Package net.shibboleth.idp.authn.spnego.impl

Class GSSAcceptorLoginModule

java.lang.Object

net.shibboleth.idp.authn.spnego.impl.GSSAcceptorLoginModule

public class GSSAcceptorLoginModule
extends Object

Kerberos login utility for the context acceptor, encapsulates a number of special options used to create a security context for the GSS acceptor, usually based on a keytab file.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private class	GSSAcceptorLoginModule.UsernamePasswordCallbackHandler	A JAAS username and password CallbackHandler.

Field Summary

Fields

Modifier and Type	Field	Description
private LoginModule	krbModule	The JAAS login module to use.
private org.slf4j.Logger	log	Class logger.
private Map<String,String>	options	Options for the JAAS login module.
private KerberosRealmSettings	realm	The realm settings.
private Map<String,String>	state	Hashtable to hold state of the JAAS login module.

Constructor Summary

Constructors

Constructor	Description
GSSAcceptorLoginModule(KerberosRealmSettings realmSettings, boolean refreshKrb5Config, String loginModuleClassName)	Constructor.

Method Summary

Modifier and Type	Method	Description
Subject	login()	Execute the login and return a Subject for the acceptor identity.
void	logout()	Perform a JAAS logout.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

krbModule

@Nullable
private LoginModule krbModule

The JAAS login module to use.

state

@Nonnull
private Map<String,String> state

Hashtable to hold state of the JAAS login module.

options

@Nonnull
private Map<String,String> options

Options for the JAAS login module.

realm

@Nonnull
private KerberosRealmSettings realm

The realm settings.

Constructor Detail

GSSAcceptorLoginModule

public GSSAcceptorLoginModule(@Nonnull
                              KerberosRealmSettings realmSettings,
                              boolean refreshKrb5Config,
                              @Nonnull @NotEmpty
                              String loginModuleClassName)

Constructor.

Parameters:

realmSettings - the settings of the realm

refreshKrb5Config - whether to set the JAAS login module's option "refreshKrb5Config"

loginModuleClassName - the JAAS login module to use

Method Detail

login

public Subject login()
              throws LoginException

Execute the login and return a Subject for the acceptor identity.

Returns:

the GSS acceptor Subject

Throws:

LoginException - if an error occurs

logout

public void logout()
            throws LoginException

Perform a JAAS logout.

Throws:

LoginException - if an error occurs