Package com.sun.identity.authentication.internal

Class AuthContext

  • public final class AuthContext
extends Object
    The AuthContext provides the implementation for authenticating users using the JAAS technology. It complements LoginContext provided by JAAS by supporting organization environments that cannot handle sessions, for example, HTTP/HTML.

    A typical caller instantiates this class and starts the login process. The caller then obtains an array of Callback objects, which contains the information required by the authentication plug-in module. The caller requests information from the user. On receiving the information from the user, the caller submits the same to this class. If more information is required, the above process continues until all the information required by the plug-ins has been supplied. The caller then checks if the user has successfully been authenticated. If successfully authenticated, the caller can then get the Subject for the user; if not successfully authenticated, the caller obtains the LoginException.

    • Field Detail

      • AUTH_NOT_STARTED

        public static final int AUTH_NOT_STARTED
        This login status indicates that the login process has not started yet. Basically, it means that the method startLogin has not been called.
        See Also:
        Constant Field Values

      • AUTH_IN_PROGRESS

        public static final int AUTH_IN_PROGRESS
        This login status indicates that the login process is in progress. Basically, it means that the startLogin method has been called and that this object is waiting for the user to send authentication information.
        See Also:
        Constant Field Values

      • AUTH_SUCCESS

        public static final int AUTH_SUCCESS
        This login status indicates that the login process has succeeded.
        See Also:
        Constant Field Values

      • AUTH_FAILED

        public static final int AUTH_FAILED
        This login status indicates that the login process has failed.
        See Also:
        Constant Field Values

      • AUTH_COMPLETED

        public static final int AUTH_COMPLETED
        This login status indicates that the user has been successfully logged out.
        See Also:
        Constant Field Values

      • authDebug

        protected static Debug authDebug

      • organizationName

        protected String organizationName

      • applicationName

        protected String applicationName

      • loginStatus

        protected int loginStatus

      • informationRequired

        protected Callback[] informationRequired

      • submittedInformation

        protected Callback[] submittedInformation

      • myAuthI18n

        protected static I18n myAuthI18n

    • Constructor Detail

      • AuthContext

        public AuthContext()
            throws LoginException
        Constructor to get an instance of AuthContext. Caller would then use getRequirements() and submitRequirements() to pass the credentials needed for authentication by the plugin modules.
        Throws:
        LoginException

      • AuthContext

        public AuthContext​(Principal principal,
                   char[] password)
            throws LoginException
        Constructor to get an authenticated instance of this class given the java.security.Principal the user would like to be authenticated as, and the password for the user.
        Parameters:
        principal - name of the user to be authenticated
        password - password for the user
        Throws:
        LoginException

      • AuthContext

        public AuthContext​(String orgName,
                   Principal principal,
                   char[] password)
            throws LoginException
        Constructor to get an instance of this class given the organization name orgName the user would like to access, the java.security.Principal the user would like to be authenticated as, and the password for the user.
        Parameters:
        orgName - name of the user's organization
        principal - name of the user to be authenticated
        password - password for the user
        Throws:
        LoginException

      • AuthContext

        protected AuthContext​(String orgName,
                      AuthSubject subject)
               throws LoginException
        Constructor to get an instance of this class given the organization name orgName the user would like to access, and the principal's subject the user would like to be authenticated as.
        Throws:
        LoginException

      • AuthContext

        public AuthContext​(String orgName)
            throws LoginException
        Constructor to get an instance of this class given the organization name orgName. The plug-in modules would then query for the user name and related information.
        Parameters:
        orgName - organization name.
        Throws:
        LoginException

    • Method Detail

      • reset

        protected void reset()
              throws LoginException
        Method to reset this instance of AuthContext object, so that a new login process can be initiated. Authenticates the user to the same organization or resource this object was instantiated with. If this object was instantiated with a Subject, it will be ignored.
        Throws:
        LoginException

      • reset

        protected void reset​(AuthSubject subject)
              throws LoginException
        Method to reset this instance of AuthContext object, so that a new login process can be initiated for the given Subject. Authenticates the user to the same organization or resource this object was instantiated with.
        Throws:
        LoginException

      • getSubject

        protected AuthSubject getSubject()
        Returns the set of Principals the user has been authenticated as. This can be invoked only after successful authentication. If the authentication fails, this will return null.

      • startLogin

        public void startLogin()
                throws LoginException
        Method to start the login process. This method will read the plug-ins configured for the application and initialize them.
        Throws:
        LoginException

      • hasMoreRequirements

        public boolean hasMoreRequirements()
        Returns true if the login process requires more information from the user to complete the authentication.
        Returns:
        true if the login process requires more information from the user to complete the authentication.

      • getRequirements

        public Callback[] getRequirements()
        Returns an array of Callback objects that must be populated by the user and returned back. These objects are requested by the authentication plug-ins, and these are usually displayed to the user. The user then provides the requested information for it to be authenticated.
        Returns:
        an array of Callback objects that must be populated by the user and returned back.

      • submitRequiredInformation

        public void submitRequiredInformation​(Callback[] info)
        Submits the populated Callback objects to the authentication plug-in modules. Called after getInformationRequired method and obtaining user's response to these requests.
        Parameters:
        info - array of Callback objects.

      • getLoginException

        public LoginException getLoginException()
        Returns login exception, if any, during the authentication process. Typically set when the login fails.
        Returns:
        login exception.

      • getLoginStatus

        public int getLoginStatus()
        Returns the current state of the login process. Possible states are listed above.
        Returns:
        the current state of the login process.

      • setLoginStatus

        protected void setLoginStatus​(int status)
        Method to set the login status. Used internally and not visible outside this package.

      • getPrincipal

        public Principal getPrincipal()
        Returns the (first) AuthPrincipal in the Subject. Returns the first Principal, if more than one exists.
        Returns:
        the (first) AuthPrincipal in the Subject.

      • getAuthPrincipal

        public AuthPrincipal getAuthPrincipal()
        Deprecated.
        Use getPrincipal() instead
        Method to get the (first) AuthPrincipal in the Subject. Returns the first Principal, if more than one exists.

      • getPrincipals

        protected Set getPrincipals()
        Method to get the set of AuthPrincipals in the Subject.

      • getOrganizationName

        public String getOrganizationName()
        Method to get organization name that was set during construction of this instance.
        Returns:
        organization name; null if it was not initialized during construction of this instance

      • getApplicationName

        protected String getApplicationName()