/**

 * This is an example login module that uses the

 * AbstractLoginModule class.

 */

public class LoginModuleTemplate

   extends com.sap.engine.interfaces.security.auth.AbstractLoginModule {

   /**

   * Initialize the login module with the relevant

   * authentication and state information.

   */

   public void initialize(

      javax.security.auth.Subject subject,

      javax.security.auth.callback.CallbackHandler callbackHandler,

      java.util.Map sharedState,

      java.util.Map options) {

      super.initialize(subject, callbackHandler, sharedState, options);

      ...}

   /**

   * Set the user credentials. Authenticate a subject as the

   * first part of the authentication process.

   */

   public boolean login() throws javax.security.auth.login.LoginException {

      ...< Retrieve the user credentials via the callback handler.>...

      /* After the user name is known, an update of the user info from the persistance should

      be made.

         This check must be done before the user credentils checks. */

      refreshUserInfo(< userName >);

      ...try {

         < check the user credentials > } catch (Exception e) {

         throwUserLoginException(e);

      }

      /* This is done if the authentication of the login module is successful. Only one and exactly one login module from the stack must put the user name in the shared state. This user name is considered to represent the authenticated user. For example if the login is successful, method getRemoteUser () of the HTTP request will retrieve exactly this name. */

      if (sharedState.get(AbstractLoginModule.NAME) == null) {

         sharedState.put(AbstractLoginModule.NAME, < userName >);

         nameSet = true;

      }

      successful = true;

      return true;

   }

   /**

   * Commit the login. This is the second part of the

   * authentication process. If it is successful, the  

   * statistics for the user are logged in a specified way, in 

   * order to manage the login modules implementations on the 

   * SAP J2EE Engine.

   */

   public boolean commit() throws javax.security.auth.login.LoginException {

      ...if (successful) {

         < add credentials to subject >...

         /* If the login is successful, then the principal corresponding to the <userName> ( the same user name that has been added to shared state ) must be added in the shared state too. This principal is considered to be the main principal representing the user. For example, this principal will be retrieved from method getUserPrincipal() of the HTTP request. */

         if (nameSet) {

            sharedState.put(

               AbstractLoginModule.PRINCIPAL,

               < userPrincipal >);

         }

      }

      ...

}

   /**

   * Abort the authentication process.

   */

   public boolean abort() throws javax.security.auth.login.LoginException {

      ...

}

   /**

   * Log out the user. Also removes the principals and

   * destroys or removes the credentials that were associated 

   * with the user during the commit phase.

   */

   public boolean logout() throws javax.security.auth.login.LoginException {

      ...< remove credentials from subject >...

}