logincontext.java

来自「java jdk 1.4的源码」· Java 代码 · 共 840 行 · 第 1/3 页

JAVA
840
字号
     *		<code>Configuration</code>.     *     * @exception LoginException if the specified <code>name</code>     *		does not appear in the <code>Configuration</code>     *		and there is no <code>Configuration</code> entry     *		for "<i>other</i>", or if the     *		<i>auth.login.defaultCallbackHandler</i>     *		security property was set, but the implementation     *		class could not be loaded.     */    public LoginContext(String name) throws LoginException {	init(name);	loadDefaultCallbackHandler();    }    /**     * Constructor for the <code>LoginContext</code> class.     *     * <p> Initialize the new <code>LoginContext</code> object with a name     * and a <code>Subject</code> object.     *     * <p> <code>LoginContext</code> uses the name as the index     * into the <code>Configuration</code> to determine which LoginModules     * should be used.  If the provided name does not match any in the     * <code>Configuration</code>, then the <code>LoginContext</code>     * uses the default <code>Configuration</code> entry, "<i>other</i>".     * If there is no <code>Configuration</code> entry for "<i>other</i>",     * then a <code>LoginException</code> is thrown.     *     * <p> This constructor does not allow for a <code>CallbackHandler</code>.     * If the <i>auth.login.defaultCallbackHandler</i> security property     * is set to the fully qualified name of a default     * <code>CallbackHandler</code> implementation class,     * then that <code>CallbackHandler</code> will be loaded and     * passed to the underlying LoginModules.  If the security property     * is not set, then the underlying LoginModules     * will not have a <code>CallbackHandler</code> for use in communicating     * with users.  The caller thus assumes that the configured     * LoginModules have alternative means for authenticating the user.     *     * <p> The <i>auth.login.defaultCallbackHandler</i> security property     * can be set in the Java security properties file located in the     * file named %lt;JAVA_HOME%gt;/lib/security/java.security,     * where %lt;JAVA_HOME%gt; refers to the directory where the SDK     * was installed.     *     * <p> <code>LoginContext</code> passes the <code>Subject</code>     * object to configured LoginModules so they may perform additional     * authentication and update the <code>Subject</code> with new     * Principals and Credentials.     *     * <p>     *     * @param name the name used as the index into the     *		<code>Configuration</code>. <p>     *     * @param subject the <code>Subject</code> to authenticate.     *     * @exception LoginException if the specified <code>name</code>     *		does not appear in the <code>Configuration</code>     *          and there is no <code>Configuration</code> entry     *          for "<i>other</i>", if the specified <code>subject</code>     *		is <code>null</code>, or if the     *		<i>auth.login.defaultCallbackHandler</i>     *		security property was set, but the implementation     *		class could not be loaded.     */    public LoginContext(String name, Subject subject)    throws LoginException {	init(name);	if (subject == null)	    throw new LoginException		(ResourcesMgr.getString("invalid null Subject provided"));	this.subject = subject;	subjectProvided = true;	loadDefaultCallbackHandler();    }    /**     * Constructor for the <code>LoginContext</code> class.     *     * <p> Initialize the new <code>LoginContext</code> object with a name     * and a <code>CallbackHandler</code> object.     *     * <p> <code>LoginContext</code> uses the name as the index     * into the <code>Configuration</code> to determine which LoginModules     * should be used.  If the provided name does not match any in the     * <code>Configuration</code>, then the <code>LoginContext</code>     * uses the default <code>Configuration</code> entry, "<i>other</i>".     * If there is no <code>Configuration</code> entry for "<i>other</i>",     * then a <code>LoginException</code> is thrown.     *     * <p> <code>LoginContext</code> passes the <code>CallbackHandler</code>     * object to configured LoginModules so they may communicate with the user.     * The <code>CallbackHandler</code> object therefore allows LoginModules to     * remain independent of the different ways applications interact with     * users.  This <code>LoginContext</code> must wrap the     * application-provided <code>CallbackHandler</code> in a new     * <code>CallbackHandler</code> implementation, whose <code>handle</code>     * method implementation invokes the application-provided     * CallbackHandler's <code>handle</code> method in a     * <code>java.security.AccessController.doPrivileged</code> call     * constrained by the caller's current <code>AccessControlContext</code>.     *     * <p> Since no <code>Subject</code> can be specified to this constructor,     * it instantiates a <code>Subject</code> itself.     *     * <p>     *     * @param name the name used as the index into the     *		<code>Configuration</code>. <p>     *     * @param callbackHandler the <code>CallbackHandler</code> object used by     *		LoginModules to communicate with the user.     *     * @exception LoginException if the specified <code>name</code>     *          does not appear in the <code>Configuration</code>     *          and there is no <code>Configuration</code> entry     *          for "<i>other</i>", or if the specified     *		<code>callbackHandler</code> is <code>null</code>.     */    public LoginContext(String name, CallbackHandler callbackHandler)    throws LoginException {	init(name);	if (callbackHandler == null)	    throw new LoginException(ResourcesMgr.getString				("invalid null CallbackHandler provided"));	this.callbackHandler = new SecureCallbackHandler				(java.security.AccessController.getContext(),				callbackHandler);    }    /**     * Constructor for the <code>LoginContext</code> class.     *     * <p> Initialize the new <code>LoginContext</code> object with a name,     * a <code>Subject</code> to be authenticated, and a     * <code>CallbackHandler</code> object.     *     * <p> <code>LoginContext</code> uses the name as the index     * into the <code>Configuration</code> to determine which LoginModules     * should be used.  If the provided name does not match any in the     * <code>Configuration</code>, then the <code>LoginContext</code>     * uses the default <code>Configuration</code> entry, "<i>other</i>".     * If there is no <code>Configuration</code> entry for "<i>other</i>",     * then a <code>LoginException</code> is thrown.     *     * <p> <code>LoginContext</code> passes the <code>Subject</code>     * object to configured LoginModules so they may perform additional     * authentication and update the <code>Subject</code> with new     * Principals and Credentials.     *     * <p> <code>LoginContext</code> passes the <code>CallbackHandler</code>     * object to configured LoginModules so they may communicate with the user.     * The <code>CallbackHandler</code> object therefore allows LoginModules to     * remain independent of the different ways applications interact with     * users.  This <code>LoginContext</code> must wrap the     * application-provided <code>CallbackHandler</code> in a new     * <code>CallbackHandler</code> implementation, whose <code>handle</code>     * method implementation invokes the application-provided     * CallbackHandler's <code>handle</code> method in a     * <code>java.security.AccessController.doPrivileged</code> call     * constrained by the caller's current <code>AccessControlContext</code>.     *     *     * <p>     *     * @param name the name used as the index into the     *		<code>Configuration</code>. <p>     *     * @param subject the <code>Subject</code> to authenticate. <p>     *     * @param callbackHandler the <code>CallbackHandler</code> object used by     *		LoginModules to communicate with the user.     *     * @exception LoginException if the specified <code>name</code>     *          does not appear in the <code>Configuration</code>     *          and there is no <code>Configuration</code> entry     *          for "<i>other</i>", or if the specified <code>subject</code>     *          is <code>null</code>, or if the specified     *		<code>callbackHandler</code> is <code>null</code>.     */    public LoginContext(String name, Subject subject,			CallbackHandler callbackHandler) throws LoginException {	this(name, subject);	if (callbackHandler == null)	    throw new LoginException(ResourcesMgr.getString				("invalid null CallbackHandler provided"));	this.callbackHandler = new SecureCallbackHandler				(java.security.AccessController.getContext(),				callbackHandler);    }    /**     * Perform the authentication and, if successful,     * associate Principals and Credentials with the authenticated     * <code>Subject</code>.     *     * <p> This method invokes the <code>login</code> method for each     * LoginModule configured for the <i>name</i> provided to the     * <code>LoginContext</code> constructor, as determined by the login     * <code>Configuration</code>.  Each <code>LoginModule</code>     * then performs its respective type of authentication     * (username/password, smart card pin verification, etc.).     *     * <p> This method completes a 2-phase authentication process by     * calling each configured LoginModule's <code>commit</code> method     * if the overall authentication succeeded (the relevant REQUIRED,     * REQUISITE, SUFFICIENT, and OPTIONAL LoginModules succeeded),     * or by calling each configured LoginModule's <code>abort</code> method     * if the overall authentication failed.  If authentication succeeded,     * each successful LoginModule's <code>commit</code> method associates     * the relevant Principals and Credentials with the <code>Subject</code>.     * If authentication failed, each LoginModule's <code>abort</code> method     * removes/destroys any previously stored state.     *     * <p> If the <code>commit</code> phase of the authentication process     * fails, then the overall authentication fails and this method     * invokes the <code>abort</code> method for each configured     * <code>LoginModule</code>.     *     * <p> If the <code>abort</code> phase     * fails for any reason, then this method propagates the     * original exception thrown either during the <code>login</code> phase     * or the <code>commit</code> phase.  In either case, the overall     * authentication fails.     *     * <p> In the case where multiple LoginModules fail,     * this method propagates the exception raised by the first     * <code>LoginModule</code> which failed.     *     * <p> Note that if this method enters the <code>abort</code> phase     * (either the <code>login</code> or <code>commit</code> phase failed),     * this method invokes all LoginModules configured for the specified     * application regardless of their respective <code>Configuration</code>     * flag parameters.  Essentially this means that <code>Requisite</code>     * and <code>Sufficient</code> semantics are ignored during the     * <code>abort</code> phase.  This guarantees that proper cleanup     * and state restoration can take place.     *      * <p>     *     * @exception LoginException if the authentication fails.     */    public void login() throws LoginException {	loginSucceeded = false;	if (subject == null) {	    subject = new Subject();	}	try {	    invokeModule(LOGIN_METHOD);	    invokeModule(COMMIT_METHOD);	    loginSucceeded = true;	} catch (LoginException le) {	    try {		invokeModule(ABORT_METHOD);	    } catch (LoginException le2) {		throw le;	    }	    throw le;	}    }    /**     * Logout the <code>Subject</code>.     *     * <p> This method invokes the <code>logout</code> method for each     * <code>LoginModule</code> configured for this <code>LoginContext</code>.     * Each <code>LoginModule</code> performs its respective logout procedure     * which may include removing/destroying     * <code>Principal</code> and <code>Credential</code> information     * from the <code>Subject</code> and state cleanup.     *     * <p> Note that this method invokes all LoginModules configured for the     * specified application regardless of their respective     * <code>Configuration</code> flag parameters.  Essentially this means

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?