Hi,
On Wed, Feb 12, 2014 at 10:15 AM, Tobias Bocanegra <[email protected]> wrote:
> But this LoginBackend is in the end something similar like a
> specialized ServiceRegistry. So why not use the whiteboard instead?
You're seeing service registries everywhere. :-)
No, the idea of the LoginBackend is to be contain all the
authentication logic that uses whatever dependencies that are needed.
See the end of this message for a quick draft of how this could work.
Or we could even use a delegate LoginModule like in the
ProxyLoginModule case Chetan described.
BR,
Jukka Zitting
// MyLoginModule.java
public class MyLoginModule implements LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private LoginBackend backend;
private boolean success;
private final Set<Principal> principals = newHashSet();
private final Set<Object> credentials = newHashSet();
// can be overridden to work with LoginModuleFactory, or other
binding mechanisms
protected LoginBackend getLoginBackend(Map<String, ?> options) {
return (LoginBackend) options.get(LoginBackend.class.getName());
}
@Override
public void initialize(
Subject subject, CallbackHandler callbackHandler,
Map<String, ?> sharedState, Map<String, ?> options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
this.backend = getLoginBackend(options);
this.success = false;
}
@Override
public boolean login() throws LoginException {
if (backend == null) {
return false;
}
// Perform login using credential information from callbackHandler.
// Return authenticated principals and the used credentials in the
// given sets. Throw LoginException if authentication fails.
backend.login(callbackHandler, principals, credentials);
success = true;
return true;
}
@Override
public boolean commit() throws LoginException {
if (backend == null) {
return false;
}
if (success) {
// add login details to the subject
subject.getPrincipals().addAll(principals);
subject.getPublicCredentials().addAll(credentials);
} else {
// clear state
principals.clear();
credentials.clear();
}
return true;
}
@Override
public boolean abort() throws LoginException {
if (backend == null) {
return false;
}
// clear state
principals.clear();
credentials.clear();
success = false;
return false;
}
@Override
public boolean logout() throws LoginException {
if (backend == null) {
return false;
}
if (success) {
// remove login details from the subject
subject.getPrincipals().removeAll(principals);
subject.getPublicCredentials().removeAll(credentials);
}
// clear state
principals.clear();
credentials.clear();
success = false;
return true;
}
}
