1 2 Previous Next 22 Replies Latest reply on Sep 26, 2007 2:06 PM by nm-156

    Calling JAAS

    creative77


      I am creating a JSF login portlet and need to make calls to JAAS from the login session. I believe I can directly call the IdentityLoginModule class. But, I am not sure how to populate the initialization Subject, Callback, State, and Option classes.

      Has anyone done this or is there a better way.

      i.e.

      public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)

        • 1. Re: Calling JAAS
          creative77

          I was able to solve this quite simply. I will post the code for others who might be interested.

          • 2. Re: Calling JAAS
            bdaw

            A much better place to share knowledge would be JBoss Portal Wiki (http://jboss.org/wiki/Wiki.jsp?page=JBossPortal).

            • 3. Re: Calling JAAS
              gersonjohan

               

              "creative77" wrote:
              I was able to solve this quite simply. I will post the code for others who might be interested.


              Hi, i'm interested in the code. Thanks

              • 4. YES!!

                Can someone please tell me how to do this?

                I would love to know how to contact JAAS from my portlet....

                Thanks

                Indy

                • 5. Re: Calling JAAS
                  gersonjohan


                  I treated to login using a LoginContext as the following:

                  
                  String username = request.getParameter("username");
                  String password = request.getParameter("password");
                  
                  boolean loginOk = false;
                  
                  if (username != null && password != null){
                  
                   LoginContext lc = null;
                  
                   try {
                   ClienteCallbackHandler handler = new ClienteCallbackHandler(username, password.toCharArray());
                   lc = new LoginContext("portal", handler);
                   lc.login();
                   loginOk = true;
                   } catch (LoginException e) {
                   logger.error("Login incorrecto.", e);
                   }
                  }
                  



                  I create my callback and everything works without errors, but the portal continues sending to the login page when it is tried to accede to a safe context.


                  • 6. Re: Calling JAAS
                    creative77

                    This is correct exactly as I have done it. Just a note I was not sure which authentication context to use. I used a different handler but the result is the same.

                    To those who need to know I used the JAAS context from the login-conf.xml file.

                    gersonjohan, this is part of the solution you are authenticating the username and password to JAAS. But, I don't think this is the complete registration. Once this is done you have to tell the portal that this user has authentication to access the pages and then redirect to the /auth context path. I am not sure what else needs to be called to get the user profile information registered along with security rights.

                    Another way of doing this in 2.6 would be to take the login.jsp and add it to the CMS. Then create a CMS portlet and add it to a page. I haven't tried this yet but it should word.

                    • 7. Re: Calling JAAS

                      I would like to get the complete registration from the portlet...

                      Going to keep trying...if anyone gets the complete registration to work...POST IT... :)

                      thanks

                      Indy

                      • 8. Re: Calling JAAS
                        creative77


                        Just another note when I created a generic JAAS module for another application, after authentication I had to map or filter to the authorized context path.

                        I haven't had time to look thru the JB portal classes much, but I do think there is a class for mapping the path and also a permission factory.

                        Any help from the developers on this ???

                        • 9. Re: Calling JAAS

                          ok...I need some help...

                          JBoss AS: 4.0.5
                          JBoss Portal: 2.6.1


                          What I am trying to do
                          --------------------------
                          Create a JSF portlet that takes a User name and password from a user and authenticates the User through the JAAS framework. This would also include setting the context path to "/auth" after the User has been authenticated.

                          What is the ClienteCallbackHandler class used in the examples above? Is this something standard in the JAAS framework? Is this just the IdentityLoginModule? (Sorry, very new to JAAS)

                          I have looked through the source code and for the life of me can not find any help setting the context path correctly after the user is authenticated.

                          I have looked through the Permission Factory code....but i am just lost...

                          Any help would be very appreciated...

                          Thanks

                          indy

                          • 10. Re: Calling JAAS

                            Ok...free ice cream for anyone that helps me...

                            :)


                            indy

                            • 11. Re: Calling JAAS
                              brownfielda

                              Free ice cream you say? I'm suddenly motivated. :-P

                              Best I can offer is a free book I ran across that may help hone your knowledge of JAAS: http://www.jaasbook.com/.

                              I'm very new to JAAS as well, but won't have time to research it more extensively for a couple weeks. If you don't come up with a solution within a couple weeks, send me an email and give me an excuse to learn more about JAAS. Seriously.

                              • 12. Re: Calling JAAS
                                creative77

                                There are several Handlers in the Jboss security jar. I tested mine using the UserPassword handler and it worked. I gersonjohan used the client which is I believe the default method. There are several others all requiring different information passed to them.

                                I'm not an expert but, the handler takes the users credentials so it can be associated to an authentication service such as the ones found in login config, used in creating a login context. In essence it takes care of creating the principle structures and populating user information.

                                Once this information has been bound then as gersonjohan's code shows you just call login().

                                Note, that this method is the authentication authorization phase, and does not activate any portal permission. This is handled by filters in the web.xml file and filter classes usually reading the filter and redirecting to the secure context path. I am assuming that JBoss has handlers or managers that map the authorized user and role to the portals permissions.

                                In the past when I have used JAAS I put the redirect and set up permissions from my filter class. My problem is I am not sure how this is done in JBoss.

                                • 13. Re: Calling JAAS

                                  ok....i cant even get authenticated...

                                  
                                  try{
                                  
                                   UsernamePasswordHandler handler = new
                                   UsernamePasswordHandler("admin", "admin".toCharArray());
                                  
                                   LoginContext lgnctx = new LoginContext("portal", handler);
                                  
                                   lgnctx.login();
                                  
                                  }catch(Exception e){
                                  
                                  }
                                  
                                  


                                  Gives the following error...

                                  
                                  org.jboss.portal.common.transaction.NestedException: javax.security.auth.login.LoginException: java.lang.ClassCastException: org.hibernate.hql.ast.HqlToken cannot be cast to org.hibernate.hql.ast.HqlToken
                                  
                                  


                                  i have no idea how this throws a Hibernate error....but it does...

                                  • 14. Re: Calling JAAS

                                    ok....i am a dummy...

                                    I had a conflicting Hibernate3.jar in my app that didnt play nice with the Hibernate3.jar in the default/lib...

                                    I get authenticated now...

                                    1 2 Previous Next