Package org.apache.wiki.auth.login

Class WebContainerLoginModule

java.lang.Object
org.apache.wiki.auth.login.AbstractLoginModule
org.apache.wiki.auth.login.WebContainerLoginModule
All Implemented Interfaces:
javax.security.auth.spi.LoginModule
public class WebContainerLoginModule
extends AbstractLoginModule

Logs in a user by extracting authentication data from an Http servlet session. First, the module tries to extract a Principal object out of the request directly using the servlet requests's getUserPrincipal() method. If one is found, authentication succeeds. If there is no Principal in the request, try calling getRemoteUser(). If the remoteUser exists but the UserDatabase can't find a matching profile, a generic WikiPrincipal is created with this value. If neither userPrincipal nor remoteUser exist in the request, the login fails.

This module must be used with a CallbackHandler that supports the following Callback types:

  1. HttpRequestCallback - supplies the Http request object, from which the getRemoteUser and getUserPrincipal are extracted
  2. UserDatabaseCallback - supplies the user database for looking up the value of getRemoteUser

After authentication, the Subject will contain the Principal that represents the logged-in user.

Since:
2.3

  • Field Details

    • log

      protected static final org.apache.log4j.Logger log

  • Constructor Details

  • Method Details

    • login

      public boolean login() throws javax.security.auth.login.LoginException
      Logs in the user.
      Specified by:
      login in interface javax.security.auth.spi.LoginModule
      Specified by:
      login in class AbstractLoginModule
      Returns:
      true if the commit succeeded, or false if this LoginModule should be ignored.
      Throws:
      javax.security.auth.login.LoginException - if the authentication fails
      See Also:
      LoginModule.login()