public abstract class PAMLoginModule extends FileLoginModule implements Loggable
Modifier and Type | Field and Description |
---|---|
static String |
PAM_MODULE_NAME
PAM module name to be installed in the pam configuration
|
callbackHandler, ENCRYPTED_DATA_SEP, groupFile, loginFile, subject, tenantFile
Constructor and Description |
---|
PAMLoginModule() |
Modifier and Type | Method and Description |
---|---|
boolean |
abort()
This method is called if the LoginContext's overall authentication
failed.
|
boolean |
commit()
This method is called if the LoginContext's overall authentication
succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL
LoginModules succeeded).
|
void |
initialize(Subject subject,
CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options) |
boolean |
login()
Authenticate the user by getting the user name and password from the
CallbackHandler.
|
boolean |
logout()
Logout the user.
|
protected boolean |
logUser(String username,
String password)
Check user and password from file, or authenticate with PAM.
|
checkGroupFile, checkLoginFile, checkTenantFile, getConfiguredDomains, getGroupFileName, getLoginFileName, getPrivateKey, getTenantFileName, groupMembershipFromFile, isLegacyPasswordEncryption, logUser, removeOldFailedAttempts, resetFailedAttempt, retryInHowManyMinutes, storeFailedAttempt, tenantMembershipFromFile, tooManyFailedAttempts
public static final String PAM_MODULE_NAME
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
initialize
in interface LoginModule
initialize
in class FileLoginModule
LoginModule.initialize(Subject, CallbackHandler, Map, Map)
public boolean login() throws LoginException
login
in interface LoginModule
login
in class FileLoginModule
PAMLoginModule
should not be ignored.FailedLoginException
- if the authentication fails.
LoginException
- if this LDAPLoginModule
is unable to
perform the authentication.LoginModule.login()
protected boolean logUser(String username, String password) throws LoginException
username
- user's loginpassword
- user's passwordLoginException
- if authentication and group membership fails.public boolean commit() throws LoginException
This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).
commit
in interface LoginModule
commit
in class FileLoginModule
LoginException
- if the commit fails.LoginModule.commit()
public boolean abort() throws LoginException
This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).
If this LDAPLoginModule's own authentication attempt succeeded (checked
by retrieving the private state saved by the login
and
commit
methods), then this method cleans up any state that
was originally saved.
abort
in interface LoginModule
abort
in class FileLoginModule
LoginException
- if the abort fails.LoginModule.abort()
public boolean logout() throws LoginException
logout
in interface LoginModule
logout
in class FileLoginModule
LoginModule
should
not be ignored.LoginException
- if the logout fails.LoginModule.logout()