java.lang.Object | |
↳ | com.sun.security.auth.module.KeyStoreLoginModule |
Provides a JAAS login module that prompts for a key store alias and
populates the subject with the alias's principal and credentials. Stores
an X500Principal
for the subject distinguished name of the
first certificate in the alias's credentials in the subject's principals,
the alias's certificate path in the subject's public credentials, and a
X500PrivateCredential
whose certificate is the first
certificate in the alias's certificate path and whose private key is the
alias's private key in the subject's private credentials.
Recognizes the following options in the configuration file:
keyStoreURL
user.home
system property. The input stream from this
URL is passed to the KeyStore.load
method.
"NONE" may be specified if a null
stream must be
passed to the KeyStore.load
method.
"NONE" should be specified if the KeyStore resides
on a hardware token device, for example.keyStoreType
KeyStore.getDefaultType()
.
If the type is "PKCS11", then keyStoreURL must be "NONE"
and privateKeyPasswordURL must not be specified.keyStoreProvider
keyStoreAlias
keyStorePasswordURL
protected
is false.
No default value. privateKeyPasswordURL
protected
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
This method is called if the LoginContext's overall authentication failed. | |||||||||||
Abstract method to commit the authentication process (phase 2).
| |||||||||||
Initialize this
LoginModule . | |||||||||||
Authenticate the user.
| |||||||||||
Logout a user.
|
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
From interface
javax.security.auth.spi.LoginModule
|
This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).
If this LoginModule's own authentication attempt
succeeded (checked by retrieving the private state saved by the
login
and commit
methods),
then this method cleans up any state that was originally saved.
If the loaded KeyStore's provider extends
java.security.AuthProvider
,
then the provider's logout
method is invoked.
LoginException | if the abort fails. |
---|
Abstract method to commit the authentication process (phase 2).
This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).
If this LoginModule's own authentication attempt
succeeded (checked by retrieving the private state saved by the
login
method), then this method associates a
X500Principal
for the subject distinguished name of the
first certificate in the alias's credentials in the subject's
principals,the alias's certificate path in the subject's public
credentials, and aX500PrivateCredential
whose certificate
is the first certificate in the alias's certificate path and whose
private key is the alias's private key in the subject's private
credentials. If this LoginModule's own
authentication attempted failed, then this method removes
any state that was originally saved.
LoginException | if the commit fails |
---|
Initialize this LoginModule
.
subject | the Subject to be authenticated. |
---|---|
callbackHandler | a CallbackHandler for communicating
with the end user (prompting for usernames and
passwords, for example),
which may be null . |
sharedState | shared LoginModule state. |
options | options specified in the login
Configuration for this particular
LoginModule .
|
Authenticate the user.
Get the Keystore alias and relevant passwords. Retrieve the alias's principal and credentials from the Keystore.
LoginModule
should not be ignored).
FailedLoginException | if the authentication fails. |
---|---|
LoginException |
Logout a user.
This method removes the Principals, public credentials and the
private credentials that were added by the commit
method.
If the loaded KeyStore's provider extends
java.security.AuthProvider
,
then the provider's logout
method is invoked.
LoginModule
should not be ignored.
LoginException | if the logout fails. |
---|