com.ibm.wsspi.wim
Class VMMSAFMappingModule

java.lang.Object
  extended by com.ibm.wsspi.wim.VMMSAFMappingModule
All Implemented Interfaces:
javax.security.auth.spi.LoginModule

public class VMMSAFMappingModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule

VMMSAFMappingModule demonstrates a custom login module that maps the existing WSPrincipal from the shared state to a z/OS user id for a Federated Repository. The following values will be set into the shared state if authentication succeeds. If authentication fails, this login module will still indicate success, but no values are set into the shared state. AttributeNameConstants.ZOS_USERID AttributeNameConstants.ZOS_AUDIT_STRING AttributeNameConstants.CALLER_PRINCIPAL_CLASS This login module does not use any callbacks, nor does it modify the Subject in any way.


Field Summary
static java.lang.String CLASSNAME
           
 
Constructor Summary
VMMSAFMappingModule()
          Construct an uninitialized mapping module object.
 
Method Summary
 boolean abort()
          Method to abort the authentication process (Phase 2).
 boolean commit()
          Method to commit the authentication result.
 void initialize(javax.security.auth.Subject newSubject, javax.security.auth.callback.CallbackHandler newCallbackHandler, java.util.Map newSharedState, java.util.Map newOptions)
          Initialize this login module.
 boolean login()
          Method to map the WSPrincipal to a ZOS_USERID This method derives a ZOS_USERID and stores it into the Shared State for use by a later Login Module.
 boolean logout()
          Method which logs out a Subject.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CLASSNAME

public static final java.lang.String CLASSNAME
Constructor Detail

VMMSAFMappingModule

public VMMSAFMappingModule()
Construct an uninitialized mapping module object.

Method Detail

initialize

public void initialize(javax.security.auth.Subject newSubject,
                       javax.security.auth.callback.CallbackHandler newCallbackHandler,
                       java.util.Map newSharedState,
                       java.util.Map newOptions)
Initialize this login module. This is called by the LoginContext after this login module is instantiated. The relevant information is passed from the LoginContext to this login module. If the login module does not understand any of the data stored in the sharedState and options parameters, they can be ignored.

Specified by:
initialize in interface javax.security.auth.spi.LoginModule
Parameters:
subject - The subject that this LoginContext is authenticating
callbackHandler - A CallbackHandler for communicating with the end user to gather login information (e.g., username and password).
sharedState - The state shared with other configured login modules.
options - The options specified in the login configuration for this particular login module.

login

public boolean login()
              throws javax.security.auth.login.LoginException
Method to map the WSPrincipal to a ZOS_USERID This method derives a ZOS_USERID and stores it into the Shared State for use by a later Login Module.

Specified by:
login in interface javax.security.auth.spi.LoginModule
Throws:
javax.security.auth.login.LoginException - if the authentication fails, which is impossible for this Login Module
Return:
true if the authentication succeeded, or false if this Login Module should be ignored

commit

public boolean commit()
               throws javax.security.auth.login.LoginException
Method to commit the authentication result. This Login Module does not need to commit any data, so we will simply return.

Specified by:
commit in interface javax.security.auth.spi.LoginModule
Throws:
javax.security.auth.login.LoginException - if the commit fails, which cannot happen in this Login Module
Return:
true if the original login succeeded, or false if the original login failed

abort

public boolean abort()
              throws javax.security.auth.login.LoginException
Method to abort the authentication process (Phase 2). No matter whether our original login succeeded or failed, this method cleans up our state and returns.

Specified by:
abort in interface javax.security.auth.spi.LoginModule
Throws:
javax.security.auth.login.LoginException - if the abort fails, which cannot happen in this Login Module
Return:
true if the original login succeeded, or false if the original login failed

logout

public boolean logout()
               throws javax.security.auth.login.LoginException
Method which logs out a Subject. Since our commit method did not modify the Subject, we don't have anything to logout or clean up and can just return true.

Specified by:
logout in interface javax.security.auth.spi.LoginModule
Throws:
javax.security.auth.login.LoginException - if the logout fails, which cannot happen in the Login Module
Return:
true if the logout succeeded