-
1. Re: JBAS-1468: Add support for IP address reporting inside a
starksm64 Feb 17, 2005 11:09 AM (in response to ricardoarguello)The login module needs to request the information required for authentication using a custom callback handler. Then you need to install a custom javax.security.auth.callback.CallbackHandler that can provide the current request header info based on a Valve and thread local. A custom CallbackHandler can be installed using the CallbackHandlerClassName attribute of the org.jboss.security.plugins.JaasSecurityManagerService.
The existing IPAddressValve should really just be generalized to save the current HttpServletRequest. The custom CallbackHandler should be in the org.jboss.web.tomcat.security package and it should extend the default org.jboss.security.auth.callback.SecurityAssociationHandler and delegate to it any Callback it does not understand.
There needs to be a unit test added to the testsuite. Look at how the JACC unit tests run on a custom configuration of jboss to see how the tests need to be setup to use the customized JaasSecurityManagerService configuration. -
2. Re: JBAS-1468: Add support for IP address reporting inside a
ricardoarguello Feb 17, 2005 12:29 PM (in response to ricardoarguello)I think I have the complete picture, I'll start coding tonight.
Just one question: Why not add this new CallbackHandler to the SecurityAssociationHandler?
Thanks,
Ricardo Argüello -
3. Re: JBAS-1468: Add support for IP address reporting inside a
starksm64 Feb 17, 2005 12:41 PM (in response to ricardoarguello)There is no explicit dependency on the servlet container or servlet api in the security module and none should be added to avoid propagation of an existing problem of cross module dependencies.
There is an implicit dependency due to the JACC service's dependency on the JACC permission classes, and this service should in fact be moved out of the security module to clean this up. -
4. Re: JBAS-1468: Add support for IP address reporting inside a
ricardoarguello Feb 26, 2005 12:16 PM (in response to ricardoarguello)I commited some code to resolve JBAS-1468 in the 4.0 branch. I'll commit it to the HEAD branch later.
I'm working on the unit test right now. If somebody wants to help, you are welcome.
Ricardo -
5. Re: JBAS-1468: Add support for IP address reporting inside a
bsheward May 11, 2006 10:26 PM (in response to ricardoarguello)Hi,
Can you please provide any more hints on how to use this LoginModule?
For example, what configuration do I need to do to login-conf.xml?
What methods do I need to override to get the username and password that were passed from my j_security_check form submission?
Can I override the login() method to do custom things?
Thanks and Regards,
Barry