Java Doc for LoginContext.java in » 6.0-JDK-Core » security » javax » security » auth » login » Java Source Code / Java DocumentationJava Source Code and Java Documentation

1.	6.0 JDK Core
2.	6.0 JDK Modules
3.	6.0 JDK Modules com.sun
4.	6.0 JDK Modules com.sun.java
5.	6.0 JDK Modules sun
6.	6.0 JDK Platform
7.	Ajax
8.	Apache Harmony Java SE
9.	Aspect oriented
10.	Authentication Authorization
11.	Blogger System
12.	Build
13.	Byte Code
14.	Cache
15.	Chart
16.	Chat
17.	Code Analyzer
18.	Collaboration
19.	Content Management System
20.	Database Client
21.	Database DBMS
22.	Database JDBC Connection Pool
23.	Database ORM
24.	Development
25.	EJB Server
26.	ERP CRM Financial
27.	ESB
28.	Forum
29.	Game
30.	GIS
31.	Graphic 3D
32.	Graphic Library
33.	Groupware
34.	HTML Parser
35.	IDE
36.	IDE Eclipse
37.	IDE Netbeans
38.	Installer
39.	Internationalization Localization
40.	Inversion of Control
41.	Issue Tracking
42.	J2EE
43.	J2ME
44.	JBoss
45.	JMS
46.	JMX
47.	Library
48.	Mail Clients
49.	Music
50.	Net
51.	Parser
52.	PDF
53.	Portal
54.	Profiler
55.	Project Management
56.	Report
57.	RSS RDF
58.	Rule Engine
59.	Science
60.	Scripting
61.	Search Engine
62.	Security
63.	Sevlet Container
64.	Source Control
65.	Swing Library
66.	Template Engine
67.	Test Coverage
68.	Testing
69.	UML
70.	Web Crawler
71.	Web Framework
72.	Web Mail
73.	Web Server
74.	Web Services
75.	Web Services apache cxf 2.2.6
76.	Web Services AXIS2
77.	Wiki Engine
78.	Workflow Engines
79.	XML
80.	XML UI

Java Source Code / Java Documentation » 6.0 JDK Core » security » javax.security.auth.login

Source Cross Reference Class Diagram Java Document (Java Doc)

java.lang .Object

javax.security.auth.login .LoginContext

LoginContext

public class LoginContext (Code)

The LoginContext class describes the basic methods used to authenticate Subjects and provides a way to develop an application independent of the underlying authentication technology. A Configuration specifies the authentication technology, or LoginModule, to be used with a particular application. Different LoginModules can be plugged in under an application without requiring any modifications to the application itself.

In addition to supporting pluggable authentication, this class also supports the notion of stacked authentication. Applications may be configured to use more than one LoginModule. For example, one could configure both a Kerberos LoginModule and a smart card LoginModule under an application.

A typical caller instantiates a LoginContext with a name and a CallbackHandler. LoginContext uses the name as the index into a Configuration to determine which LoginModules should be used, and which ones must succeed in order for the overall authentication to succeed. The CallbackHandler is passed to the underlying LoginModules so they may communicate and interact with users (prompting for a username and password via a graphical user interface, for example).

Once the caller has instantiated a LoginContext, it invokes the login method to authenticate a Subject. The login method invokes the configured modules to perform their respective types of authentication (username/password, smart card pin verification, etc.). Note that the LoginModules will not attempt authentication retries nor introduce delays if the authentication fails. Such tasks belong to the LoginContext caller.

If the login method returns without throwing an exception, then the overall authentication succeeded. The caller can then retrieve the newly authenticated Subject by invoking the getSubject method. Principals and Credentials associated with the Subject may be retrieved by invoking the Subject's respective getPrincipals, getPublicCredentials, and getPrivateCredentials methods.

To logout the Subject, the caller calls the logout method. As with the login method, this logout method invokes the logout method for the configured modules.

A LoginContext should not be used to authenticate more than one Subject. A separate LoginContext should be used to authenticate each different Subject.

The following documentation applies to all LoginContext constructors:

Subject
- If the constructor has a Subject input parameter, the LoginContext uses the caller-specified Subject object.
- If the caller specifies a null Subject and a null value is permitted, the LoginContext instantiates a new Subject.
- If the constructor does not have a Subject input parameter, the LoginContext instantiates a new Subject.
Configuration
- If the constructor has a Configuration input parameter and the caller specifies a non-null Configuration, the LoginContext uses the caller-specified Configuration.
  If the constructor does not have a Configuration input parameter, or if the caller specifies a null Configuration object, the constructor uses the following call to get the installed Configuration:
```
 config = Configuration.getConfiguration();
 
```
  For both cases, the name argument given to the constructor is passed to the Configuration.getAppConfigurationEntry method. If the Configuration has no entries for the specified name, then the LoginContext calls getAppConfigurationEntry with the name, "other" (the default entry name). If there is no entry for "other", then a LoginException is thrown.
- When LoginContext uses the installed Configuration, the caller requires the createLoginContext.name and possibly createLoginContext.other AuthPermissions. Furthermore, the LoginContext will invoke configured modules from within an AccessController.doPrivileged call so that modules that perform security-sensitive tasks (such as connecting to remote hosts, and updating the Subject) will require the respective permissions, but the callers of the LoginContext will not require those permissions.
- When LoginContext uses a caller-specified Configuration, the caller does not require any createLoginContext AuthPermission. The LoginContext saves the AccessControlContext for the caller, and invokes the configured modules from within an AccessController.doPrivileged call constrained by that context. This means the caller context (stored when the LoginContext was created) must have sufficient permissions to perform any security-sensitive tasks that the modules may perform.
CallbackHandler
- If the constructor has a CallbackHandler input parameter, the LoginContext uses the caller-specified CallbackHandler object.
- If the constructor does not have a CallbackHandler input parameter, or if the caller specifies a null CallbackHandler object (and a null value is permitted), the LoginContext queries the auth.login.defaultCallbackHandler security property for the fully qualified class name of a default handler implementation. If the security property is not set, then the underlying modules will not have a CallbackHandler for use in communicating with users. The caller thus assumes that the configured modules have alternative means for authenticating the user.
- When the LoginContext uses the installed Configuration (instead of a caller-specified Configuration, see above), then this LoginContext must wrap any caller-specified or default CallbackHandler implementation in a new CallbackHandler implementation whose handle method implementation invokes the specified CallbackHandler's handle method in a java.security.AccessController.doPrivileged call constrained by the caller's current AccessControlContext.

Note that Security Properties (such as auth.login.defaultCallbackHandler) can be set programmatically via the java.security.Security class, or statically in the Java security properties file located in the file named <JAVA_HOME>/lib/security/java.security. <JAVA_HOME> refers to the value of the java.home system property, and specifies the directory where the JRE is installed.
version:
   1.107, 05/05/07
See Also:   java.security.Security
See Also:   javax.security.auth.AuthPermission
See Also:   javax.security.auth.Subject
See Also:   javax.security.auth.callback.CallbackHandler
See Also:   javax.security.auth.login.Configuration
See Also:   javax.security.auth.spi.LoginModule

Constructor Summary
public	LoginContext(String name) Instantiate a new `LoginContext` object with a name.
public	LoginContext(String name, Subject subject) Instantiate a new `LoginContext` object with a name and a `Subject` object. Parameters: name - the name used as the index into the`Configuration`.
public	LoginContext(String name, CallbackHandler callbackHandler) Instantiate a new `LoginContext` object with a name and a `CallbackHandler` object. Parameters: name - the name used as the index into the`Configuration`.
public	LoginContext(String name, Subject subject, CallbackHandler callbackHandler) Instantiate a new `LoginContext` object with a name, a `Subject` to be authenticated, and a `CallbackHandler` object. Parameters: name - the name used as the index into the`Configuration`.
public	LoginContext(String name, Subject subject, CallbackHandler callbackHandler, Configuration config) Instantiate a new `LoginContext` object with a name, a `Subject` to be authenticated, a `CallbackHandler` object, and a login `Configuration`. Parameters: name - the name used as the index into the caller-specified`Configuration`.

Method Summary
public Subject	getSubject() Return the authenticated Subject. the authenticated Subject.
public void	login() Perform the authentication. This method invokes the `login` method for each LoginModule configured for the name specified to the `LoginContext` constructor, as determined by the login `Configuration`.
public void	logout() Logout the `Subject`. This method invokes the `logout` method for each `LoginModule` configured for this `LoginContext`. Each `LoginModule` performs its respective logout procedure which may include removing/destroying `Principal` and `Credential` information from the `Subject` and state cleanup. Note that this method invokes all LoginModules configured for the application regardless of their respective `Configuration` flag parameters.

Constructor Detail

LoginContext
public LoginContext(String name) throws LoginException(Code)
	Instantiate a new `LoginContext` object with a name. Parameters: name - the name used as the index into the`Configuration`. exception: LoginException - if the caller-specified `name`does not appear in the `Configuration`and there is no `Configuration` entryfor "other", or if theauth.login.defaultCallbackHandlersecurity property was set, but the implementationclass could not be loaded. exception: SecurityException - if a SecurityManager is set andthe caller does not haveAuthPermission("createLoginContext.name"),or if a configuration entry for name does not exist andthe caller does not additionally haveAuthPermission("createLoginContext.other")

LoginContext

public LoginContext(String name, Subject subject) throws LoginException(Code)

Instantiate a new LoginContext object with a name and a Subject object.

Parameters:
name - the name used as the index into theConfiguration.

Parameters:
subject - the Subject to authenticate.
exception:
LoginException - if the caller-specified namedoes not appear in the Configurationand there is no Configuration entryfor "other", if the caller-specified subjectis null, or if theauth.login.defaultCallbackHandlersecurity property was set, but the implementationclass could not be loaded.

exception:
SecurityException - if a SecurityManager is set andthe caller does not haveAuthPermission("createLoginContext.name"),or if a configuration entry for name does not exist andthe caller does not additionally haveAuthPermission("createLoginContext.other")

LoginContext

public LoginContext(String name, CallbackHandler callbackHandler) throws LoginException(Code)

Instantiate a new LoginContext object with a name and a CallbackHandler object.

Parameters:
name - the name used as the index into theConfiguration.

Parameters:
callbackHandler - the CallbackHandler object used byLoginModules to communicate with the user.
exception:
LoginException - if the caller-specified namedoes not appear in the Configurationand there is no Configuration entryfor "other", or if the caller-specifiedcallbackHandler is null.

LoginContext

public LoginContext(String name, Subject subject, CallbackHandler callbackHandler) throws LoginException(Code)

Instantiate a new LoginContext object with a name, a Subject to be authenticated, and a CallbackHandler object.

Parameters:
name - the name used as the index into theConfiguration.

Parameters:
subject - the Subject to authenticate.

LoginContext

public LoginContext(String name, Subject subject, CallbackHandler callbackHandler, Configuration config) throws LoginException(Code)

Instantiate a new LoginContext object with a name, a Subject to be authenticated, a CallbackHandler object, and a login Configuration.

Parameters:
name - the name used as the index into the caller-specifiedConfiguration.

Parameters:
subject - the Subject to authenticate,or null.

Parameters:
callbackHandler - the CallbackHandler object used byLoginModules to communicate with the user, or null.

Parameters:
config - the Configuration that lists thelogin modules to be called to perform the authentication,or null.
exception:
LoginException - if the caller-specified namedoes not appear in the Configurationand there is no Configuration entryfor "other".

exception:
SecurityException - if a SecurityManager is set,config is null,and either the caller does not haveAuthPermission("createLoginContext.name"),or if a configuration entry for name does not exist andthe caller does not additionally haveAuthPermission("createLoginContext.other")
since:
1.5

Method Detail

getSubject
public Subject getSubject()(Code)
	Return the authenticated Subject. the authenticated Subject. If the caller specified aSubject to this LoginContext's constructor,this method returns the caller-specified Subject.If a Subject was not specified and authentication succeeds,this method returns the Subject instantiated and used forauthentication by this LoginContext.If a Subject was not specified, and authentication fails orhas not been attempted, this method returns null.

login

public void login() throws LoginException(Code)

Perform the authentication.

This method invokes the login method for each LoginModule configured for the name specified to the LoginContext constructor, as determined by the login Configuration. Each LoginModule then performs its respective type of authentication (username/password, smart card pin verification, etc.).

This method completes a 2-phase authentication process by calling each configured LoginModule's commit method if the overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT, and OPTIONAL LoginModules succeeded), or by calling each configured LoginModule's abort method if the overall authentication failed. If authentication succeeded, each successful LoginModule's commit method associates the relevant Principals and Credentials with the Subject. If authentication failed, each LoginModule's abort method removes/destroys any previously stored state.

If the commit phase of the authentication process fails, then the overall authentication fails and this method invokes the abort method for each configured LoginModule.

If the abort phase fails for any reason, then this method propagates the original exception thrown either during the login phase or the commit phase. In either case, the overall authentication fails.

In the case where multiple LoginModules fail, this method propagates the exception raised by the first LoginModule which failed.

Note that if this method enters the abort phase (either the login or commit phase failed), this method invokes all LoginModules configured for the application regardless of their respective Configuration flag parameters. Essentially this means that Requisite and Sufficient semantics are ignored during the abort phase. This guarantees that proper cleanup and state restoration can take place.

exception:
LoginException - if the authentication fails.

logout

public void logout() throws LoginException(Code)

Logout the Subject.

This method invokes the logout method for each LoginModule configured for this LoginContext. Each LoginModule performs its respective logout procedure which may include removing/destroying Principal and Credential information from the Subject and state cleanup.

Note that this method invokes all LoginModules configured for the application regardless of their respective Configuration flag parameters. Essentially this means that Requisite and Sufficient semantics are ignored for this method. This guarantees that proper cleanup and state restoration can take place.

exception:
LoginException - if the logout fails.

Methods inherited from java.lang.Object

native protected Object clone() throws CloneNotSupportedException(Code)(Java Doc)
public boolean equals(Object obj)(Code)(Java Doc)
protected void finalize() throws Throwable(Code)(Java Doc)
final native public Class getClass()(Code)(Java Doc)
native public int hashCode()(Code)(Java Doc)
final native public void notify()(Code)(Java Doc)
final native public void notifyAll()(Code)(Java Doc)
public String toString()(Code)(Java Doc)
final native public void wait(long timeout) throws InterruptedException(Code)(Java Doc)
final public void wait(long timeout, int nanos) throws InterruptedException(Code)(Java Doc)
final public void wait() throws InterruptedException(Code)(Java Doc)

www.java2java.com | Contact Us

All other trademarks are property of their respective owners.