5.12.2 Points to remember when implementing custom login modules
When creating custom login modules, the LoginModule interface that is the JAAS SPI should be inherited to implement the necessary process. This section provides the points to remember when implementing custom login modules and the LoginModule interface, as well as when implementing the Principal object, which manages user IDs.
- Organization of this subsection
(1) Points to remember when implementing the LoginModule interface
-
login method
To support single sign-on, first determine if the user ID and password are not specified in sharedState. The name used to obtain the user ID and password from sharedState can be specified in the configuration file of the integrated user management framework.
-
commit method
Set the Principal object to Subject. When there are multiple Principal objects, WebSSOLoginModule and DelegationLoginModule use the first found Principal object to register the user ID in the integrated user management session. For single sign-on, it is used to recognize the first logged-in user ID.
-
logout method
The logout method deletes the Principal object and Credentials (such as user attributes) that are associated with the Subject by using the commit method. It also releases the resources secured by login.
When the logout method is used, the following phenomena may occur.
-
No Credentials are assigned to the Subject when the logout method is invoked.
-
At the time of logout, the member attribute values that are set by the commit or login method of the custom login modules cannot be referenced.
The phenomenon that no Credentials are assigned may be caused by the fact that no Credentials are contained in the serializable Subject object.
On the other hand, the phenomenon such that the member attribute values cannot be referenced at the time of logout may be caused by the fact that the JAAS LoginContext (including LoginModule) is not a serialized object. As LoginContext stores the Subject object in HttpSession and generates a new login module instance from the Subject object to log out, the member attribute values set by the commit or login method cannot be referenced.
-