Doubts in JAAS
klauskr Mar 1, 2004 8:14 AMHi all,
I am developing an application client that uses an authentication based on JASS
in the JBoss. I am using one predefined callback implementation. The
code follows below:
import java.io.IOException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
/**
* Simple login context for unit tests.
*/
public class ProjectLoginContext extends LoginContext {
public final static String USERNAME = "junit";
private static class CBH implements CallbackHandler {
public void handle (Callback[] callbacks)
throws UnsupportedCallbackException, IOException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks instanceof TextOutputCallback) {
// display the message according to the specified type
TextOutputCallback toc = (TextOutputCallback)callbacks;
switch (toc.getMessageType()) {
case TextOutputCallback.INFORMATION:
System.err.println(toc.getMessage());
break;
case TextOutputCallback.ERROR:
System.err.println("ERROR: " + toc.getMessage());
break;
case TextOutputCallback.WARNING:
System.err.println("WARNING: " + toc.getMessage());
break;
default:
throw new IOException("Unsupported message type: " +
toc.getMessageType());
}
} else if (callbacks instanceof NameCallback) {
// prompt the user for a username
NameCallback nc = (NameCallback)callbacks;
nc.setName(USERNAME);
} else if (callbacks instanceof PasswordCallback) {
// prompt the user for sensitive information
PasswordCallback pc = (PasswordCallback)callbacks;
pc.setPassword(USERNAME.toCharArray());
} else {
throw new UnsupportedCallbackException
(callbacks, "Unrecognized Callback");
}
}
}
}
public ProjectLoginContext () throws LoginException {
super ("danetworkflow", new CBH());
}
}
I'm following the installation manual of my application client who says
the following one:
1) "The security configuration name used by the LoginContext must match an
entry in the file that declares all security domains for JAAS. For our client
(and JBoss) we need an entry like this:
danetworkflow {
org.jboss.security.ClientLoginModule required;
};"
==> This is a file that I must create? If yes, where it must be? it must be
inside of the client and jboss? What's its name?
2)"Finally we must tell JAAS that it should use our configuration file by
starting the java virtual machine with this additional parameter:
-Djava.security.auth.login.config=auth.conf. "
==> This parameter must be before (java arq
-Djava.security.auth.login.config=auth.conf) or later (java
-Djava.security.auth.login.config=auth.conf arq) of the file arq.class?
Please, someone could help me?