org.n52.security.authentication.loginmodule
Class SAMLTicketLoginModule

java.lang.Object
  extended by org.n52.security.authentication.loginmodule.AbstractLoginModule
      extended by org.n52.security.authentication.loginmodule.SAMLTicketLoginModule
All Implemented Interfaces:
java.io.Serializable, javax.security.auth.spi.LoginModule

public class SAMLTicketLoginModule
extends AbstractLoginModule

Authenticates users by checking a SAMLResponse (or better an instance of SAMLTicket). Adds a list of RolePrincipal to the subject.

Version:
$Revision: 1755 $
Author:
Marko Reiprecht Created on 25.07.2008
See Also:
Serialized Form

Field Summary
static java.lang.String OPTION_EXPIRED_TIME_OFFSET
          expired timeset offset option identifier.
static java.lang.String OPTION_NO_VALIDATION
          no validation option identifier.
static java.lang.String OPTION_SAML_ROLE_ATTRIBUTE_NAME
          SAMLAttribute role name option identifier.
static java.lang.String OPTION_VALIDATION_KEYPAIR
          validation key pair option identifier.
 
Fields inherited from class org.n52.security.authentication.loginmodule.AbstractLoginModule
m_callbackHandler, m_commitSucceeded, m_loginSucceeded, m_options, m_principals, m_privateCredentials, m_publicCredentials, m_sharedState, m_subject
 
Constructor Summary
SAMLTicketLoginModule()
           
 
Method Summary
protected  void clearAuthenticationState()
          Method cleanAuthenticationState is a template method used to invoke a cleanup of any authentication information provided by the user e.g. the user name and password used to login the user.
protected  java.lang.String getDescription()
          Method gets the description of this LoginModule.
protected  void initialize()
          Initializes the login module.
 boolean performLogin()
          Method performs the real login, this is called by the pre implented login() method.
protected  void prepareCommitState()
          Method prepareCommitState is a template method used to let a sub class prepare all principals and credentials, which then will be applied to the subject.
 
Methods inherited from class org.n52.security.authentication.loginmodule.AbstractLoginModule
abort, addPrincipal, addPrivateCredential, addPublicCredential, clearInternalState, commit, commitState, destroy, getCallbackHandler, getOptions, getPrincipals, getPrivateCredentials, getPublicCredentials, getSharedState, getSubject, handleCallbacks, initialize, isCallbackHandlerSet, isCommitSucceeded, isLoginSucceeded, login, logout, setCommitSucceeded, setLoginSucceeded, showModuleBanner
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

OPTION_VALIDATION_KEYPAIR

public static final java.lang.String OPTION_VALIDATION_KEYPAIR
validation key pair option identifier.

See Also:
Constant Field Values

OPTION_NO_VALIDATION

public static final java.lang.String OPTION_NO_VALIDATION
no validation option identifier.

See Also:
Constant Field Values

OPTION_EXPIRED_TIME_OFFSET

public static final java.lang.String OPTION_EXPIRED_TIME_OFFSET
expired timeset offset option identifier.

See Also:
Constant Field Values

OPTION_SAML_ROLE_ATTRIBUTE_NAME

public static final java.lang.String OPTION_SAML_ROLE_ATTRIBUTE_NAME
SAMLAttribute role name option identifier.

See Also:
Constant Field Values
Constructor Detail

SAMLTicketLoginModule

public SAMLTicketLoginModule()
Method Detail

getDescription

protected java.lang.String getDescription()
Description copied from class: AbstractLoginModule
Method gets the description of this LoginModule.

The description is used if the login module is configured with the option 'moduleBanner', to invoke a TextOutputCallback on the callback handler.

Specified by:
getDescription in class AbstractLoginModule
Returns:
String.
See Also:
AbstractLoginModule.getDescription()

clearAuthenticationState

protected void clearAuthenticationState()
                                 throws javax.security.auth.login.LoginException
Description copied from class: AbstractLoginModule
Method cleanAuthenticationState is a template method used to invoke a cleanup of any authentication information provided by the user e.g. the user name and password used to login the user.

This is not a clean up of the created principals or credentials during login. It is a way to reduce the security holes by cleaning state information wich is not further needed.

Specified by:
clearAuthenticationState in class AbstractLoginModule
Throws:
javax.security.auth.login.LoginException - if an error occurs.
See Also:
AbstractLoginModule.clearAuthenticationState()

initialize

protected void initialize()
Initializes the login module. It looks for the option "validationKeyPair" which must be an instance of KeyPair. If the option "noValidation" is set to true the key pair is ignored and no validation of the saml assertion is done.

The Option SAMLRoleAttributeName is used to convert attribute principals to role principals.

Specified by:
initialize in class AbstractLoginModule
See Also:
AbstractLoginModule.initialize()

performLogin

public boolean performLogin()
                     throws javax.security.auth.login.LoginException
Description copied from class: AbstractLoginModule
Method performs the real login, this is called by the pre implented login() method.

Specified by:
performLogin in class AbstractLoginModule
Returns:
boolean.
Throws:
javax.security.auth.login.LoginException - if error occurs.
See Also:
AbstractLoginModule.performLogin()

prepareCommitState

protected void prepareCommitState()
                           throws javax.security.auth.login.LoginException
Description copied from class: AbstractLoginModule
Method prepareCommitState is a template method used to let a sub class prepare all principals and credentials, which then will be applied to the subject.

It allows to separate the logic of the login (retrieve and check the authentication credentials) from the logic for retrieving/preparing subject information.

Specified by:
prepareCommitState in class AbstractLoginModule
Throws:
javax.security.auth.login.LoginException - if error occurs.
See Also:
AbstractLoginModule.prepareCommitState()


Copyright © 2004-2009 52north.org. All Rights Reserved.