SecurityContextLoginModule

java.lang.Object
- org.springframework.security.providers.jaas.SecurityContextLoginModule

All Implemented Interfaces:

javax.security.auth.spi.LoginModule
```
public class SecurityContextLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule
```
An implementation of LoginModule that uses a Spring Security SecurityContext to provide authentication.
This LoginModule provides opposite functionality to the JaasAuthenticationProvider API, and should not really be used in conjunction with it.

The JaasAuthenticationProvider allows Spring Security to authenticate against Jaas.

The SecurityContextLoginModule allows a Jaas based application to authenticate against Spring Security. If there is no Authentication in the SecurityContextHolder the login() method will throw a LoginException by default. This functionality can be changed with the ignoreMissingAuthentication option by setting it to "true". Setting ignoreMissingAuthentication=true will tell the SecurityContextLoginModule to simply return false and be ignored if the authentication is null.

Author:

Brian Moseley, Ray Krueger

Constructor Summary

Constructors
Constructor and Description

SecurityContextLoginModule()

Constructors
Constructor and Description
`SecurityContextLoginModule()`

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`abort()` Abort the authentication process by forgetting the Spring Security `Authentication`.
`boolean`	`commit()` Authenticate the `Subject` (phase two) by adding the Spring Security `Authentication` to the `Subject`'s principals.
`void`	`initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)` Initialize this `LoginModule`.
`boolean`	`login()` Authenticate the `Subject` (phase one) by extracting the Spring Security `Authentication` from the current `SecurityContext`.
`boolean`	`logout()` Log out the `Subject`.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SecurityContextLoginModule
```
public SecurityContextLoginModule()
```
- Method Detail
  - abort
```
public boolean abort()
              throws javax.security.auth.login.LoginException
```
    Abort the authentication process by forgetting the Spring Security Authentication.
    
    Specified by:
    
    abort in interface javax.security.auth.spi.LoginModule
    
    Returns:
    true if this method succeeded, or false if this LoginModule should be ignored.
    
    Throws:
    
    javax.security.auth.login.LoginException - if the abort fails
  - commit
```
public boolean commit()
               throws javax.security.auth.login.LoginException
```
    Authenticate the Subject (phase two) by adding the Spring Security Authentication to the Subject's principals.
    
    Specified by:
    
    commit in interface javax.security.auth.spi.LoginModule
    
    Returns:
    true if this method succeeded, or false if this LoginModule should be ignored.
    
    Throws:
    
    javax.security.auth.login.LoginException - if the commit fails
  - initialize
```
public void initialize(javax.security.auth.Subject subject,
              javax.security.auth.callback.CallbackHandler callbackHandler,
              java.util.Map sharedState,
              java.util.Map options)
```
    Initialize this LoginModule. Ignores the callback handler, since the code establishing the LoginContext likely won't provide one that understands Spring Security. Also ignores the sharedState and options parameters, since none are recognized.
    
    Specified by:
    
    initialize in interface javax.security.auth.spi.LoginModule
    
    Parameters:
    subject - the Subject to be authenticated.
    callbackHandler - is ignored
    sharedState - is ignored
    options - are ignored
  - login
```
public boolean login()
              throws javax.security.auth.login.LoginException
```
    Authenticate the Subject (phase one) by extracting the Spring Security Authentication from the current SecurityContext.
    
    Specified by:
    
    login in interface javax.security.auth.spi.LoginModule
    
    Returns:
    true if the authentication succeeded, or false if this LoginModule should be ignored.
    
    Throws:
    
    javax.security.auth.login.LoginException - if the authentication fails
  - logout
```
public boolean logout()
               throws javax.security.auth.login.LoginException
```
    Log out the Subject.
    
    Specified by:
    
    logout in interface javax.security.auth.spi.LoginModule
    
    Returns:
    true if this method succeeded, or false if this LoginModule should be ignored.
    
    Throws:
    
    javax.security.auth.login.LoginException - if the logout fails

Class SecurityContextLoginModule

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SecurityContextLoginModule

Method Detail

abort

commit

initialize

login

logout