public class PasswordValidationCallback
extends java.lang.Object
implements javax.security.auth.callback.Callback
This callback may be used by an authentication module to employ the password validation facilities of its containing
runtime. This Callback would typically be called by a ServerAuthModule during
validateRequest processing.
This callback causes the following actions to be done:
CallerPrincipalCallback does)
GroupPrincipalCallback does)
PasswordValidationCallback could be
implemented by a Jakarta Authentication implementation provided CallbackHandler:
protected void processPasswordValidation(PasswordValidationCallback pwdCallback) {
// 1. Validate the credentials
Caller caller = ContainerSpecificStore.validate(pwdCallback.getUsername(), getPassword(pwdCallback));
if (caller != null) {
// 2. If validated set caller principal, just like CallerPrincipalCallback does
processCallerPrincipal(new CallerPrincipalCallback(pwdCallback.getSubject(), caller.getCallerPrincipal()));
if (!caller.getGroups().isEmpty()) {
// 3. If validated and groups available set groups, just like GroupPrincipalCallback does
processGroupPrincipal(new GroupPrincipalCallback(pwdCallback.getSubject(), caller.getGroupsAsArray()));
}
pwdCallback.setResult(true);
}
}
Note that in this example: processCallerPrincipal represents how the CallbackHandler would handle
the CallerPrincipalCallback.
processGroupPrincipal represents how the CallbackHandler would handle
the GroupPrincipalCallback.
Caller and ContainerSpecificStore are hypothetical implementation specific types.
| Constructor and Description |
|---|
PasswordValidationCallback(javax.security.auth.Subject subject,
java.lang.String username,
char[] password)
Create a PasswordValidationCallback.
|
| Modifier and Type | Method and Description |
|---|---|
void |
clearPassword()
Clear the password.
|
char[] |
getPassword()
Get the password.
|
boolean |
getResult()
Get the authentication result.
|
javax.security.auth.Subject |
getSubject()
Get the subject.
|
java.lang.String |
getUsername()
Get the username.
|
void |
setResult(boolean result)
Set the authentication result.
|
public PasswordValidationCallback(javax.security.auth.Subject subject,
java.lang.String username,
char[] password)
subject - The subject for authenticationusername - The username to authenticatepassword - The user's password, which may be null.public javax.security.auth.Subject getSubject()
public java.lang.String getUsername()
public char[] getPassword()
Note that this method returns a reference to the password. If a clone of the array is created it is the caller's responsibility to zero out the password information after it is no longer needed.
public void clearPassword()
public void setResult(boolean result)
result - True if authentication succeeded, false otherwisepublic boolean getResult()