Version 3

    Using a custom principal

    The jboss login modules support a principalClass login module option that allow one to specify a custom java.security.Principal implementation. The implementation must provide a public constructor that takes a java.lang.String argument for the name of the prinicpal. The following login-config.xml fragment shows a org.jboss.test.security.ejb.CustomPrincipalImpl being specified as the

     

        <application-policy name = "jaas-test">
           <authentication>
              <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
                 flag = "required">
                 <module-option name = "unauthenticatedIdentity">anonymous</module-option>
                 <module-option name = "principalClass">org.jboss.test.security.ejb.CustomPrincipalImpl</module-option>
                 <module-option name="usersProperties">security/users.properties</module-option>
                 <module-option name="rolesProperties">security/roles.properties</module-option>
              </login-module>
           </authentication>
        </application-policy>
    

     

    CustomPrincipalImpl.java:

    /*
      * JBoss, Home of Professional Open Source
      * Copyright 2005, JBoss Inc., and individual contributors as indicated
      * by the @authors tag. See the copyright.txt in the distribution for a
      * full listing of individual contributors.
      *
      * This is free software; you can redistribute it and/or modify it
      * under the terms of the GNU Lesser General Public License as
      * published by the Free Software Foundation; either version 2.1 of
      * the License, or (at your option) any later version.
      *
      * This software is distributed in the hope that it will be useful,
      * but WITHOUT ANY WARRANTY; without even the implied warranty of
      * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
      * Lesser General Public License for more details.
      *
      * You should have received a copy of the GNU Lesser General Public
      * License along with this software; if not, write to the Free
      * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
      * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
      */
    package org.jboss.test.security.ejb;
    
    import java.security.Principal;
    
    /** A custom Principal implementation. This class must compare to other
     * Principals based on the Principal.getName() hashCode and equality.
     * 
     * @author Scott.Stark@jboss.org
     * @version $Revision: 1.3 $
     */
    public class CustomPrincipalImpl
       implements Principal
    {
       private String name;
    
       public CustomPrincipalImpl(String name)
       {
          this.name = name;
       }
    
       public int hashCode()
       {
          return name.hashCode();
       }
    
       public boolean equals(Object obj)
       {
          Principal p = (Principal) obj;
          return name.equals(p.getName());
       }
    
       public String toString()
       {
          return name;
       }
    
       /**
        * Returns the name of this principal.
        *
        * @return the name of this principal.
        */
       public String getName()
       {
          return name;
       }
    }
    

     

    Adding a custom principal in your login module

    You can also include a custom principal by using code from a login module. A custom principal must be installed under the Subject using a java.security.acl.group named "CallerPrincipal" with the sole group member being the custom principal instance. The following testsuite example illustrates this:

     

    /*
     * JBoss, the OpenSource J2EE WebOS
     *
     * Distributable under LGPL license.
     * See terms of license at gnu.org.
     */
    package org.jboss.test.security.ejb;
    
    import java.security.acl.Group;
    import java.security.Principal;
    import javax.security.auth.login.LoginException;
    import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
    import org.jboss.security.SimpleGroup;
    import org.jboss.security.SimplePrincipal;
    
    /** Test of installing a custom principal via a login module.
     * 
     * @author Scott.Stark@jboss.org
     * @version $Revision: 1.2 $
     */
    public class CustomPrincipalLoginModule extends UsernamePasswordLoginModule
    {
       private CustomPrincipalImpl caller;
    
       public boolean login() throws LoginException
       {
          if (super.login())
          {
             caller = new CustomPrincipalImpl(getUsername());
             return true;
          }
          return false;
       }
    
       protected Principal getIdentity()
       {
          Principal identity = caller;
          if( identity == null )
             identity = super.getIdentity();
          return identity;
       }
    
       protected Group[] getRoleSets() throws LoginException
       {
          try
          {
             // The declarative permissions
             Group roles = new SimpleGroup("Roles");
             // The caller identity
             Group callerPrincipal = new SimpleGroup("CallerPrincipal");
             Group[] groups = {roles, callerPrincipal};
             log.info("Getting roles for user=" + getUsername());
             // Add the Echo role
             roles.addMember(new SimplePrincipal("Echo"));
             // Add the custom principal for the caller
             callerPrincipal.addMember(caller);
             return groups;
          }
          catch (Exception e)
          {
             log.error("Failed to obtain groups for user=" + getUsername(), e);
             throw new LoginException(e.toString());
          }
       }
    
       protected String getUsersPassword()
       {
          return "theduke";
       }
    
    }