystore".

Here is a Login module configuration example:

    KeyStoreLogin {
        com.ibm.websphere.objectgrid.security.plugins.builtins.KeystoreLoginModule required
            keyStoreFile="${user.dir}${/}security${/}.keystore";
    };
 

This login module returns a principal of class javax.security.auth.x500.X500Principal.

Since:

WAS XD 6.0.1

See Also:

LoginModule

Field Summary

static String	DEFAULT_KEY_STORE_FILE The default key store file name
static String	KEY_STORE_FILE_PROPERTY_NAME Key store file property name
protected KeyStore	keyStore
static String	KEYSTORE_TYPE Key store type.

Constructor Summary

KeyStoreLoginModule()
Creates a new KeyStoreLoginModule.

Method Summary

boolean	abort() Indicates the user is not accepted
boolean	commit() Indicates the user is accepted.
void	initialize(Subject sub, CallbackHandler callbackHandler, Map mapSharedState, Map mapOptions) Initializes the login module.
boolean	login() Authenticates a user based on the keystore file.
boolean	logout() Logs the user out.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

KEY_STORE_FILE_PROPERTY_NAME

public static final String KEY_STORE_FILE_PROPERTY_NAME

Key store file property name

See Also:

Constant Field Values

KEYSTORE_TYPE

public static final String KEYSTORE_TYPE

Key store type. Only JKS is supported

See Also:

Constant Field Values

DEFAULT_KEY_STORE_FILE

public static final String DEFAULT_KEY_STORE_FILE

The default key store file name

See Also:

Constant Field Values

keyStore

protected KeyStore keyStore

Constructor Detail

KeyStoreLoginModule

public KeyStoreLoginModule()

Creates a new KeyStoreLoginModule.

Method Detail

initialize

public void initialize(Subject sub,
                       CallbackHandler callbackHandler,
                       Map mapSharedState,
                       Map mapOptions)

Initializes the login module.

Specified by:

initialize in interface LoginModule

See Also:

LoginModule.initialize(Subject, CallbackHandler, Map, Map)

login

public boolean login()
              throws LoginException

Authenticates a user based on the keystore file.

Specified by:

login in interface LoginModule

Throws:

LoginException

See Also:

LoginModule.login()

commit

public boolean commit()
               throws LoginException

Indicates the user is accepted.

This method is called only if the user is authenticated by all modules in the login configuration file. The principal objects will be added to the stored subject.

Specified by:

commit in interface LoginModule

Returns:

false if for some reason the principals cannot be added; true otherwise

Throws:

LoginException - LoginException is thrown if the subject is readonly or if any unrecoverable exceptions is encountered.

See Also:

LoginModule.commit()

abort

public boolean abort()
              throws LoginException

Indicates the user is not accepted

Specified by:

abort in interface LoginModule

Throws:

LoginException

See Also:

LoginModule.abort()

logout

public boolean logout()
               throws LoginException

Logs the user out. Clear all the maps.

Specified by:

logout in interface LoginModule

Throws:

LoginException

See Also:

LoginModule.logout()