2 Replies Latest reply on Mar 27, 2006 2:18 PM by mirko27

Pulling user Entity into session when authenticating.

mirko27 Mar 27, 2006 12:02 PM

Is it possible?
Maybe some custom module, but how?

1. Re: Pulling user Entity into session when authenticating.

mirko27 Mar 27, 2006 2:11 PM (in response to mirko27)

Well I created my own UsernamePasswordLoginModule and then extended it in same DatabaseServerLoginModule. Everything works fine, but it does not pull entity bean inside.
Please look at my code in the end of login() function:

 public boolean login() throws LoginException
 {
 // See if shared credentials exist
 if( super.login() == true )
 {
 // Setup our view of the user
 Object username = sharedState.get("javax.security.auth.login.name");
 if( username instanceof Principal )
 identity = (Principal) username;
 else
 {
 String name = username.toString();
 try
 {
 identity = createIdentity(name);
 }
 catch(Exception e)
 {
 log.debug("Failed to create principal", e);
 throw new LoginException("Failed to create principal: "+ e.getMessage());
 }
 }
 Object password = sharedState.get("javax.security.auth.login.password");
 if( password instanceof char[] )
 credential = (char[]) password;
 else if( password != null )
 {
 String tmp = password.toString();
 credential = tmp.toCharArray();
 }
 return true;
 }

 super.loginOk = false;
 String[] info = getUsernameAndPassword();
 String username = info[0];
 String password = info[1];
 if( username == null && password == null )
 {
 identity = unauthenticatedIdentity;
 super.log.trace("Authenticating as unauthenticatedIdentity="+identity);
 }

 if( identity == null )
 {
 try
 {
 identity = createIdentity(username);
 }
 catch(Exception e)
 {
 log.debug("Failed to create principal", e);
 throw new LoginException("Failed to create principal: "+ e.getMessage());
 }

 // Hash the user entered password if password hashing is in use
 if( hashAlgorithm != null )
 password = createPasswordHash(username, password);
 // Validate the password supplied by the subclass
 String expectedPassword = getUsersPassword();
 if( validatePassword(password, expectedPassword) == false )
 {
 super.log.debug("Bad password for username="+username);
 throw new FailedLoginException("Password Incorrect/Password Required");
 }
 }

 if( getUseFirstPass() == true )
 { // Add the username and password to the shared state map
 sharedState.put("javax.security.auth.login.name", username);
 sharedState.put("javax.security.auth.login.password", credential);
 }
 super.loginOk = true;
// Start of my ugly code
 // Pull Entity bean in right place
 try {
 InitialContext ctx = new InitialContext();
 em = (EntityManager) ctx.lookup("digizoneDatabase");
 String query = new String("FROM " +
 PortalUser.class.getName() +
 " where login='" + username +
 "'");
 //
 // get user from db
 //
 List list = em.createQuery(query).getResultList();
 if ( list != null && list.size() > 0 ) {
 Object obj = list.get(0);
 if ( obj instanceof PortalUser ){
 PortalUser portalUser = (PortalUser) obj;
 HttpServletRequest request = (HttpServletRequest) PolicyContext.getContext(WEB_REQUEST_KEY);
 HttpSession session = request.getSession();
 session.setAttribute("user",portalUser);
 }
 }
 } catch (Exception e) {
 e.printStackTrace();
 }
// End of my ugly code
 super.log.trace("User '" + identity + "' authenticated, loginOk="+loginOk);
 return true;
 }

2. Re: Pulling user Entity into session when authenticating.

mirko27 Mar 27, 2006 2:18 PM (in response to mirko27)

I really hope that we can get this working. This feature has been problem long time. Some are managed to build ugly hacks but this would be very nice way of approaching it. EntityManager s name and other app-dependent stuff could be made configurable :)
Additional files:
persistence.xml

<persistence>
 <persistence-unit name="digizoneDatabase">
 <provider>org.hibernate.ejb.HibernatePersistence</provider>
 <jta-data-source>java:/DigizoneDS</jta-data-source>

 <properties>
 <property name="hibernate.dialect" value="org.hibernate.dialect.MySQLDialect"/>
 <property name="hibernate.transaction.manager_lookup_class" value="org.hibernate.transaction.JBossTransactionManagerLookup"/>
 <property name="hibernate.transaction.flush_before_completion" value="true"/>
 </properties>
 </persistence-unit>
</persistence>

Digizone-login-config.xml

<?xml version='1.0'?>
<!DOCTYPE policy PUBLIC
 "-//JBoss//DTD JBOSS Security Config 3.0//EN"
 "http://www.jboss.org/j2ee/dtd/security_config.dtd">
<policy>
 <application-policy name="DigizoneSecurity">
 <authentication>
 <login-module
 code="ee.digizone.jaas.DatabaseServerLoginModule"
 flag="required">
 <module-option name="unauthenticatedIdentity">
 guest
 </module-option>
 <module-option name="dsJndiName">
 java:/DigizoneDS
 </module-option>
 <module-option name="principalsQuery">
 select PASSWORD from USERS where LOGIN=?
 </module-option>
 <module-option name="rolesQuery">
 select ROLES.ROLENAME,ROLES.P_GROUP from
 ROLES, USERS, PORTALUSER_PORTALROLE
 where
 ROLES.PORTALROLE_ID=PORTALUSER_PORTALROLE.PORTALROLE_ID
 and
 PORTALUSER_PORTALROLE.PORTALUSER_ID=USERS.PORTALUSER_ID
 and USERS.LOGIN=?
 </module-option>
 <module-option name="hashAlgorithm">SHA</module-option>
 <module-option name="hashCharset">UTF-8</module-option>
 <module-option name="hashEncoding">
 BASE64
 </module-option>
 </login-module>

 </authentication>
 </application-policy>
</policy>

Go to original post