Using a custom principal

The jboss login modules support a principalClass login module option that allow one to specify a custom java.security.Principal implementation. The implementation must provide a public constructor that takes a java.lang.String argument for the name of the prinicpal. The following login-config.xml fragment shows a org.jboss.test.security.ejb.CustomPrincipalImpl being specified as the

    <application-policy name = "jaas-test">
       <authentication>
          <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
             <module-option name = "unauthenticatedIdentity">anonymous</module-option>
             <module-option name = "principalClass">org.jboss.test.security.ejb.CustomPrincipalImpl</module-option>
             <module-option name="usersProperties">security/users.properties</module-option>
             <module-option name="rolesProperties">security/roles.properties</module-option>
          </login-module>
       </authentication>
    </application-policy>

CustomPrincipalImpl.java:

/*
  * JBoss, Home of Professional Open Source
  * Copyright 2005, JBoss Inc., and individual contributors as indicated
  * by the @authors tag. See the copyright.txt in the distribution for a
  * full listing of individual contributors.
  *
  * This is free software; you can redistribute it and/or modify it
  * under the terms of the GNU Lesser General Public License as
  * published by the Free Software Foundation; either version 2.1 of
  * the License, or (at your option) any later version.
  *
  * This software is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
  * License along with this software; if not, write to the Free
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
package org.jboss.test.security.ejb;

import java.security.Principal;

/** A custom Principal implementation. This class must compare to other
 * Principals based on the Principal.getName() hashCode and equality.
 * 
 * @author Scott.Stark@jboss.org
 * @version $Revision: 1.3 $
 */
public class CustomPrincipalImpl
   implements Principal
{
   private String name;

   public CustomPrincipalImpl(String name)
   {
      this.name = name;
   }

   public int hashCode()
   {
      return name.hashCode();
   }

   public boolean equals(Object obj)
   {
      Principal p = (Principal) obj;
      return name.equals(p.getName());
   }

   public String toString()
   {
      return name;
   }

   /**
    * Returns the name of this principal.
    *
    * @return the name of this principal.
    */
   public String getName()
   {
      return name;
   }
}

Adding a custom principal in your login module

You can also include a custom principal by using code from a login module. A custom principal must be installed under the Subject using a java.security.acl.group named "CallerPrincipal" with the sole group member being the custom principal instance. The following testsuite example illustrates this:

/*
 * JBoss, the OpenSource J2EE WebOS
 *
 * Distributable under LGPL license.
 * See terms of license at gnu.org.
 */
package org.jboss.test.security.ejb;

import java.security.acl.Group;
import java.security.Principal;
import javax.security.auth.login.LoginException;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;

/** Test of installing a custom principal via a login module.
 * 
 * @author Scott.Stark@jboss.org
 * @version $Revision: 1.2 $
 */
public class CustomPrincipalLoginModule extends UsernamePasswordLoginModule
{
   private CustomPrincipalImpl caller;

   public boolean login() throws LoginException
   {
      if (super.login())
      {
         caller = new CustomPrincipalImpl(getUsername());
         return true;
      }
      return false;
   }

   protected Principal getIdentity()
   {
      Principal identity = caller;
      if( identity == null )
         identity = super.getIdentity();
      return identity;
   }

   protected Group[] getRoleSets() throws LoginException
   {
      try
      {
         // The declarative permissions
         Group roles = new SimpleGroup("Roles");
         // The caller identity
         Group callerPrincipal = new SimpleGroup("CallerPrincipal");
         Group[] groups = {roles, callerPrincipal};
         log.info("Getting roles for user=" + getUsername());
         // Add the Echo role
         roles.addMember(new SimplePrincipal("Echo"));
         // Add the custom principal for the caller
         callerPrincipal.addMember(caller);
         return groups;
      }
      catch (Exception e)
      {
         log.error("Failed to obtain groups for user=" + getUsername(), e);
         throw new LoginException(e.toString());
      }
   }

   protected String getUsersPassword()
   {
      return "theduke";
   }

}