Class KeyStoreLoginModule

java.lang.Object
com.sun.security.auth.module.KeyStoreLoginModule
All Implemented Interfaces:
LoginModule

public class KeyStoreLoginModule extends Object implements LoginModule
Provides a JAAS login module that prompts for a key store alias and populates the subject with the alias's principal and credentials. Stores an X500Principal for the subject distinguished name of the first certificate in the alias's credentials in the subject's principals, the alias's certificate path in the subject's public credentials, and a X500PrivateCredential whose certificate is the first certificate in the alias's certificate path and whose private key is the alias's private key in the subject's private credentials.

Recognizes the following options in the configuration file:

keyStoreURL
A URL that specifies the location of the key store. Defaults to a URL pointing to the .keystore file in the directory specified by the user.home system property. The input stream from this URL is passed to the KeyStore.load method. "NONE" may be specified if a null stream must be passed to the KeyStore.load method. "NONE" should be specified if the KeyStore resides on a hardware token device, for example.
keyStoreType
The key store type. If not specified, defaults to the result of calling KeyStore.getDefaultType(). If the type is "PKCS11", then keyStoreURL must be "NONE" and privateKeyPasswordURL must not be specified.
keyStoreProvider
The key store provider. If not specified, uses the standard search order to find the provider.
keyStoreAlias
The alias in the key store to login as. Required when no callback handler is provided. No default value.
keyStorePasswordURL
A URL that specifies the location of the key store password. Required when no callback handler is provided and protected is false. No default value.
privateKeyPasswordURL
A URL that specifies the location of the specific private key password needed to access the private key for this alias. The keystore password is used if this value is needed and not specified.
protected
This value should be set to "true" if the KeyStore has a separate, protected authentication path (for example, a dedicated PIN-pad attached to a smart card). Defaults to "false". If "true" keyStorePasswordURL and privateKeyPasswordURL must not be specified.