Class WebContainerLoginModule

  • All Implemented Interfaces:
    javax.security.auth.spi.LoginModule

    public class WebContainerLoginModule
    extends AbstractLoginModule

    Logs in a user by extracting authentication data from an Http servlet session. First, the module tries to extract a Principal object out of the request directly using the servlet requests's getUserPrincipal() method. If one is found, authentication succeeds. If there is no Principal in the request, try calling getRemoteUser(). If the remoteUser exists but the UserDatabase can't find a matching profile, a generic WikiPrincipal is created with this value. If neither userPrincipal nor remoteUser exist in the request, the login fails.

    This module must be used with a CallbackHandler that supports the following Callback types:

    1. HttpRequestCallback - supplies the Http request object, from which the getRemoteUser and getUserPrincipal are extracted
    2. UserDatabaseCallback - supplies the user database for looking up the value of getRemoteUser

    After authentication, the Subject will contain the Principal that represents the logged-in user.

    Since:
    2.3
    • Field Detail

      • LOG

        protected static final org.apache.logging.log4j.Logger LOG
    • Method Detail

      • login

        public boolean login()
                      throws javax.security.auth.login.LoginException
        Logs in the user.
        Specified by:
        login in interface javax.security.auth.spi.LoginModule
        Specified by:
        login in class AbstractLoginModule
        Returns:
        true if the commit succeeded, or false if this LoginModule should be ignored.
        Throws:
        javax.security.auth.login.LoginException - if the authentication fails
        See Also:
        LoginModule.login()