public class LoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule
NtlmSecurityProvider is the default).
JAAS LoginModules are described in detail in the JAAS LoginModule Developer's Guide.
The following table describes the options supported by this login module. Options prefixed with "jespa." will be stripped of the prefix and passed through to the SecurityProvider constructor.
| Option | Description |
|---|---|
| useFirstPass | The account name and password will be queried from shared state using the "javax.security.auth.login.name" and "javax.security.auth.login.password" keys. If the authentication fails, a LoginException is thrown. |
| tryFirstPass | The account name and password will be queried from shared state using the "javax.security.auth.login.name" and "javax.security.auth.login.password" keys. If the authentication fails, the CallbackHandler is tried. If the CallbackHandler fails or is not supplied, a LoginException is thrown. |
| storePass | Stores the account name and password acquired during authentication into the shared state with the keys "javax.security.auth.login.name" and "javax.security.auth.login.password" for use by subsequent LoginModules. |
| doNotPrompt | Do not use the CallbackHandler to prompt the caller for a password. |
| principal | Specifies the account name being authenticated. |
| provider.classname | Specifies an alternative Jespa SecurityProvider that should be used to authenticate the supplied credentials. If this proeprty is not set, the default value is "jespa.ntlm.NtlmSecurityProvider".
|
If authentication fails due to a SecurityProviderException with a status code of either STATUS_ACCOUNT_NOT_FOUND or STATUS_INVALID_CREDENTIALS, a FailedLoginException will be thrown - otherwise a LoginException is thrown.
The NtlmSecurityProvider (which is the default security provider used by this LoginModule) requires the following options to authenticate users against the NETLOGON service:
| Option | Description | Example |
|---|---|---|
| jespa.bindstr | The fully qualified DNS domain name the Active Directory domain against which clients will be authenticated. The fully qualified DNS hostname of a specific AD server may also be specified. | example.com |
| jepsa.service.acctname | The qualified Computer account name. | JESPA1$@EXAMPLE.COM |
| jepsa.service.password | The password for the above account | a89609c53443ce1c72e59275a8a1e1ce |
| Constructor and Description |
|---|
LoginModule() |
| Modifier and Type | Method and Description |
|---|---|
boolean |
abort() |
boolean |
commit() |
protected boolean |
getOptionAsBoolean(java.lang.String name,
boolean def) |
void |
initialize(javax.security.auth.Subject subject,
javax.security.auth.callback.CallbackHandler callbackHandler,
java.util.Map sharedState,
java.util.Map options) |
boolean |
login() |
boolean |
logout() |
public void initialize(javax.security.auth.Subject subject,
javax.security.auth.callback.CallbackHandler callbackHandler,
java.util.Map sharedState,
java.util.Map options)
initialize in interface javax.security.auth.spi.LoginModuleprotected boolean getOptionAsBoolean(java.lang.String name,
boolean def)
public boolean login()
throws javax.security.auth.login.LoginException
login in interface javax.security.auth.spi.LoginModulejavax.security.auth.login.LoginExceptionpublic boolean commit()
throws javax.security.auth.login.LoginException
commit in interface javax.security.auth.spi.LoginModulejavax.security.auth.login.LoginExceptionpublic boolean abort()
throws javax.security.auth.login.LoginException
abort in interface javax.security.auth.spi.LoginModulejavax.security.auth.login.LoginExceptionpublic boolean logout()
throws javax.security.auth.login.LoginException
logout in interface javax.security.auth.spi.LoginModulejavax.security.auth.login.LoginException