4 Replies Latest reply on Feb 6, 2009 1:53 AM by alxt

    JAAS problem with LoginModule

    alxt
    alxt Feb 5, 2009 12:13 AM

      I use jdk 1.6.11/win32, JBossAS 5RC2.
      EAR contains EJB with jboss.xml:

      <?xml version='1.0' encoding='UTF-8' ?>
<jboss>
 <security-domain>java:/jaas/ASKUR</security-domain>
</jboss>


      in login-config.xml: 
      <application-policy name = "ASKUR">
 <authentication>
 <login-module code = "ru.infosfera.auth.RolesLoginModule" flag = "required"/>
 </authentication>
 </application-policy>


      in RolesLoginModule: 
      private Map<String, ?> sharedState;
 public void initialize(Subject subject, CallbackHandler callbackHandler,
 Map<String, ?> sharedState, Map<String, ?> options)
 { this.sharedState = sharedState; }

 public boolean login() throws LoginException {
 log.error("sharedState.size() = " + sharedState.size());
 return true;
 }


      in this EJB exist stateless bean: 
      public class AuthContext implements AuthContextLocal, AuthContextRemote {
 @Resource EJBContext ejbContext;
 public String test() {
 return ejbContext.getCallerPrincipal().getName();
 }


      Client code: 
      System.setProperty("java.security.auth.login.config","auth.conf");
 Hashtable<String, String> params = new Hashtable<String, String>();
 params.put(Context.PROVIDER_URL , "jnp://localhost:1099");
 params.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
 params.put(Context.AUTHORITATIVE, "true");
 LoginContext lc = new LoginContext("ASKUR",new ClientCallBackHandler("root","root"));
 lc.login();
 Context ctx = new InitialContext(params);
 Object obj = ctx.lookup("EJB/Auth/AuthContext");
 AuthContextRemote auth = (AuthContextRemote) PortableRemoteObject.narrow(obj, AuthContextRemote.class);
 System.out.println("Auth: " + auth.test());


      in auth.conf: 
      ASKUR {
 org.jboss.security.ClientLoginModule required;
};


      Result:
      EJB bean method test() return username (root), but in Login module datas not sended
      [RolesLoginModule] sharedState.size() = 0


      What need to do? I want check usename...

      • 1022 Views
      • Tags:
        • 1. Re: JAAS problem with LoginModule
          wolfgangknauf
          wolfgangknauf Feb 5, 2009 9:47 AM (in response to alxt)

          Hi,

          please provide full code of your login module (e.g. the base class).

          I built a custom login module once, and it looked like this:

          public class MyLoginModule extends UsernamePasswordLoginModule
{

 public void initialize(Subject subject, CallbackHandler callbackHandler,
 Map sharedState, Map options)
 {
 super.initialize(subject, callbackHandler, sharedState, options);

 ...initialize module according to config from "options"....

 }

 /**Get roles of current user
 * @return An Array of user roles roles
 */
 protected Group[] getRoleSets() throws LoginException
 {
 Group[] groups = { new SimpleGroup("Roles") };

 String user = super.getUsername();

 //Get roles for user:
 SimplePrincipal role = new SimplePrincipal("role_of_user");
 groups[0].addMember(role);
 return groups;
 }

 /**Get password of current user
 * @return Password of user
 * @throws LoginException If user was not found
 */
 protected String getUsersPassword() throws LoginException
 {
 String user = super.getUsername();
 if (user.equals ("root") )
 {
 return "rootpassword";
 }
 }




          I think you should not override method "login", but "getRoleSets" and "getUsersPassword"

          Hope this helps

          Wolfgang

            • Actions
          • 2. Re: JAAS problem with LoginModule
            alxt
            alxt Feb 6, 2009 12:31 AM (in response to alxt)

             

            "Wolfgang Knauf" wrote:
            please provide full code of your login module (e.g. the base class).
            [/quot]
            public class RolesLoginModule implements LoginModule {
 private static final Log log = LogFactory.getLog(RolesLoginModule.class);
 private Subject subject;
 private CallbackHandler callbackHandler;
 private Map<String, ?> sharedState;
 private Map<String, ?> options;

 public void initialize(Subject subject, CallbackHandler callbackHandler,
 Map<String, ?> sharedState, Map<String, ?> options)
 {
 this.subject = subject;
 this.callbackHandler = callbackHandler;
 this.sharedState = sharedState;
 this.options = options;
 }

 public boolean login() throws LoginException {
 log.error("sharedState.size() = " + sharedState.size()); //0
 log.error("subject.getPrincipals().size()=" + subject.getPrincipals().size()); //0
 log.error("options.size() = " + options.size()); //1
 return true;
 }
 public boolean logout() throws LoginException { return true; }
 public boolean abort() throws LoginException { return true; }
 public boolean commit() throws LoginException { return true; }
}


              • Actions
            • 3. Re: JAAS problem with LoginModule
              alxt
              alxt Feb 6, 2009 12:34 AM (in response to alxt)

              Now I test it in jboss-5.0.0.GA-jdk6.zip
              Same result...

                • Actions
              • 4. Re: JAAS problem with LoginModule
                alxt
                alxt Feb 6, 2009 1:53 AM (in response to alxt)

                Sory, fixed.

                NameCallback nc = new NameCallback("User name: ", "guest");
 PasswordCallback pc = new PasswordCallback("Password: ", false);
 Callback[] callbacks = {nc, pc};
 callbackHandler.handle(callbacks);
 username = nc.getName();
 password = pc.getPassword();


                  • Actions