logincontext.java
来自「java jdk 1.4的源码」· Java 代码 · 共 840 行 · 第 1/3 页
JAVA
840 行
* <code>Configuration</code>. * * @exception LoginException if the specified <code>name</code> * does not appear in the <code>Configuration</code> * and there is no <code>Configuration</code> entry * for "<i>other</i>", or if the * <i>auth.login.defaultCallbackHandler</i> * security property was set, but the implementation * class could not be loaded. */ public LoginContext(String name) throws LoginException { init(name); loadDefaultCallbackHandler(); } /** * Constructor for the <code>LoginContext</code> class. * * <p> Initialize the new <code>LoginContext</code> object with a name * and a <code>Subject</code> object. * * <p> <code>LoginContext</code> uses the name as the index * into the <code>Configuration</code> to determine which LoginModules * should be used. If the provided name does not match any in the * <code>Configuration</code>, then the <code>LoginContext</code> * uses the default <code>Configuration</code> entry, "<i>other</i>". * If there is no <code>Configuration</code> entry for "<i>other</i>", * then a <code>LoginException</code> is thrown. * * <p> This constructor does not allow for a <code>CallbackHandler</code>. * If the <i>auth.login.defaultCallbackHandler</i> security property * is set to the fully qualified name of a default * <code>CallbackHandler</code> implementation class, * then that <code>CallbackHandler</code> will be loaded and * passed to the underlying LoginModules. If the security property * is not set, then the underlying LoginModules * will not have a <code>CallbackHandler</code> for use in communicating * with users. The caller thus assumes that the configured * LoginModules have alternative means for authenticating the user. * * <p> The <i>auth.login.defaultCallbackHandler</i> security property * can be set in the Java security properties file located in the * file named %lt;JAVA_HOME%gt;/lib/security/java.security, * where %lt;JAVA_HOME%gt; refers to the directory where the SDK * was installed. * * <p> <code>LoginContext</code> passes the <code>Subject</code> * object to configured LoginModules so they may perform additional * authentication and update the <code>Subject</code> with new * Principals and Credentials. * * <p> * * @param name the name used as the index into the * <code>Configuration</code>. <p> * * @param subject the <code>Subject</code> to authenticate. * * @exception LoginException if the specified <code>name</code> * does not appear in the <code>Configuration</code> * and there is no <code>Configuration</code> entry * for "<i>other</i>", if the specified <code>subject</code> * is <code>null</code>, or if the * <i>auth.login.defaultCallbackHandler</i> * security property was set, but the implementation * class could not be loaded. */ public LoginContext(String name, Subject subject) throws LoginException { init(name); if (subject == null) throw new LoginException (ResourcesMgr.getString("invalid null Subject provided")); this.subject = subject; subjectProvided = true; loadDefaultCallbackHandler(); } /** * Constructor for the <code>LoginContext</code> class. * * <p> Initialize the new <code>LoginContext</code> object with a name * and a <code>CallbackHandler</code> object. * * <p> <code>LoginContext</code> uses the name as the index * into the <code>Configuration</code> to determine which LoginModules * should be used. If the provided name does not match any in the * <code>Configuration</code>, then the <code>LoginContext</code> * uses the default <code>Configuration</code> entry, "<i>other</i>". * If there is no <code>Configuration</code> entry for "<i>other</i>", * then a <code>LoginException</code> is thrown. * * <p> <code>LoginContext</code> passes the <code>CallbackHandler</code> * object to configured LoginModules so they may communicate with the user. * The <code>CallbackHandler</code> object therefore allows LoginModules to * remain independent of the different ways applications interact with * users. This <code>LoginContext</code> must wrap the * application-provided <code>CallbackHandler</code> in a new * <code>CallbackHandler</code> implementation, whose <code>handle</code> * method implementation invokes the application-provided * CallbackHandler's <code>handle</code> method in a * <code>java.security.AccessController.doPrivileged</code> call * constrained by the caller's current <code>AccessControlContext</code>. * * <p> Since no <code>Subject</code> can be specified to this constructor, * it instantiates a <code>Subject</code> itself. * * <p> * * @param name the name used as the index into the * <code>Configuration</code>. <p> * * @param callbackHandler the <code>CallbackHandler</code> object used by * LoginModules to communicate with the user. * * @exception LoginException if the specified <code>name</code> * does not appear in the <code>Configuration</code> * and there is no <code>Configuration</code> entry * for "<i>other</i>", or if the specified * <code>callbackHandler</code> is <code>null</code>. */ public LoginContext(String name, CallbackHandler callbackHandler) throws LoginException { init(name); if (callbackHandler == null) throw new LoginException(ResourcesMgr.getString ("invalid null CallbackHandler provided")); this.callbackHandler = new SecureCallbackHandler (java.security.AccessController.getContext(), callbackHandler); } /** * Constructor for the <code>LoginContext</code> class. * * <p> Initialize the new <code>LoginContext</code> object with a name, * a <code>Subject</code> to be authenticated, and a * <code>CallbackHandler</code> object. * * <p> <code>LoginContext</code> uses the name as the index * into the <code>Configuration</code> to determine which LoginModules * should be used. If the provided name does not match any in the * <code>Configuration</code>, then the <code>LoginContext</code> * uses the default <code>Configuration</code> entry, "<i>other</i>". * If there is no <code>Configuration</code> entry for "<i>other</i>", * then a <code>LoginException</code> is thrown. * * <p> <code>LoginContext</code> passes the <code>Subject</code> * object to configured LoginModules so they may perform additional * authentication and update the <code>Subject</code> with new * Principals and Credentials. * * <p> <code>LoginContext</code> passes the <code>CallbackHandler</code> * object to configured LoginModules so they may communicate with the user. * The <code>CallbackHandler</code> object therefore allows LoginModules to * remain independent of the different ways applications interact with * users. This <code>LoginContext</code> must wrap the * application-provided <code>CallbackHandler</code> in a new * <code>CallbackHandler</code> implementation, whose <code>handle</code> * method implementation invokes the application-provided * CallbackHandler's <code>handle</code> method in a * <code>java.security.AccessController.doPrivileged</code> call * constrained by the caller's current <code>AccessControlContext</code>. * * * <p> * * @param name the name used as the index into the * <code>Configuration</code>. <p> * * @param subject the <code>Subject</code> to authenticate. <p> * * @param callbackHandler the <code>CallbackHandler</code> object used by * LoginModules to communicate with the user. * * @exception LoginException if the specified <code>name</code> * does not appear in the <code>Configuration</code> * and there is no <code>Configuration</code> entry * for "<i>other</i>", or if the specified <code>subject</code> * is <code>null</code>, or if the specified * <code>callbackHandler</code> is <code>null</code>. */ public LoginContext(String name, Subject subject, CallbackHandler callbackHandler) throws LoginException { this(name, subject); if (callbackHandler == null) throw new LoginException(ResourcesMgr.getString ("invalid null CallbackHandler provided")); this.callbackHandler = new SecureCallbackHandler (java.security.AccessController.getContext(), callbackHandler); } /** * Perform the authentication and, if successful, * associate Principals and Credentials with the authenticated * <code>Subject</code>. * * <p> This method invokes the <code>login</code> method for each * LoginModule configured for the <i>name</i> provided to the * <code>LoginContext</code> constructor, as determined by the login * <code>Configuration</code>. Each <code>LoginModule</code> * then performs its respective type of authentication * (username/password, smart card pin verification, etc.). * * <p> This method completes a 2-phase authentication process by * calling each configured LoginModule's <code>commit</code> method * if the overall authentication succeeded (the relevant REQUIRED, * REQUISITE, SUFFICIENT, and OPTIONAL LoginModules succeeded), * or by calling each configured LoginModule's <code>abort</code> method * if the overall authentication failed. If authentication succeeded, * each successful LoginModule's <code>commit</code> method associates * the relevant Principals and Credentials with the <code>Subject</code>. * If authentication failed, each LoginModule's <code>abort</code> method * removes/destroys any previously stored state. * * <p> If the <code>commit</code> phase of the authentication process * fails, then the overall authentication fails and this method * invokes the <code>abort</code> method for each configured * <code>LoginModule</code>. * * <p> If the <code>abort</code> phase * fails for any reason, then this method propagates the * original exception thrown either during the <code>login</code> phase * or the <code>commit</code> phase. In either case, the overall * authentication fails. * * <p> In the case where multiple LoginModules fail, * this method propagates the exception raised by the first * <code>LoginModule</code> which failed. * * <p> Note that if this method enters the <code>abort</code> phase * (either the <code>login</code> or <code>commit</code> phase failed), * this method invokes all LoginModules configured for the specified * application regardless of their respective <code>Configuration</code> * flag parameters. Essentially this means that <code>Requisite</code> * and <code>Sufficient</code> semantics are ignored during the * <code>abort</code> phase. This guarantees that proper cleanup * and state restoration can take place. * * <p> * * @exception LoginException if the authentication fails. */ public void login() throws LoginException { loginSucceeded = false; if (subject == null) { subject = new Subject(); } try { invokeModule(LOGIN_METHOD); invokeModule(COMMIT_METHOD); loginSucceeded = true; } catch (LoginException le) { try { invokeModule(ABORT_METHOD); } catch (LoginException le2) { throw le; } throw le; } } /** * Logout the <code>Subject</code>. * * <p> This method invokes the <code>logout</code> method for each * <code>LoginModule</code> configured for this <code>LoginContext</code>. * Each <code>LoginModule</code> performs its respective logout procedure * which may include removing/destroying * <code>Principal</code> and <code>Credential</code> information * from the <code>Subject</code> and state cleanup. * * <p> Note that this method invokes all LoginModules configured for the * specified application regardless of their respective * <code>Configuration</code> flag parameters. Essentially this means
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?