LoginModule
public class KeyStoreLoginModule extends Object implements LoginModule
X500Principal
for the subject distinguished name of the first certificate in the alias's credentials in the subject's principals, the alias's certificate path in the subject's public credentials, and a X500PrivateCredential
whose certificate is the first certificate in the alias's certificate path and whose private key is the alias's private key in the subject's private credentials. Recognizes the following options in the configuration file:
keyStoreURL
user.home
system property. The input stream from this URL is passed to the KeyStore.load
method. "NONE" may be specified if a null
stream must be passed to the KeyStore.load
method. "NONE" should be specified if the KeyStore resides on a hardware token device, for example.keyStoreType
KeyStore.getDefaultType()
. If the type is "PKCS11", then keyStoreURL must be "NONE" and privateKeyPasswordURL must not be specified.keyStoreProvider
keyStoreAlias
keyStorePasswordURL
protected
is false. No default value. privateKeyPasswordURL
protected
Constructor | Description |
---|---|
KeyStoreLoginModule() |
Creates a KeyStoreLoginModule . |
Modifier and Type | Method | Description |
---|---|---|
boolean |
abort() |
This method is called if the LoginContext's overall authentication failed. |
boolean |
commit() |
Abstract method to commit the authentication process (phase 2). |
void |
initialize |
Initialize this LoginModule . |
boolean |
login() |
Authenticate the user. |
boolean |
logout() |
Logout a user. |
public KeyStoreLoginModule()
KeyStoreLoginModule
.public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
LoginModule
.initialize
in interface LoginModule
subject
- the Subject
to be authenticated.callbackHandler
- a CallbackHandler
for communicating with the end user (prompting for usernames and passwords, for example), which may be null
.sharedState
- shared LoginModule
state.options
- options specified in the login Configuration
for this particular LoginModule
.public boolean login() throws LoginException
Get the Keystore alias and relevant passwords. Retrieve the alias's principal and credentials from the Keystore.
login
in interface LoginModule
LoginModule
should not be ignored).FailedLoginException
- if the authentication fails.LoginException
- if the authentication failspublic boolean commit() throws LoginException
This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).
If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login
method), then this method associates a X500Principal
for the subject distinguished name of the first certificate in the alias's credentials in the subject's principals, the alias's certificate path in the subject's public credentials, and a X500PrivateCredential
whose certificate is the first certificate in the alias's certificate path and whose private key is the alias's private key in the subject's private credentials. If this LoginModule's own authentication attempted failed, then this method removes any state that was originally saved.
commit
in interface LoginModule
LoginException
- if the commit failspublic boolean abort() throws LoginException
If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login
and commit
methods), then this method cleans up any state that was originally saved.
If the loaded KeyStore's provider extends java.security.AuthProvider
, then the provider's logout
method is invoked.
abort
in interface LoginModule
LoginException
- if the abort fails.public boolean logout() throws LoginException
This method removes the Principals, public credentials and the private credentials that were added by the commit
method.
If the loaded KeyStore's provider extends java.security.AuthProvider
, then the provider's logout
method is invoked.
logout
in interface LoginModule
LoginModule
should not be ignored.LoginException
- if the logout fails.
© 1993, 2023, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/21/docs/api/jdk.security.auth/com/sun/security/auth/module/KeyStoreLoginModule.html