Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

SK.gnome.dwarf.auth.login
Class PlaintextLoginModule

java.lang.Object
  extended bySK.gnome.dwarf.auth.login.GenericLoginModule
      extended bySK.gnome.dwarf.auth.login.PlaintextLoginModule
All Implemented Interfaces:
javax.security.auth.spi.LoginModule
public class PlaintextLoginModule
extends GenericLoginModule

The login module based on a plaintext file.

This module reads user information from a plain text file. Each user record consists of a login name followed by the "=" character, followed by at least four fields separated by colons. The first field is the user password encoded by an arbitrary algorithm. A single asterisk may be used instead to disable the login. The second field is the full name of the user. The third and fourth fields contain the number of milliseconds from the midnight, January 1, 1970 UTC, when the account and the password expires. Other than a positive integer value disables the expiration. The optional fifth field may be a comma-separated list of user's roles. Each line which starts with the "#" character, as well as empty lines will be ignored.

Examples of the user database: 

 # user: joe
 # full name: Joe Public
 # password: non-real, i.e. login is disabled
 # account expiration: no
 # password expiration: no
 # roles: no
 joe=*:Joe Public:0:0:

 # user: jim
 # full name: Jim Beam
 # password: xxxxxxx
 # account expiration: no
 # password expiration: about 10 years in the future
 # roles: users
 jim=Er456.fd/89A:Jim Beam:0:1016234197723:users

 # user: mail
 # full name: Mail Daemon
 # password: non-real, i.e. login is disabled
 # account expiration: no
 # password expiration: no
 # roles: daemon, mail
 mail=*:Mail Daemon:0:0:daemon,mail

Passwords may be encrypted using the PasswordEncoder implementations, specified via the encoder option key.

The user database location is specified via the file option key. It must reference an existing file in the filesystem.

This login module returns an array of principals representing the user identities. This array always contains one UserPrincipal with the name of the user. Optionally, it may contain several RolePrincipal objects according to the user's roles.

This module supports case-insensitive logins and identification feature as described in the GenericLoginModule.

Sample configuration entry: 

 Test1 {
   SK.gnome.dwarf.auth.login.PlaintextLoginModule required
     debug="true"
     file="conf/users.properties";
 };

Field Summary
 
Fields inherited from class SK.gnome.dwarf.auth.login.GenericLoginModule
encoder
 
Constructor Summary
PlaintextLoginModule()
           
 
Method Summary
 void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler cbHandler, java.util.Map sharedState, java.util.Map options)
          Initializes this login module.
protected  java.security.Principal[] validate(java.lang.String username, char[] password)
          Validates the given user.
 
Methods inherited from class SK.gnome.dwarf.auth.login.GenericLoginModule
abort, commit, debug, getBooleanOption, getIntOption, getStringOption, checkPassword, isDebugOn, isIdentOn, isIgnoreCaseOn, login, logout
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PlaintextLoginModule

public PlaintextLoginModule()
Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler cbHandler,
                       java.util.Map sharedState,
                       java.util.Map options)
Description copied from class: GenericLoginModule
Initializes this login module.

Specified by:
initialize in interface javax.security.auth.spi.LoginModule
Overrides:
initialize in class GenericLoginModule
Parameters:
subject - the subject to be authenticated
cbHandler - the callbackHandler for getting the username and password
sharedState - shared login module state
options - options specified in the login configuration for this particular login module

validate

protected java.security.Principal[] validate(java.lang.String username,
                                             char[] password)
                                      throws javax.security.auth.login.LoginException
Description copied from class: GenericLoginModule
Validates the given user.

This method must validate a user according to the given username and password, and should return an array of principal objects representing the various user's identities. If no principals are found, an empty array must be returned. If the user could not be validated, a LoginException is thrown to indicate the failed login. Exception is then propagated to the calling LoginContext object.

It is recommended for the implementations to use the GenericLoginModule.checkPassword(String, char[]) method to validate the password using the current PasswordEncoder instance.

This method may be implemented in a way that if the password argument is null, it will bypass the password check and will test the user existence only. However, the subject procesed by this type of authentication must not be used to represent an authenticated user. The implementations must consult the ident option key prior to enabling this feature.

The ignorecase option key may be consulted by the implementing modules, too, for enabling the case-insensitive logins.

Specified by:
validate in class GenericLoginModule
Parameters:
username - the name of the user
password - the user password
Returns:
the array of principals representing the various user identities
Throws:
javax.security.auth.login.LoginException
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright (c) 1999-2005, Gnome Ltd. All rights reserved.