PHP Class AppserverIo\Appserver\ServletEngine\Security\Auth\Spi\AbstractLoginModule

See link: https://github.com/appserver-io/appserver
See link: http://www.appserver.io
Author: Tim Wagner ([email protected])
Inheritance: implements AppserverIo\Psr\Security\Auth\Spi\LoginModuleInterface
Afficher le fichier Open project: appserver-io/appserver Class Usage Examples

Protected Properties

Свойство Type Description
$callbackHandler AppserverIo\Psr\Security\Auth\Callback\CallbackHandlerInterface The callback handler to obtain username and password.
$loginOk boolean Flag indicating if the login phase succeeded. Subclasses that override the login method must set this to true on successful completion of login.
$params AppserverIo\Collections\MapInterface The login module parameters.
$principalClassName AppserverIo\Lang\String The class name used to create a principal.
$sharedState AppserverIo\Collections\MapInterface Used the share the login state between multiple modules.
$subject AppserverIo\Psr\Security\Auth\Subject The Subject to update after a successful login.
$unauthenticatedIdentity AppserverIo\Psr\Security\PrincipalInterface The unauthenticated login identity.
$useFirstPass boolean Flag that the shared state credential should be used.

Méthodes publiques

Méthode Description
abort ( ) : boolean Method to abort the authentication process (phase 2).
commit ( ) : true Method to commit the authentication process (phase 2). If the login method completed successfully as indicated by loginOk == true, this method adds the getIdentity() value to the subject getPrincipals() Set.
createIdentity ( string $name ) : Principal Utility method to create a Principal for the given username. This creates an instance of the principalClassName type if this option was specified. If principalClassName was not specified, a SimplePrincipal is created.
getUnauthenticatedIdentity ( ) : AppserverIo\Psr\Security\PrincipalInterface Return's the unauthenticated identity.
getUseFirstPass ( ) : boolean Flag that the shared state credential should be used.
getUsernameAndPassword ( ) : array Called by login() to acquire the username and password strings for authentication. This method does no validation of either.
initialize ( AppserverIo\Psr\Security\Auth\Subject $subject, AppserverIo\Psr\Security\Auth\Callback\CallbackHandlerInterface $callbackHandler, AppserverIo\Collections\MapInterface $sharedState, AppserverIo\Collections\MapInterface $params ) : void Initialize the login module. This stores the subject, callbackHandler and sharedState and options for the login session. Subclasses should override if they need to process their own options. A call to parent::initialize() must be made in the case of an override.
login ( ) : boolean Looks for servlet_engine.authentication.login_module.login_name and servlet_engine.authentication.login_module.login_password values in the sharedState map if the useFirstPass option was true and returns TRUE if they exist. If they do not or are NULL this method returns FALSE.
logout ( ) : boolean Remove the user identity and roles added to the Subject during commit.

Méthodes protégées

Méthode Description
createGroup ( string $name, AppserverIo\Collections\CollectionInterface $principals ) : AppserverIo\Psr\Security\Acl\GroupInterface Find or create a Group with the given name. Subclasses should use this method to locate the 'Roles' group or create additional types of groups.
getIdentity ( ) : AppserverIo\Psr\Security\PrincipalInterface Overriden by subclasses to return the Principal that corresponds to the user primary identity.
getRoleSets ( ) : array Overriden by subclasses to return the Groups that correspond to the to the role sets assigned to the user. Subclasses should create at least a Group named "Roles" that contains the roles assigned to the user.

Method Details

abort() public méthode

Method to abort the authentication process (phase 2).
public abort ( ) : boolean
Résultat boolean Alaways TRUE

commit() public méthode

It also adds the members of each Group returned by getRoleSets() to the subject getPrincipals() Set.
public commit ( ) : true
Résultat true always.

createGroup() protected méthode

Find or create a Group with the given name. Subclasses should use this method to locate the 'Roles' group or create additional types of groups.
protected createGroup ( string $name, AppserverIo\Collections\CollectionInterface $principals ) : AppserverIo\Psr\Security\Acl\GroupInterface
$name string The name of the group to create
$principals AppserverIo\Collections\CollectionInterface The list of principals
Résultat AppserverIo\Psr\Security\Acl\GroupInterface A named group from the principals set

createIdentity() public méthode

Utility method to create a Principal for the given username. This creates an instance of the principalClassName type if this option was specified. If principalClassName was not specified, a SimplePrincipal is created.
public createIdentity ( string $name ) : Principal
$name string The name of the principal
Résultat Principal The principal instance

getIdentity() abstract protected méthode

Overriden by subclasses to return the Principal that corresponds to the user primary identity.
abstract protected getIdentity ( ) : AppserverIo\Psr\Security\PrincipalInterface
Résultat AppserverIo\Psr\Security\PrincipalInterface The user identity

getRoleSets() abstract protected méthode

A second common group is "CallerPrincipal" that provides the application identity of the user rather than the security domain identity.
abstract protected getRoleSets ( ) : array
Résultat array Array containing the sets of roles

getUnauthenticatedIdentity() public méthode

Return's the unauthenticated identity.
public getUnauthenticatedIdentity ( ) : AppserverIo\Psr\Security\PrincipalInterface
Résultat AppserverIo\Psr\Security\PrincipalInterface The identity instance

getUseFirstPass() public méthode

Flag that the shared state credential should be used.
public getUseFirstPass ( ) : boolean
Résultat boolean TRUE if the shared state credential should be used, else FALSE

getUsernameAndPassword() public méthode

Called by login() to acquire the username and password strings for authentication. This method does no validation of either.
public getUsernameAndPassword ( ) : array
Résultat array Array with name and password, e. g. array(0 => $name, 1 => $password)

initialize() public méthode

The following parameters can by default be passed from the configuration. passwordStacking: If this is set to "useFirstPass", the login identity will be taken from the appserver.security.auth.login.name value of the sharedState map, and the proof of identity from the appserver.security.auth.login.password value of the sharedState map principalClass: A Principal implementation that support a constructor taking a string argument for the princpal name unauthenticatedIdentity: The name of the principal to asssign and authenticate when a null username and password are seen
public initialize ( AppserverIo\Psr\Security\Auth\Subject $subject, AppserverIo\Psr\Security\Auth\Callback\CallbackHandlerInterface $callbackHandler, AppserverIo\Collections\MapInterface $sharedState, AppserverIo\Collections\MapInterface $params ) : void
$subject AppserverIo\Psr\Security\Auth\Subject The Subject to update after a successful login
$callbackHandler AppserverIo\Psr\Security\Auth\Callback\CallbackHandlerInterface The callback handler that will be used to obtain the user identity and credentials
$sharedState AppserverIo\Collections\MapInterface A map shared between all configured login module instances
$params AppserverIo\Collections\MapInterface The parameters passed to the login module
Résultat void

login() public méthode

Note that subclasses that override the login method must set the loginOk var to TRUE if the login succeeds in order for the commit phase to populate the Subject. This implementation sets loginOk to TRUE if the login() method returns TRUE, otherwise, it sets loginOk to FALSE. Perform the authentication of username and password.
public login ( ) : boolean
Résultat boolean TRUE if the login credentials are available in the sharedMap, else FALSE

logout() public méthode

Remove the user identity and roles added to the Subject during commit.
public logout ( ) : boolean
Résultat boolean Always TRUE

Property Details

$callbackHandler protected_oe property

The callback handler to obtain username and password.
protected CallbackHandlerInterface,AppserverIo\Psr\Security\Auth\Callback $callbackHandler
Résultat AppserverIo\Psr\Security\Auth\Callback\CallbackHandlerInterface

$loginOk protected_oe property

Flag indicating if the login phase succeeded. Subclasses that override the login method must set this to true on successful completion of login.
protected bool $loginOk
Résultat boolean

$params protected_oe property

The login module parameters.
protected MapInterface,AppserverIo\Collections $params
Résultat AppserverIo\Collections\MapInterface

$principalClassName protected_oe property

The class name used to create a principal.
protected String,AppserverIo\Lang $principalClassName
Résultat AppserverIo\Lang\String

$sharedState protected_oe property

Used the share the login state between multiple modules.
protected MapInterface,AppserverIo\Collections $sharedState
Résultat AppserverIo\Collections\MapInterface

$subject protected_oe property

The Subject to update after a successful login.
protected Subject,AppserverIo\Psr\Security\Auth $subject
Résultat AppserverIo\Psr\Security\Auth\Subject

$unauthenticatedIdentity protected_oe property

The unauthenticated login identity.
protected PrincipalInterface,AppserverIo\Psr\Security $unauthenticatedIdentity
Résultat AppserverIo\Psr\Security\PrincipalInterface

$useFirstPass protected_oe property

Flag that the shared state credential should be used.
protected bool $useFirstPass
Résultat boolean