1 2 Previous Next 20 Replies Latest reply on Nov 4, 2006 10:11 AM by soshah Go to original post
      • 15. Re: Jboss SSO Web Application

        Also I forgot to metion I am not calling login module myself, everything is defined as per JAAS, I try to access page for thr first time, application prompts me for username and password page whose action is j_security_check, after that I login, and I see cookie and also get request.getUserPrincipal value

        • 16. Re: Jboss SSO Web Application
          soshah

          Ok, took a quick look. Your problem is related to this:

          The JAAS module and LoginProvider should both pull identical username and password data. Hence, its best to use a JAAS Module that actually uses the same LoginProvider to get username/password information from the datastore..


          The standard JAAS module you are using is pulling username nick10 and password nick10.


          Is the LoginProvider you hooked in providing the same data (username=nick10 and password=nick10).

          Easiest way to test this is whatever values for username=nick10 is pulled from the LoginProvider, make those same values in user.properties and test it.



          Thanks
          Sohil

          • 17. Re: Jboss SSO Web Application
            soshah

            Alright....Hook this in as LoginProvider

            package org.jboss.security.idm.ldap;

            import java.security.Principal;
            import java.util.Collection;
            import java.util.Properties;

            import org.jboss.security.idm.Identity;
            import org.jboss.security.idm.IdentityException;
            import org.jboss.security.idm.LoginProvider;

            public class DummyLoginProvider implements LoginProvider {
            private String id = null;

            public DummyLoginProvider(String id,Properties properties)
            {
            super();
            this.id = id;
            }

            public String getId() throws IdentityException
            {
            System.out.println("ID="+this.id);
            return this.id;
            }

            public Identity read(Principal principal) throws IdentityException
            {
            return this.read(principal.getName());
            }

            public Identity read(String username) throws IdentityException
            {
            Identity identity = new Identity();
            identity.setUserName("nick10");
            identity.setPassword("nick10".getBytes());
            return identity;
            }

            public boolean exists(Principal principal) throws IdentityException
            {
            return this.exists(principal.getName());
            }

            public boolean exists(String username) throws IdentityException
            {
            return true;
            }

            public boolean login(Principal principal, byte[] password)
            throws IdentityException
            {
            return true;
            }

            public boolean login(String username, byte[] password) throws IdentityException
            {
            return false;
            }

            public Collection readAllRoles() throws IdentityException
            {
            return new java.util.ArrayList();
            }
            }

            This should make SSO login over to nick2/test.jsp....I see proper Principal in the Console log.


            Basically: JAAS Module and LoginProvider must both pull same username and password data....Hence, I treat JAAS Module as a Façade for tomcat authentication but use LoginProvider to pull all info in the JAAS module implementation.



            Since JAAS is pretty intense to configure, I am probably going to add support for non-JAAS logins in the SSO framework soon.

            Thanks for all your feedback

            Sohil

            • 18. Re: Jboss SSO Web Application
              soshah

              Hi Sohil

              Great, it worked for me on both case 1. Application B on local machine 2. Application B on remote machine.

              Thank you very much for all your help. I really appreciate it.

              Regards
              Nipun

              • 19. Re: Jboss SSO Web Application
                soshah

                Hi Sohil

                May be I am wrong but I have few suggestions

                As a user I write my own LoginModule complaint to JAAS, (class extending AbstractServerLoginModule)

                We all are famliar with JAAS and we know what methods body shd we for Authentication. Even if we use LoginProvider inside JAAS module,
                login() method makes sense and from JAAS class login method we can call LoginProvider login method, but again like in my application I need more params for user to log in. However the login method in LoginProvider takes only username and password arguments, I can always concatinate other params and send it as username but still, as a user I wont feel comfartable about it.

                Similarly readAllRoles makes sense and can be linked with readRoleSets of jboss


                But about other methods of LoginModule like exists, read , were should we hook in thse methods with our custom JAAS code.

                There should be more explanation about this.

                Other thing is Identity, it is defined as a class with fixed getter and setter, there is a possibility that user needs more and less getter and setter. Like in normal JAAS we just rrtuen Principal object.

                May be my understanding here is wrong but this is what came to my mind and I thought that I should share it with you. Please do not think
                that I am complaining. All you Jboss guys are great and as a user of
                your products I am always thankful for all the efforts and contribution of jboss teams for the industry.

                Thanks again for your help

                Regards
                Nipun

                • 20. Re: Jboss SSO Web Application
                  soshah

                  Nipun-

                  Feedback like this is always welcome from the community...

                  I agree that the LoginProvider needs to evolve and feedback from community will help with that effort.

                  Thanks again
                  Sohil

                  1 2 Previous Next