Login Modules
Tip
|
to see sample configurations, read gallery samples page. |
Maven Usage
To add jaas-login-modules
to your project, use the following dependency:
<dependency>
<groupId>{groupId}</groupId>
<artifactId>{artifactId}</artifactId>
<version>${yupiik-loginmodules.version}</version>
</dependency>
Tip
|
you can select the version you want for yupiik-loginmodules.version at https://repo.maven.apache.org/maven2/io/yupiik/jaas/jaas-login-modules/ or check it at the top of this page.
|
BaseLoginModule
This is an abstract
class enabling to simplify the coding of a login module.
Usage:
public class MyLoginModule extends BaseLoginModule {
@Override
protected List<Principal> computePrincipals() {
return /* compute principals */;
}
}
Principals have access to the options
/configuration of the login module through parameters.options
.
MatchingPrincipalLoginModule
This is another abstract
class which reads options to find matchers and will call computePrincipals()
method only if it matches, else the login module is ignored.
Important
|
it is a matcher which is intended to be placed after another LoginModule since it will test existing Principal - computed by previous LoginModules to create its own ones.
|
Important
|
the matching happens in commit hook and not login to ensure we can access subject principals.
|
Here are the matcher configuration - to set through LoginModule
configuration:
Name | Description | Default |
---|---|---|
|
Boolean requiring that all matchers match, if |
|
|
Boolean requiring that a single principal was matched thanks matchers ( |
|
|
An exact string which will be tested against principal names (faster than regex). |
|
|
Java |
|
|
A prefix a principal should have (faster than regex). |
|
|
A prefix a principal should have (faster than regex). |
|
|
Optimized flavor of the pattern matching for principals which should be numbers. |
|
|
Matches if the subject principal count is equal to the provided value |
|
|
For |
|
|
For |
|
InterpolatingSinglePrincipalLoginModule
InterpolatingSinglePrincipalLoginModule
is a MatchingPrincipalLoginModule
which expects a single matching principal.
In such a case, it will use its rule to compute another principal from the matching one.
Common example is to deduce a group principal from the user name.
Note
|
it is a matching login module where singleMatchingPrincipal is forced to be true .
|
For example if only the-user
is matching, then you can create with this login module the principal group-the-user
.
Its configuration is:
Name | Description |
---|---|
|
The principal value in case of matching, it can use |
|
Class name of the principal if custom ( |
Sample usage:
MyLoginModule {
com.foo.MyAuthLoginModule required;
io.yupiik.jaas.loginmodules.InterpolatingSinglePrincipalLoginModule optional
matcher.regex="user_\p{Digit}"
interpolation.pattern="group_{name}"
interpolation.principal.type="org.apache.activemq.jaas.GroupPrincipal"
;
}
ConditionalDelegatingLoginModule
This login module intent is to use a login module configured with delegate.class
option
and only instantiated in commit
phase when a matching (inherited from MatchingPrincipalLoginModule
) is done.
TypedPrincipalLoginModule
The sole purpose of this login module is to use another principal type for all principals computed by the underlying login module:
Its configuration is:
Name | Description |
---|---|
|
The login module type to delegate to (class name). |
|
Any configuration element of the |
|
Class name of the principal. |
|
By default the wrapped principals are replaced but setting it to |
Sample usage:
MyLoginModule {
io.yupiik.jaas.loginmodules.TypedPrincipalLoginModule optional
delegate.class="com.superbiz.jaas.MyLoginModuleCreatingAFooPrincipal"
principal.type="org.apache.activemq.jaas.GroupPrincipal"
;
}
This configuration will use org.apache.activemq.jaas.GroupPrincipal
for all principals added by MyLoginModuleCreatingAFooPrincipal
in commit phase.