-
1. Re: what action does it do?
soshah Sep 21, 2006 10:12 AM (in response to wendy8)Wendy-
j_security_check is used to perform JAAS security based login which is what portal uses.
The Login is handled by a JAAS login module called org.jboss.portal.identity.auth.IdentityLoginModule
in portal..
For details on JAAS check out http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossSX
Thanks
Sohil -
2. Re: what action does it do?
wendy8 Sep 22, 2006 4:29 AM (in response to wendy8)sorry, i am not use the version2.4.0
I used the version 2.2.0, what class does j_security_check called?I still confused how does it called class, use "j_security_check". becaues there is not the word match "j_security_check". -
3. Re: what action does it do?
wendy8 Sep 22, 2006 5:36 AM (in response to wendy8)Hi sohik.shah,
After read mateials about JAAS. I know how the security framwork works in the JBoss server. But I still confused that how "j_security_check" called the classs work, is the name of "j_security_check" have some rules? For I did not find another "j_security_check" in the configure file or other security file. So can you tell me , how it works? Thanks! -
4. Re: what action does it do?
wendy8 Sep 26, 2006 10:09 AM (in response to wendy8)Hi all,
I use the version 2.2.0 and the Login is handle by org.jboss.portal.core.security.jaas.ModelLoginModule.
the code is :
public class ModelLoginModule
extends UsernamePasswordLoginModule
{
protected String userModuleJNDIName;
protected String additionalRole;
protected String havingRole;
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
{
super.initialize(subject, callbackHandler, sharedState, options);
// Get data
userModuleJNDIName = (String)options.get("userModuleJNDIName");
additionalRole = (String)options.get("additionalRole");
havingRole = (String)options.get("havingRole");
// Some info
log.trace("userModuleJNDIName = " + userModuleJNDIName);
log.trace("additionalRole = " + additionalRole);
log.trace("havingRole = " + havingRole);
}
private UserModule userModule;
protected UserModule getUserModule() throws NamingException
{
if (userModule == null)
{
userModule = (UserModule)new InitialContext().lookup(userModuleJNDIName);
}
return userModule;
}
protected String getUsersPassword() throws LoginException
{
try
{
TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
String password = (String)Transactions.required(tm, new Transactions.Runnable()
{
public Object run() throws Exception
{
try
{
UserModule module = getUserModule();
User user = module.findUserByUserName(getUsername());
if (havingRole == null || user.getRoleNames().contains(havingRole))
{
return user.getPassword();
}
else
{
return null;
}
}
catch (NoSuchUserException e)
{
return null;
}
catch (Exception e)
{
throw new LoginException(e.toString());
}
}
});
// Returning null as password is enough to veto the login
return password;
}
catch (Exception e)
{
Throwable cause = e.getCause();
throw new LoginException(cause.toString());
}
}
protected Group[] getRoleSets() throws LoginException
{
try
{
TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
return (Group[])Transactions.required(tm, new Transactions.Runnable()
{
public Object run() throws Exception
{
try
{
UserModule module = getUserModule();
User user = module.findUserByUserName(getUsername());
Set roleNames = user.getRoleNames();
//
Group rolesGroup = new SimpleGroup("Roles");
//
if (additionalRole != null)
{
rolesGroup.addMember(createIdentity(additionalRole));
}
//
for (Iterator iterator = roleNames.iterator(); iterator.hasNext();)
{
String roleName = (String)iterator.next();
try
{
Principal p = createIdentity(roleName);
rolesGroup.addMember(p);
}
catch (Exception e)
{
log.debug("Failed to create principal " + roleName, e);
}
}
//
return new Group[]{rolesGroup};
}
catch (Exception e)
{
throw new LoginException(e.toString());
}
}
});
}
catch (Exception e)
{
Throwable cause = e.getCause();
throw new LoginException(cause.toString());
}
}
}
How does it login, I still confused. and how does the page forward? do not have the portlet control it.
could you explain that to me? Thanks very much! -
5. Re: what action does it do?
veebee_s Oct 10, 2006 7:05 AM (in response to wendy8)Hey.... i too want the same info, could anybody tell how it works or point out where the docs are available for this.....
Thanks in advance
Venky