1 Reply Latest reply on Nov 8, 2004 10:20 AM by time4tea

Writing custom LoginModule

time4tea Nov 8, 2004 7:50 AM

I've looked at the relevant Wiki page about writing a custom login module. I can't get it to work at all. I'm trying right now for it to just log that its even being loaded. I can't see anything to indicate that it is. Nor can I see what LoginModule is being called, if any.

Any help to diagnose what is goin on would be much appreciated! Thanks!!

It says to add the following to your login-config.xml:

<application-policy name="xx">

<login-module code="com.xx.es.security.jaas.xxLoginModule" flag="required" />

</application-policy>

And the following to your jboss-web.xml

<security-domain>java:/jaas/xx</security-domain>

I have also added this to web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>Everything</web-resource-name>
The site
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
Any Domain User
<role-name>Domain Users</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
</login-config>

<security-role>
<role-name>Domain Users</role-name>
</security-role>

My code is here (log.error to encourage message to show up!):

package com.xx.es.security.jaas;

import java.util.Map;
import java.util.Iterator;

import java.security.Principal;
import java.security.acl.Group;

import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;

import org.jboss.security.auth.spi.AbstractServerLoginModule;

public class xxLoginModule extends AbstractServerLoginModule {

protected Principal identity;

public xxLoginModule() {
log.error ( "Creating " + this.getClass().getName() );
}

public void initialize(Subject s, CallbackHandler cbh, Map state, Map opts ) {
super.initialize ( s,cbh, state, opts );
log.error ( "xxLoginModule: Initialise" );
log.error ( "Subject: " + s.toString() );
log.error ( "CallbackHandler: " + cbh.toString() );

log.error ( "State:" );

for ( Iterator i = state.keySet().iterator() ; i.hasNext() ; ) {
Object key = i.next();
log.error ( i + " : " + state.get(key) );
}

log.error ( "Opts:" );

for ( Iterator i = opts.keySet().iterator() ; i.hasNext() ; ) {
Object key = i.next();
log.error ( i + " : " + opts.get(key) );
}
}

public boolean login() throws LoginException {
log.error ( "Login()" );
return true;
}

public boolean commit() throws LoginException {
log.error ( "commit()" );
return true;
}

protected Principal getIdentity() {
log.error ( "getIdentity()" );
return identity;
}

protected String getUsername() {
log.error ( "getUsername() " );
return null;
}

protected Group[] getRoleSets() throws LoginException {
log.error ( "getRoleSets()" );
return new Group[0];
}

}

1. Re: Writing custom LoginModule

time4tea Nov 8, 2004 10:20 AM (in response to time4tea)
So, I found one small bug!

In the constructor:

public xxLoginModule() { log.error ( "Creating " + this.getClass().getName() ); }

but, "log" is not defined at this point, so resulting in NPE, which is not logged, and which results in no authentication....

Setting ths log level to:

<category name="org.jboss.security"> <priority value="TRACE" class="org.jboss.logging.XLevel"/> </category>

Logged the output of the module, so I could see that the Exception was being thrown.
Actions