com.filenet.api.authentication.jboss.login
Class FnClientLoginModule

java.lang.Object
  extended by com.filenet.api.authentication.jboss.login.FnClientLoginModule
All Implemented Interfaces:
javax.security.auth.spi.LoginModule

public class FnClientLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule

A client can use FnClientLoginModule in place of the JBoss-supplied ClientLoginModule to authenticate its users to the Content Engine. The JBoss ClientLoginModule does not associate a user’s identity with the login’s Subject; instead, it associates the user’s identity with the most recent login operation. This behavior can cause a problem if the client code uses multiple user identities. To illustrate, consider code like this:

 Subject ident_jane = UserContext.createSubject("jane", JANES_PASSWORD");
 Subject ident_joe = UserContext.createSubject("joe", JOES_PASSWORD");
 
 UserContext.pushSubject(ident_jane);
 // do work as Jane
 
 UserContext.pushSubject(ident_joe);
 // do work as Joe
 

Transparently, the createSubject method does a JAAS login using the JAAS "FileNetP8" stanza (defined in the jaas.conf.JBoss configuration file). If the "FileNetP8" stanza is set to use the JBoss ClientLoginModule, as shown below:

 FileNetP8 {
     org.jboss.security.ClientLoginModule required;
 };

then all of the work is performed as if Joe were the user, because Joe was the most recent login. No work would be performed as Jane in this case. To correct this problem, use this setting for the JAAS "FileNetP8" stanza:

 FileNetP8 {
     com.filenet.api.authentication.jboss.login.FnClientLoginModule required;
 };

which is the default on JBoss installations if the client is configured to use <installation_directory>\Programs\FileNet\CE_API\config\samples\jaas.conf.JBoss.

In the more common case, in which the client code uses only one user identity, you can use either FnClientLoginModule or the JBoss ClientLoginModule.

You can specify other options as necessary for FnClientLoginModule when you modify the stanza, as follows:

Make sure to specify for the client the JAAS configuration file that contains your modifications. The typical way to specify this file for the client is through a JVM argument, similar to the following, when starting the client’s JVM:

–Djava.security.auth.login.config="c:/Program Files/FileNet/CE_API/config/samples/jaas.conf.JBoss"

(For more information and descriptions of the LoginModule methods, see your JBoss documentation for org.jboss.security.ClientLoginModule.)


Constructor Summary
FnClientLoginModule()
           
 
Method Summary
 boolean abort()
           
 boolean commit()
           
 void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
           
 boolean login()
           
 boolean logout()
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

FnClientLoginModule

public FnClientLoginModule()
Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map sharedState,
                       java.util.Map options)
Specified by:
initialize in interface javax.security.auth.spi.LoginModule

login

public boolean login()
              throws javax.security.auth.login.LoginException
Specified by:
login in interface javax.security.auth.spi.LoginModule
Throws:
javax.security.auth.login.LoginException

commit

public boolean commit()
Specified by:
commit in interface javax.security.auth.spi.LoginModule

abort

public boolean abort()
Specified by:
abort in interface javax.security.auth.spi.LoginModule

logout

public boolean logout()
Specified by:
logout in interface javax.security.auth.spi.LoginModule


© Copyright IBM Corporation 2006, 2008. All rights reserved.