public class FnClientLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule
FnClientLoginModule
to property handle the logins for remote
client. FnClientLoginModule
is strongly recommended for use on either local clients
using EJB or JBoss 4.x / 5.x clients running remotely and using EJB. For these latter clients (but not remote JBoss
6 EAP remote ones), there is the option of using JBoss's ClientLoginModule
but this has the flaw that
it does not associate a user's identity with the login's Subject
but, instead, associates the
user's identity with the most recent login operation.
JBoss's ClientLoginModule
behavior can cause a problem if the client code uses multiple user
identities. To illustrate, consider code like this:
Subject ident_jane = UserContext.createSubject("jane", JANES_PASSWORD"); Subject ident_joe = UserContext.createSubject("joe", JOES_PASSWORD"); UserContext.pushSubject(ident_jane); // do work as Jane UserContext.pushSubject(ident_joe); // do work as Joe
Transparently, the createSubject
method does a JAAS login using the JAAS
"FileNetP8" stanza (defined in the jaas.conf.JBoss
configuration file).
If the "FileNetP8" stanza is set to use the JBoss ClientLoginModule
, as
shown below:
FileNetP8 { org.jboss.security.ClientLoginModule required; };
then all of the work is performed as if Joe were the user, because Joe was the most recent login. No work would be performed as Jane in this case. To correct this problem, use this setting for the JAAS "FileNetP8" stanza:
FileNetP8 { com.filenet.api.authentication.jboss.login.FnClientLoginModule required; };
which is the default on JBoss installations if the client is configured to use <installation_directory>\Programs\FileNet\CE_API\config\samples\jaas.conf.JBoss.
In the more common case, in which the client code uses only one user identity, you can use
either FnClientLoginModule
or the JBoss ClientLoginModule
other than as noted above.
You can specify other options as necessary for FnClientLoginModule
when you modify
the stanza, as follows:
debug=true
to write additional debug messages on the console of the JBoss
client. The default is false
.useFirstPass=true
so that a principal and a credential may be passed in from a
previous login module in the same JASS configuration and used to override the login's normal user name / password.
This requires that some previous login module set javax.security.auth.login.name
and
javax.security.auth.login.password
entries in the JAAS shared state. The default is false
.useFirstPass=true
to indicate whether it is
an error (tryFirstPass=false
) or if the regular login user name / password is to be used
(tryFirstPass=true
) in cases where no previous login module has overridden the normal user name /
password. The default is false
.Make sure to specify for the client the JAAS configuration file that contains your modifications. The typical way to specify this file for the client is through a JVM argument, similar to the following, when starting the client's JVM:
-Djava.security.auth.login.config="c:/Program Files/FileNet/CE_API/config/samples/jaas.conf.JBoss"
(For more information and descriptions of the LoginModule methods, see your JBoss documentation for org.jboss.security.ClientLoginModule.)
Constructor and Description |
---|
FnClientLoginModule() |
Modifier and Type | Method and Description |
---|---|
boolean |
abort() |
boolean |
commit() |
void |
initialize(javax.security.auth.Subject subject,
javax.security.auth.callback.CallbackHandler callbackHandler,
java.util.Map sharedState,
java.util.Map options) |
boolean |
login() |
boolean |
logout() |
public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
initialize
in interface javax.security.auth.spi.LoginModule
public boolean login() throws javax.security.auth.login.LoginException
login
in interface javax.security.auth.spi.LoginModule
javax.security.auth.login.LoginException
public boolean commit()
commit
in interface javax.security.auth.spi.LoginModule
public boolean abort()
abort
in interface javax.security.auth.spi.LoginModule
public boolean logout()
logout
in interface javax.security.auth.spi.LoginModule
© Copyright IBM Corporation 2006, 2015. All rights reserved.