KeyStoreLoginModule

Class Overview

Provides a JAAS login module that prompts for a key store alias and populates the subject with the alias's principal and credentials. Stores an X500Principal for the subject distinguished name of the first certificate in the alias's credentials in the subject's principals, the alias's certificate path in the subject's public credentials, and a X500PrivateCredential whose certificate is the first certificate in the alias's certificate path and whose private key is the alias's private key in the subject's private credentials.

Recognizes the following options in the configuration file:

keyStoreURL

A URL that specifies the location of the key store. Defaults to a URL pointing to the .keystore file in the directory specified by the user.home system property. The input stream from this URL is passed to the KeyStore.load method. "NONE" may be specified if a null stream must be passed to the KeyStore.load method. "NONE" should be specified if the KeyStore resides on a hardware token device, for example.

keyStoreType

The key store type. If not specified, defaults to the result of calling KeyStore.getDefaultType(). If the type is "PKCS11", then keyStoreURL must be "NONE" and privateKeyPasswordURL must not be specified.

keyStoreProvider

The key store provider. If not specified, uses the standard search order to find the provider.

keyStoreAlias

The alias in the key store to login as. Required when no callback handler is provided. No default value.

keyStorePasswordURL

A URL that specifies the location of the key store password. Required when no callback handler is provided and protected is false. No default value.

privateKeyPasswordURL

A URL that specifies the location of the specific private key password needed to access the private key for this alias. The keystore password is used if this value is needed and not specified.

protected

This value should be set to "true" if the KeyStore has a separate, protected authentication path (for example, a dedicated PIN-pad attached to a smart card). Defaults to "false". If "true" keyStorePasswordURL and privateKeyPasswordURL must not be specified.

Summary

[Expand] Inherited Methods
From class java.lang.Object Object clone() Creates and returns a copy of this object. boolean equals(Object obj) Indicates whether some other object is "equal to" this one. void finalize() Called by the garbage collector on an object when garbage collection determines that there are no more references to the object. final Class<?> getClass() Returns the runtime class of this Object. int hashCode() Returns a hash code value for the object. final void notify() Wakes up a single thread that is waiting on this object's monitor. final void notifyAll() Wakes up all threads that are waiting on this object's monitor. String toString() Returns a string representation of the object. final void wait() Causes the current thread to wait until another thread invokes the notify() method or the notifyAll() method for this object. final void wait(long timeout, int nanos) Causes the current thread to wait until another thread invokes the notify() method or the notifyAll() method for this object, or some other thread interrupts the current thread, or a certain amount of real time has elapsed. final void wait(long timeout) Causes the current thread to wait until either another thread invokes the notify() method or the notifyAll() method for this object, or a specified amount of time has elapsed.
From interface javax.security.auth.spi.LoginModule abstract boolean abort() Method to abort the authentication process (phase 2). abstract boolean commit() Method to commit the authentication process (phase 2). abstract void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) Initialize this LoginModule. abstract boolean login() Method to authenticate a Subject (phase 1). abstract boolean logout() Method which logs out a Subject.