RadiusLoginModule (openMDX/Security API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.openmdx.uses.net.sourceforge.jradiusclient.jaas
Class RadiusLoginModule

java.lang.Object
  org.openmdx.uses.net.sourceforge.jradiusclient.jaas.RadiusLoginModule

All Implemented Interfaces:: LoginModule

public class RadiusLoginModule
extends Object
implements LoginModule
extends Object
implements LoginModule

This is an implementation of javax.security.auth.spi.LoginModule specific to using a RADIUS Server for authentication.

Version:: $Revision: 1.4 $
Author:: Robert J. Loihl

Field Summary
`protected CallbackHandler`	`callbackHandler`
`static int`	`MAX_CHALLENGE_ATTEMPTS`
`protected Map`	`moduleOptions`
`protected Subject`	`radiusSubject`
`protected Map`	`sharedState`

Constructor Summary
`RadiusLoginModule()`

Method Summary
`boolean`	`abort()` Method to abort the authentication process (phase 2).
`boolean`	`commit()` Method to commit the authentication process (phase 2).
`void`	`initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)` Initialize this `LoginModule`.
`boolean`	`login()` Authenticates this Subject against a RADIUS Server (phase 1).
`boolean`	`logout()` This method logs out a Subject (Poss.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

MAX_CHALLENGE_ATTEMPTS

public static final int MAX_CHALLENGE_ATTEMPTS

See Also:: Constant Field Values

radiusSubject

protected Subject radiusSubject

callbackHandler

protected CallbackHandler callbackHandler

sharedState

protected Map sharedState

moduleOptions

protected Map moduleOptions

Constructor Detail

RadiusLoginModule

public RadiusLoginModule()

Method Detail

abort

public boolean abort()
              throws LoginException

Method to abort the authentication process (phase 2). This method gets called if the LoginContext's overall authentication process failed (i.e. one of the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed). It also cleans up any internal state saved by the login method.

Specified by:: abort in interface LoginModule

Returns:: boolean true if this method succeeds false if this LoginModule should be ignored
Throws:: LoginException - If the abort fails

commit

public boolean commit()
               throws LoginException

Method to commit the authentication process (phase 2). This method gets called if the LoginContext's overall authentication process succeeded (i.e. all of the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded). If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login method), then this method associates relevant Principals and Credentials with the Subject located in the LoginModule. If this LoginModule's own authentication attempt failed, then this method cleans up any internal state saved by the login method. ( poss. improvement: perform a RADIUS accounting request to notify RADIUS server of login time.)

Specified by:: commit in interface LoginModule

Returns:: boolean true if this method succeeds false if this LoginModule should be ignored
Throws:: LoginException - If the commit action fails

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map sharedState,
                       Map options)

Initialize this LoginModule. This method is called by the LoginContext after this LoginModule has been instantiated. The purpose of this method is to initialize this LoginModule with the relevant information. If this LoginModule does not understand any of the data stored in sharedState or options parameters, they can be ignored. There MUST be the following parameters specified in the options:

hostname - the fully qualified name or IP address of the RADIUS Server
shared secret - the secret shared between us and the RADIUS Server

The following parameters MAY be specified, but they must be supplied together:

Authenication Port - The port the RADIUS Server is listening on for authentication
Accounting Port - The port the RADIUS Server is listening on for accounting requests

Specified by:: initialize in interface LoginModule

Parameters:: subject - javax.security.auth.Subject; callbackHandler - javax.security.auth.callback.CallbackHandler; sharedState - java.util.Map; options - java.util.Map

login

public boolean login()
              throws LoginException

Authenticates this Subject against a RADIUS Server (phase 1). It uses the callbacks to request a UserName and a Password, and possibly requests a response to a challenge recieved from the RADIUS server.

Specified by:: login in interface LoginModule

Returns:: boolean True if this LoginModule succeeds, False if this LoginModule should be ignored
Throws:: FailedLoginException - if the login fails; LoginException - If this LoginModule can't perform the requested authentication

logout

public boolean logout()
               throws LoginException

This method logs out a Subject (Poss. Improvement: perform a RADIUS accounting request to notify RADIUS server of logout time.)

Specified by:: logout in interface LoginModule

Returns:: boolean return true if the logout was successful, False if this LoginModule should be ignored
Throws:: LoginException - if the logout fails.