com.ibm.security.auth.module

Class LinuxLoginModule

  1. java.lang.Object
  2. extended bycom.ibm.security.auth.module.LinuxLoginModule
All implemented interfaces:
LoginModule

  1. public class LinuxLoginModule
  2. extends java.lang.Object
  3. implements LoginModule

This LoginModule imports a user's Linux Principal information (LinuxPrincipal, LinuxNumericUserPrincipal, and LinuxNumericGroupPrincipal) and associates them with the current Subject.

This LoginModule recognizes the debug option. If set to true in the login Configuration, debug messages will be output to the output stream, System.out.

This class will be replaced by LinuxLoginModule2000 in future releases of JAAS.


Constructor Summary

Constructor and Description
LinuxLoginModule()

Method Summary

Modifier and Type Method and Description
  1. boolean
abort()
Abort the authentication (second phase).
  1. boolean
commit()
Commit the authentication (second phase).
  1. void
initialize(Subject subject,CallbackHandler callbackHandler,java.util.Map<java.lang.String,?> sharedState,java.util.Map<java.lang.String,?> options)
Initialize this LoginModule.
  1. boolean
login()
Authenticate the user (first phase).
  1. boolean
logout()
Logout the user.
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LinuxLoginModule

  1. public LinuxLoginModule()

Method Detail

initialize

  1. public void initialize(Subject subject,
  2. CallbackHandler callbackHandler,
  3. java.util.Map<java.lang.String,?> sharedState,
  4. java.util.Map<java.lang.String,?> options)
Initialize this LoginModule.

Specified by:
initialize in interface LoginModule
Parameters:
subject - the Subject to be authenticated.

callbackHandler - a CallbackHandler for communicating with the end user (prompting for usernames and passwords, for example).

sharedState - shared LoginModule state.

options - options specified in the login Configuration for this particular LoginModule.

login

  1. public boolean login()
  2. throws LoginException
Authenticate the user (first phase).

The implementation of this method attempts to retrieve the user's Linux Subject information by making a native Linux system call.

Specified by:
login in interface LoginModule
Returns:
true in all cases (this LoginModule should not be ignored).
Throws:
FailedLoginException - if attempts to retrieve the underlying system information fail.
LoginException - if the authentication fails

commit

  1. public boolean commit()
  2. throws LoginException
Commit the authentication (second phase).

This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).

If this LoginModule's own authentication attempt succeeded (the importing of the Linux authentication information succeeded), then this method associates the Linux Principals with the Subject currently tied to the LoginModule. If this LoginModule's authentication attempted failed, then this method removes any state that was originally saved.

Specified by:
commit in interface LoginModule
Returns:
true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
Throws:
LoginException - if the commit fails.

abort

  1. public boolean abort()
  2. throws LoginException
Abort the authentication (second phase).

This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).

This method cleans up any state that was originally saved as part of the authentication attempt from the login and commit methods.

Specified by:
abort in interface LoginModule
Returns:
false if this LoginModule's own login and/or commit attempts failed, and true otherwise.
Throws:
LoginException - if the abort fails.

logout

  1. public boolean logout()
  2. throws LoginException
Logout the user.

This method removes the Principals associated with the Subject.

Specified by:
logout in interface LoginModule
Returns:
true in all cases (this LoginModule should not be ignored).
Throws:
LoginException - if the logout fails.