Custom JAAS login module
carlos.grahl Sep 18, 2007 10:26 AMHello,
I'm new to JBoss Portal, and i'm need to authenticate using my own user database. For testing purposes, i made a very simple Jaas login module. It so simple that it not even authenticates! :-) The login() method always returns true.
I'm using it just to learn what configuration must be done on the portal to use it.
Here is my code:
public class TestLoginModule implements LoginModule { private Subject subject; private CallbackHandler callbackHandler; private Map sharedState; private Map options; private String username = null; private boolean loginOk = false; private SimplePrincipal usernamePrincipal; private Object password; public boolean abort() throws LoginException { // TODO Auto-generated method stub return false; } public boolean commit() throws LoginException { System.out.println("commit()"); if (!loginOk) return false; usernamePrincipal = new SimplePrincipal(username); password = new String("idontusethis"); subject.getPrincipals().add(usernamePrincipal); subject.getPublicCredentials().add(password); this.username = null; return true; } public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { System.out.println("initialize(). CallbackHandler: " + callbackHandler.toString()); this.subject = subject; this.callbackHandler = callbackHandler; this.sharedState = sharedState; this.options = options; } public boolean login() throws LoginException { System.out.println("login()"); NameCallback namecallback = new NameCallback("Enter username"); PasswordCallback passwordcallback = new PasswordCallback("Enter password", false); try { callbackHandler.handle(new Callback[] { namecallback, passwordcallback }); username = namecallback.getName(); password = new String(passwordcallback.getPassword()); System.out.println("TODO\t" + this.getClass().getName() + ": Call Authentication Code."); System.out.println("Username: " + username + " password: " + password); loginOk = true; return true; } catch (UnsupportedCallbackException e) { } catch (java.io.IOException e) { } finally { } return false; } public boolean logout() throws LoginException { // TODO Auto-generated method stub return false; } }
I changed the login-config.xml as follows:
<login-module code="com.senior.security.jaas.TestLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">guest</module-option> <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option> <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option> <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option> <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option> <module-option name="additionalRole">Authenticated</module-option> <module-option name="password-stacking">useFirstPass</module-option> </login-module>
When i try to login, using admin/admin or user/user, the console shows the corret username/password pair. But the browser shows the "HTTP Status 403 - Access to the requested resource has been denied" error page.
I press the "back" button on the browser, and the user shows logged in (on the upper right corner of the screen). But I can't go to my dashboard.
Did I miss some configuration step?
What I must do to configure my own login module?
Thank you