1 Reply Latest reply on Mar 1, 2004 8:31 AM by starksm64

    Doubts in JAAS

    klauskr
    klauskr Mar 1, 2004 8:14 AM

      Hi all,

      I am developing an application client that uses an authentication based on JASS
      in the JBoss. I am using one predefined callback implementation. The
      code follows below:


      import java.io.IOException;

      import javax.security.auth.Subject;
      import javax.security.auth.callback.Callback;
      import javax.security.auth.callback.UnsupportedCallbackException;
      import javax.security.auth.callback.CallbackHandler;
      import javax.security.auth.callback.TextOutputCallback;
      import javax.security.auth.callback.NameCallback;
      import javax.security.auth.callback.PasswordCallback;
      import javax.security.auth.login.LoginContext;
      import javax.security.auth.login.LoginException;
      import javax.security.auth.login.FailedLoginException;

      /**
      * Simple login context for unit tests.
      */
      public class ProjectLoginContext extends LoginContext {

      public final static String USERNAME = "junit";

      private static class CBH implements CallbackHandler {
      public void handle (Callback[] callbacks)
      throws UnsupportedCallbackException, IOException {
      for (int i = 0; i < callbacks.length; i++) {
      if (callbacks instanceof TextOutputCallback) {
      // display the message according to the specified type
      TextOutputCallback toc = (TextOutputCallback)callbacks      ;
      switch (toc.getMessageType()) {
      case TextOutputCallback.INFORMATION:
      System.err.println(toc.getMessage());
      break;
      case TextOutputCallback.ERROR:
      System.err.println("ERROR: " + toc.getMessage());
      break;
      case TextOutputCallback.WARNING:
      System.err.println("WARNING: " + toc.getMessage());
      break;
      default:
      throw new IOException("Unsupported message type: " +
      toc.getMessageType());
      }
      } else if (callbacks instanceof NameCallback) {
      // prompt the user for a username
      NameCallback nc = (NameCallback)callbacks      ;
      nc.setName(USERNAME);
      } else if (callbacks instanceof PasswordCallback) {
      // prompt the user for sensitive information
      PasswordCallback pc = (PasswordCallback)callbacks      ;
      pc.setPassword(USERNAME.toCharArray());
      } else {
      throw new UnsupportedCallbackException
      (callbacks, "Unrecognized Callback");
      }
      }
      }
      }

      public ProjectLoginContext () throws LoginException {
      super ("danetworkflow", new CBH());
      }
      }


      I'm following the installation manual of my application client who says
      the following one:


      1) "The security configuration name used by the LoginContext must match an
      entry in the file that declares all security domains for JAAS. For our client
      (and JBoss) we need an entry like this:
      danetworkflow {
      org.jboss.security.ClientLoginModule required;
      };"

      ==> This is a file that I must create? If yes, where it must be? it must be
      inside of the client and jboss? What's its name?


      2)"Finally we must tell JAAS that it should use our configuration file by
      starting the java virtual machine with this additional parameter:
      -Djava.security.auth.login.config=auth.conf. "

      ==> This parameter must be before (java arq
      -Djava.security.auth.login.config=auth.conf) or later (java
      -Djava.security.auth.login.config=auth.conf arq) of the file arq.class?

      Please, someone could help me?

      • 1629 Views
      • Tags: