PHP Class AppserverIo\Appserver\ServletEngine\Security\Auth\Spi\AbstractLoginModule

See link: https://github.com/appserver-io/appserver
See link: http://www.appserver.io
Author: Tim Wagner ([email protected])
Inheritance: implements AppserverIo\Psr\Security\Auth\Spi\LoginModuleInterface
Show file Open project: appserver-io/appserver Class Usage Examples

Protected Properties

Property Type Description
$callbackHandler AppserverIo\Psr\Security\Auth\Callback\CallbackHandlerInterface The callback handler to obtain username and password.
$loginOk boolean Flag indicating if the login phase succeeded. Subclasses that override the login method must set this to true on successful completion of login.
$params AppserverIo\Collections\MapInterface The login module parameters.
$principalClassName AppserverIo\Lang\String The class name used to create a principal.
$sharedState AppserverIo\Collections\MapInterface Used the share the login state between multiple modules.
$subject AppserverIo\Psr\Security\Auth\Subject The Subject to update after a successful login.
$unauthenticatedIdentity AppserverIo\Psr\Security\PrincipalInterface The unauthenticated login identity.
$useFirstPass boolean Flag that the shared state credential should be used.

Public Methods

Method Description
abort ( ) : boolean Method to abort the authentication process (phase 2).
commit ( ) : true Method to commit the authentication process (phase 2). If the login method completed successfully as indicated by loginOk == true, this method adds the getIdentity() value to the subject getPrincipals() Set.
createIdentity ( string $name ) : Principal Utility method to create a Principal for the given username. This creates an instance of the principalClassName type if this option was specified. If principalClassName was not specified, a SimplePrincipal is created.
getUnauthenticatedIdentity ( ) : AppserverIo\Psr\Security\PrincipalInterface Return's the unauthenticated identity.
getUseFirstPass ( ) : boolean Flag that the shared state credential should be used.
getUsernameAndPassword ( ) : array Called by login() to acquire the username and password strings for authentication. This method does no validation of either.
initialize ( AppserverIo\Psr\Security\Auth\Subject $subject, AppserverIo\Psr\Security\Auth\Callback\CallbackHandlerInterface $callbackHandler, AppserverIo\Collections\MapInterface $sharedState, AppserverIo\Collections\MapInterface $params ) : void Initialize the login module. This stores the subject, callbackHandler and sharedState and options for the login session. Subclasses should override if they need to process their own options. A call to parent::initialize() must be made in the case of an override.
login ( ) : boolean Looks for servlet_engine.authentication.login_module.login_name and servlet_engine.authentication.login_module.login_password values in the sharedState map if the useFirstPass option was true and returns TRUE if they exist. If they do not or are NULL this method returns FALSE.
logout ( ) : boolean Remove the user identity and roles added to the Subject during commit.

Protected Methods

Method Description
createGroup ( string $name, AppserverIo\Collections\CollectionInterface $principals ) : AppserverIo\Psr\Security\Acl\GroupInterface Find or create a Group with the given name. Subclasses should use this method to locate the 'Roles' group or create additional types of groups.
getIdentity ( ) : AppserverIo\Psr\Security\PrincipalInterface Overriden by subclasses to return the Principal that corresponds to the user primary identity.
getRoleSets ( ) : array Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user. Subclasses should create at least a Group named "Roles" that contains the roles assigned to the user.

Method Details

abort() public method

Method to abort the authentication process (phase 2).
public abort ( ) : boolean
return boolean Alaways TRUE

commit() public method

It also adds the members of each Group returned by getRoleSets() to the subject getPrincipals() Set.
public commit ( ) : true
return true always.

createGroup() protected method

Find or create a Group with the given name. Subclasses should use this method to locate the 'Roles' group or create additional types of groups.
protected createGroup ( string $name, AppserverIo\Collections\CollectionInterface $principals ) : AppserverIo\Psr\Security\Acl\GroupInterface
$name string The name of the group to create
$principals AppserverIo\Collections\CollectionInterface The list of principals
return AppserverIo\Psr\Security\Acl\GroupInterface A named group from the principals set

createIdentity() public method

Utility method to create a Principal for the given username. This creates an instance of the principalClassName type if this option was specified. If principalClassName was not specified, a SimplePrincipal is created.
public createIdentity ( string $name ) : Principal
$name string The name of the principal
return Principal The principal instance

getIdentity() abstract protected method

Overriden by subclasses to return the Principal that corresponds to the user primary identity.
abstract protected getIdentity ( ) : AppserverIo\Psr\Security\PrincipalInterface
return AppserverIo\Psr\Security\PrincipalInterface The user identity

getRoleSets() abstract protected method

A second common group is "CallerPrincipal" that provides the application identity of the user rather than the security domain identity.
abstract protected getRoleSets ( ) : array
return array Array containing the sets of roles

getUnauthenticatedIdentity() public method

Return's the unauthenticated identity.
public getUnauthenticatedIdentity ( ) : AppserverIo\Psr\Security\PrincipalInterface
return AppserverIo\Psr\Security\PrincipalInterface The identity instance

getUseFirstPass() public method

Flag that the shared state credential should be used.
public getUseFirstPass ( ) : boolean
return boolean TRUE if the shared state credential should be used, else FALSE

getUsernameAndPassword() public method

Called by login() to acquire the username and password strings for authentication. This method does no validation of either.
public getUsernameAndPassword ( ) : array
return array Array with name and password, e. g. array(0 => $name, 1 => $password)

initialize() public method

The following parameters can by default be passed from the configuration. passwordStacking: If this is set to "useFirstPass", the login identity will be taken from the appserver.security.auth.login.name value of the sharedState map, and the proof of identity from the appserver.security.auth.login.password value of the sharedState map principalClass: A Principal implementation that support a constructor taking a string argument for the princpal name unauthenticatedIdentity: The name of the principal to asssign and authenticate when a null username and password are seen
public initialize ( AppserverIo\Psr\Security\Auth\Subject $subject, AppserverIo\Psr\Security\Auth\Callback\CallbackHandlerInterface $callbackHandler, AppserverIo\Collections\MapInterface $sharedState, AppserverIo\Collections\MapInterface $params ) : void
$subject AppserverIo\Psr\Security\Auth\Subject The Subject to update after a successful login
$callbackHandler AppserverIo\Psr\Security\Auth\Callback\CallbackHandlerInterface The callback handler that will be used to obtain the user identity and credentials
$sharedState AppserverIo\Collections\MapInterface A map shared between all configured login module instances
$params AppserverIo\Collections\MapInterface The parameters passed to the login module
return void

login() public method

Note that subclasses that override the login method must set the loginOk var to TRUE if the login succeeds in order for the commit phase to populate the Subject. This implementation sets loginOk to TRUE if the login() method returns TRUE, otherwise, it sets loginOk to FALSE. Perform the authentication of username and password.
public login ( ) : boolean
return boolean TRUE if the login credentials are available in the sharedMap, else FALSE

logout() public method

Remove the user identity and roles added to the Subject during commit.
public logout ( ) : boolean
return boolean Always TRUE

Property Details

$callbackHandler protected property

The callback handler to obtain username and password.
protected CallbackHandlerInterface,AppserverIo\Psr\Security\Auth\Callback $callbackHandler
return AppserverIo\Psr\Security\Auth\Callback\CallbackHandlerInterface

$loginOk protected property

Flag indicating if the login phase succeeded. Subclasses that override the login method must set this to true on successful completion of login.
protected bool $loginOk
return boolean

$params protected property

The login module parameters.
protected MapInterface,AppserverIo\Collections $params
return AppserverIo\Collections\MapInterface

$principalClassName protected property

The class name used to create a principal.
protected String,AppserverIo\Lang $principalClassName
return AppserverIo\Lang\String

$sharedState protected property

Used the share the login state between multiple modules.
protected MapInterface,AppserverIo\Collections $sharedState
return AppserverIo\Collections\MapInterface

$subject protected property

The Subject to update after a successful login.
protected Subject,AppserverIo\Psr\Security\Auth $subject
return AppserverIo\Psr\Security\Auth\Subject

$unauthenticatedIdentity protected property

The unauthenticated login identity.
protected PrincipalInterface,AppserverIo\Psr\Security $unauthenticatedIdentity
return AppserverIo\Psr\Security\PrincipalInterface

$useFirstPass protected property

Flag that the shared state credential should be used.
protected bool $useFirstPass
return boolean