@Exported public class KeyStoreLoginModule extends Object implements LoginModule
X500Principal for the subject distinguished name of the
 first certificate in the alias's credentials in the subject's principals,
 the alias's certificate path in the subject's public credentials, and a
 X500PrivateCredential whose certificate is the first
 certificate in the alias's certificate path and whose private key is the
 alias's private key in the subject's private credentials. Recognizes the following options in the configuration file:
keyStoreURL user.home system property.  The input stream from this
      URL is passed to the KeyStore.load method.
      "NONE" may be specified if a null stream must be
      passed to the KeyStore.load method.
      "NONE" should be specified if the KeyStore resides
      on a hardware token device, for example.keyStoreType KeyStore.getDefaultType().
      If the type is "PKCS11", then keyStoreURL must be "NONE"
      and privateKeyPasswordURL must not be specified.keyStoreProvider keyStoreAlias keyStorePasswordURL protected is false.
      No default value. privateKeyPasswordURL protected | Constructor and Description | 
|---|
| KeyStoreLoginModule() | 
| Modifier and Type | Method and Description | 
|---|---|
| boolean | abort() This method is called if the LoginContext's
 overall authentication failed. | 
| boolean | commit()Abstract method to commit the authentication process (phase 2). | 
| void | initialize(Subject subject,
          CallbackHandler callbackHandler,
          Map<String,?> sharedState,
          Map<String,?> options)Initialize this  LoginModule. | 
| boolean | login()Authenticate the user. | 
| boolean | logout()Logout a user. | 
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
LoginModule.
 initialize in interface LoginModulesubject - the Subject to be authenticated. callbackHandler - a CallbackHandler for communicating
                  with the end user (prompting for usernames and
                  passwords, for example),
                  which may be null. sharedState - shared LoginModule state. options - options specified in the login
                  Configuration for this particular
                  LoginModule.public boolean login()
              throws LoginException
Get the Keystore alias and relevant passwords. Retrieve the alias's principal and credentials from the Keystore.
login in interface LoginModuleLoginModule
          should not be ignored).FailedLoginException - if the authentication fails. LoginException - if the authentication failspublic boolean commit()
               throws LoginException
This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).
 If this LoginModule's own authentication attempt
 succeeded (checked by retrieving the private state saved by the
 login method), then this method associates a
 X500Principal for the subject distinguished name of the
 first certificate in the alias's credentials in the subject's
 principals,the alias's certificate path in the subject's public
 credentials, and aX500PrivateCredential whose certificate
 is the first  certificate in the alias's certificate path and whose
 private key is the alias's private key in the subject's private
 credentials.  If this LoginModule's own
 authentication attempted failed, then this method removes
 any state that was originally saved.
 
commit in interface LoginModuleLoginException - if the commit failspublic boolean abort()
              throws LoginException
This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).
 If this LoginModule's own authentication attempt
 succeeded (checked by retrieving the private state saved by the
 login and commit methods),
 then this method cleans up any state that was originally saved.
 
 If the loaded KeyStore's provider extends
 java.security.AuthProvider,
 then the provider's logout method is invoked.
 
abort in interface LoginModuleLoginException - if the abort fails.public boolean logout()
               throws LoginException
 This method removes the Principals, public credentials and the
 private credentials that were added by the commit method.
 
 If the loaded KeyStore's provider extends
 java.security.AuthProvider,
 then the provider's logout method is invoked.
 
logout in interface LoginModuleLoginModule
          should not be ignored.LoginException - if the logout fails.
 Copyright © 1998, 2025, Oracle and/or its affiliates.  All rights reserved.