5 Replies Latest reply on Feb 13, 2003 4:28 PM by aweissman

    Storing user info with a custom login module

    m_sarti

      JBoss 3.0.4 + Tomcat (embedded)

      I have implemented a custom login module and I successfuly deploy it in JBoss. MyLoginModule is a subclass of UsernamePasswordLoginModule. Now, I would like to collect some additional one-time-read information such as user code, user description, etc... and pass them to the page. With tomcat standalone I made a custom Principal implementation and stored these information into the identity Principal returned by realm. Now I would like to make something similar in MyLoginModule.

      Any suggestion?
      Regards, Marco

        • 1. Re: Storing user info with a custom login module
          stask

          You can do the same, i.e. create custom Principal implementation. You'll need to have following in your Subject:
          1. Group "Roles" with all roles inside.
          2. Group "CallerPrincipal" with the user Principal inside.

          request.getUserPrincipal() in a servlet should return the object that you've stored in the "CallerPrincipal" group in the Subject.
          The same for EJB, context.getCallerPrincipal() will return the object.

          Hope this helps.

          • 2. Re: Storing user info with a custom login module
            m_sarti

            Thanks for your answer!

            I read this in documentation, infact I tryed to do this in MyLoginModule.getRoleSets() implementation. It did'nt work, but after reading your message I probably know why.
            MyLoginModule is a subclass of UsernamePasswordLoginModule, this ancestor populate the Subject in commit() method and ignore Group other than "Groups". Obviously I made the implementation in the wrong place.
            Now I'm going to overload the commit() method.

            Thank you!
            Marco

            • 3. Re: Storing user info with a custom login module
              m_sarti

              Hi...

              about this, I have implemented a do-nothing MyLoginModule, this module simply implements the Login interface and have a login() method that always return true.
              In commit() method, I have coded as follows:

              ----
              Set principals = subject.getPrincipals();
              Group gr = new SimpleGroup("Roles");
              gr.addMember(new MyPrincipal("Tester"));
              principals.add(gr);

              gr = new SimpleGroup("CallerPrincipal");
              gr.addMember(new MyPrincipal(username));
              principals.add(gr);
              ----

              MyPrincipal is a custom implementation of Principal interface, this class should store some user informations (note that the above implemetation is only for experimental testing, please does not consider the non-sense...).

              Now, in my servlet/JSP I expect that a call to getUserPrincipal() returns a MyPrincipal object... but it isn't. It returns a org.jboss.security.SimplePrincipal.

              I would like to know if the technique I'm trying to set up is correct. My intention is to load some additional user info during login and store them into <some places> (I supposed in the Principal object as I made with Tomcat standalone) so that web objects can access them.

              Thanks again...
              Marco



              • 4. Re: Storing user info with a custom login module
                stask

                Hi Marco, below is the commit() function from my login module.
                Basically two differences:
                1. I'm adding the principal to the root level of subject too (i.e. its in the root level and inside roles).
                2. "Roles" group contains role groups which contain the principal. I.e. if you have a role, called "Users", you have to create group "Users", add your principal to it and than add the group to the "Roles" group.

                -----------------
                public boolean commit() throws LoginException {
                if (logger.isDebugEnabled()) {
                logger.debug(">>> commit()");
                }
                if (loginOK) {
                subject.getPrincipals().add(identity);
                QRolePrincipal roles = new QRolePrincipal("Roles");
                Vector rolesVec = getRoles(identity);
                for (int i = 0; i < rolesVec.size(); i++) {
                Principal principal = (Principal) rolesVec.elementAt(i);
                roles.addMember(principal);
                }
                subject.getPrincipals().add(roles);
                QRolePrincipal callerPrincipal = new QRolePrincipal("CallerPrincipal");
                callerPrincipal.addMember(identity);
                subject.getPrincipals().add(callerPrincipal);
                }
                if (logger.isDebugEnabled()) {
                logger.debug("<<< commit()");
                }
                return loginOK;
                }
                -------------------------------

                • 5. Re: Storing user info with a custom login module
                  aweissman

                  When you retrieve the principal in your JSP, are you retrieving a QRolePrincipal? How are you making the retrieval?