3 Replies Latest reply on Oct 20, 2008 8:09 AM by sushilgovind

    Custom LoginModule, standalone application, InitialContext i

    piotr.koper
    piotr.koper Sep 18, 2007 4:32 AM

      Hi.

      This is my first post on JBoss forums, but not last :-).

      A tried to implement my own LoginModule. It is very simple - so even it works :-). But not exactly as i want.

      When I'm trying to log-in with my LoginModule (extends AbstractServerLoginModule) - it works for web applications (ever). But when i'm trying to log-in with standalone app (further SA) - i have some unstable behaviour: sometimes it works, and sometimes not. Works when i log-in with web-app earlier. When it works not - then in my debug i see, that SecurityAssociation is empty... I think it's cache guilt :-) i mean - it works on cached data, and when there is no data in cache - goodbye :-)

      My LoginModule uses SecurityAssociation container (for getting principal and credential). I fill also "subject" with this data (username and credential from SecurityAssociation).

      Important thing is that i have also my own client LoginModule. This login module do only two things: puts data from callback to SecurityAssociation, fill subject on commit and clear all when abort or logout is invoked. I also use sometimes ClientLoginModule, but it works (fails) exactly as mine (in standalone app).

      So my questions are:
      1) What things should be done at method login, commit, abort and logout?
      2) My login module works only with use of LoginContext instance, but JBoss modules can also work with InitialContext env-s attributes/properies:

       Hashtable env = new Hashtable();

 env.put(Context.PROVIDER_URL, "jnp://192.168.25.30:1099");

 env.put("java.naming.factory.initial","org.jnp.interfaces.NamingContextFactory");
 env.put("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");
 env.put(Context.SECURITY_AUTHENTICATION, "simple");
 env.put(Context.SECURITY_PRINCIPAL, "j2ee");
 env.put(Context.SECURITY_CREDENTIALS, "j2ee");
 env.put(Context.SECURITY_PROTOCOL,"domain");

 InitialContext ctx = new InitialContext(env);


      how is it possible? What should I do to enable this feature in my module (client or server)?

      Useful informations:
      * i work with Windows XP SP2 and JBoss 4.2.1
      * i load my security domain "dynamic", configs files:
      application.xml - ejbs and web module
      jboss-app.xml - includes module-service login-service.xml
      jboss-service.xml - specify that login-config.xml is my AuthConfig
      login-config.xml - defines my domain
      login-service.xml - sets cache timeout
      * in SA app i use auth.conf file with content: 
      jbc {
 org.jboss.security.ClientLoginModule required;
};


      I'm trying to log-in in SA with code: 
      LoginContext loginContext = new LoginContext("jbc", callbackHandler);
 loginContext.login();


      callbackHandler fills NameCallback and PasswordCallback.

      Any suggestion will be appreciate :-)

      Regards
      piotr.koper

      • 4650 Views
      • Tags:
        • 1. Re: Custom LoginModule, standalone application, InitialConte
          piotr.koper
          piotr.koper Sep 27, 2007 8:03 AM (in response to piotr.koper)

          So now I think I know what was the problem.

          Problem was in my class that extends AbstractServerLoginModule. In method login() i didn't use super.callbackHandler at all. When i did - promlems were gone :-). But still i have one tiny problem. I just want to pass one extra parameter to LoginModule through InitialContext environment params. Now i have my own Callback, that implements Callback interface... But in login method i have an exception: UnsupportedCallbackException. Even when I'm trying to logg in with LoginContext - the same problem.

          piotr.koper

            • Actions
          • 2. Re: Custom LoginModule, standalone application, InitialConte
            acids76
            acids76 Oct 8, 2007 10:37 AM (in response to piotr.koper)

            Hi,
            I'm new with JBoss AS and for my thesis I need to implement an authenticator that accepts the name of user and its rolenames by Apache. So from Jboss i don't need to performe authentication, only read what Apache sends and create a principal but I don't know how to create principal... could you give me any tips? thanks...

              • Actions
            • 3. Re: Custom LoginModule, standalone application, InitialConte
              sushilgovind
              sushilgovind Oct 20, 2008 8:09 AM (in response to piotr.koper)

              You would have to write your own LoginModule and where in your login function you would have to ask to jboss to call you custom callback.

              If you custom callback is called HelloCallback the you would have

              NameCallback nc = new NameCallback("User name :" , guest);
              PasswordCallback pc = new PasswordCallback("Password :" , false);
              HelloCallback hc = new HelloCallback("Hello:" , "hi");
              Callback[] callbacks = {nc,pc,hc};

              callbackHandler.handle(callbacks);

                • Actions