| java.lang.Object | |
| ↳ | com.sun.jmx.remote.security.FileLoginModule |
Class Overview
This LoginModule performs file-based authentication.
A supplied username and password is verified against the
corresponding user credentials stored in a designated password file.
If successful then a new JMXPrincipal is created with the
user's name and it is associated with the current Subject.
Such principals may be identified and granted management privileges in
the access control file for JMX remote management or in a Java security
policy.
The password file comprises a list of key-value pairs as specified in
Properties. The key represents a user's name and the value is its
associated cleartext password. By default, the following password file is
used:
${java.home}/lib/management/jmxremote.password
A different password file can be specified via the passwordFile
configuration option.
This module recognizes the following Configuration options:
-
passwordFile - the path to an alternative password file. It is used instead of the default password file.
-
useFirstPass - if
true, this module retrieves the username and password from the module's shared state, using "javax.security.auth.login.name" and "javax.security.auth.login.password" as the respective keys. The retrieved values are used for authentication. If authentication fails, no attempt for a retry is made, and the failure is reported back to the calling application. -
tryFirstPass - if
true, this module retrieves the username and password from the module's shared state, using "javax.security.auth.login.name" and "javax.security.auth.login.password" as the respective keys. The retrieved values are used for authentication. If authentication fails, the module uses the CallbackHandler to retrieve a new username and password, and another attempt to authenticate is made. If the authentication fails, the failure is reported back to the calling application. -
storePass - if
true, this module stores the username and password obtained from the CallbackHandler in the module's shared state, using "javax.security.auth.login.name" and "javax.security.auth.login.password" as the respective keys. This is not performed if existing values already exist for the username and password in the shared state, or if authentication fails. -
clearPass - if
true, this module clears the username and password stored in the module's shared state after both phases of authentication (login and commit) have completed.
Summary
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Abort user authentication (Authentication Phase 2).
| |||||||||||
Complete user authentication (Authentication Phase 2).
| |||||||||||
Initialize this
LoginModule. | |||||||||||
Begin user authentication (Authentication Phase 1).
| |||||||||||
Logout a user.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
|
From interface
javax.security.auth.spi.LoginModule
| |||||||||||
Public Constructors
public FileLoginModule ()
Public Methods
public boolean abort ()
Abort user authentication (Authentication Phase 2).
This method is called if the LoginContext's overall authentication failed (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).
If this LoginModule's own authentication attempt
succeeded (checked by retrieving the private state saved by the
login and commit methods),
then this method cleans up any state that was originally saved.
Returns
- false if this LoginModule's own login and/or commit attempts failed, and true otherwise.
Throws
| LoginException | if the abort fails. |
|---|
public boolean commit ()
Complete user authentication (Authentication Phase 2).
This method is called if the LoginContext's overall authentication has succeeded (all the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules have succeeded).
If this LoginModule's own authentication attempt
succeeded (checked by retrieving the private state saved by the
login method), then this method associates a
JMXPrincipal with the Subject located in the
LoginModule. If this LoginModule's own
authentication attempted failed, then this method removes
any state that was originally saved.
Returns
- true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
Throws
| LoginException | if the commit fails |
|---|
public void initialize (Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options)
Initialize this LoginModule.
Parameters
| subject | the Subject to be authenticated. |
|---|---|
| callbackHandler | a CallbackHandler to acquire the
user's name and password. |
| sharedState | shared LoginModule state. |
| options | options specified in the login
Configuration for this particular
LoginModule.
|
public boolean login ()
Begin user authentication (Authentication Phase 1).
Acquire the user's name and password and verify them against the corresponding credentials from the password file.
Returns
- true always, since this
LoginModuleshould not be ignored.
Throws
| FailedLoginException | if the authentication fails. |
|---|---|
| LoginException | if this LoginModule
is unable to perform the authentication.
|
public boolean logout ()
Logout a user.
This method removes the Principals
that were added by the commit method.
Returns
- true in all cases since this
LoginModuleshould not be ignored.
Throws
| LoginException | if the logout fails. |
|---|