java.lang.Object | |
↳ | com.sun.jmx.remote.security.FileLoginModule |
This LoginModule
performs file-based authentication.
A supplied username and password is verified against the
corresponding user credentials stored in a designated password file.
If successful then a new JMXPrincipal
is created with the
user's name and it is associated with the current Subject
.
Such principals may be identified and granted management privileges in
the access control file for JMX remote management or in a Java security
policy.
The password file comprises a list of key-value pairs as specified in
Properties
. The key represents a user's name and the value is its
associated cleartext password. By default, the following password file is
used:
${java.home}/lib/management/jmxremote.passwordA different password file can be specified via the
passwordFile
configuration option.
This module recognizes the following Configuration
options:
passwordFile
useFirstPass
true
, this module retrieves the username and password
from the module's shared state, using "javax.security.auth.login.name"
and "javax.security.auth.login.password" as the respective keys. The
retrieved values are used for authentication. If authentication fails,
no attempt for a retry is made, and the failure is reported back to
the calling application.tryFirstPass
true
, this module retrieves the username and password
from the module's shared state, using "javax.security.auth.login.name"
and "javax.security.auth.login.password" as the respective keys. The
retrieved values are used for authentication. If authentication fails,
the module uses the CallbackHandler to retrieve a new username and
password, and another attempt to authenticate is made. If the
authentication fails, the failure is reported back to the calling
application.storePass
true
, this module stores the username and password
obtained from the CallbackHandler in the module's shared state, using
"javax.security.auth.login.name" and
"javax.security.auth.login.password" as the respective keys. This is
not performed if existing values already exist for the username and
password in the shared state, or if authentication fails.clearPass
true
, this module clears the username and password
stored in the module's shared state after both phases of authentication
(login and commit) have completed.Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Abort user authentication (Authentication Phase 2).
| |||||||||||
Complete user authentication (Authentication Phase 2).
| |||||||||||
Initialize this
LoginModule . | |||||||||||
Begin user authentication (Authentication Phase 1).
| |||||||||||
Logout a user.
|
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
From interface
javax.security.auth.spi.LoginModule
|
Abort user authentication (Authentication Phase 2).
This method is called if the LoginContext's overall authentication failed (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).
If this LoginModule's own authentication attempt
succeeded (checked by retrieving the private state saved by the
login
and commit
methods),
then this method cleans up any state that was originally saved.
LoginException | if the abort fails. |
---|
Complete user authentication (Authentication Phase 2).
This method is called if the LoginContext's overall authentication has succeeded (all the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules have succeeded).
If this LoginModule's own authentication attempt
succeeded (checked by retrieving the private state saved by the
login
method), then this method associates a
JMXPrincipal
with the Subject
located in the
LoginModule
. If this LoginModule's own
authentication attempted failed, then this method removes
any state that was originally saved.
LoginException | if the commit fails |
---|
Initialize this LoginModule
.
subject | the Subject to be authenticated. |
---|---|
callbackHandler | a CallbackHandler to acquire the
user's name and password. |
sharedState | shared LoginModule state. |
options | options specified in the login
Configuration for this particular
LoginModule .
|
Begin user authentication (Authentication Phase 1).
Acquire the user's name and password and verify them against the corresponding credentials from the password file.
LoginModule
should not be ignored.FailedLoginException | if the authentication fails. |
---|---|
LoginException | if this LoginModule
is unable to perform the authentication.
|
Logout a user.
This method removes the Principals
that were added by the commit
method.
LoginModule
should not be ignored.
LoginException | if the logout fails. |
---|