if not changed from 2.4 you have to add the "Admin" role not "administrator"

den74 you beated me ;)
Correct, it's Admin still in 2.6

For those who are experimenting with this for the first time - the login user (identity in the example above) must be created as a portal user account prior to login.

I guess this is a lot of work to authenticate. There are far simpler was to accomplish this. See some of the recent posts in regard to JAAS, also I do not believe you can get authorization this way. You have to use the j_security_check valve or hack on the code to make it work.

Hi cgrahl,

Your first implementation of loginmodule looks correct. Then why did u replace that implementation with extending AbstractServerLoginModule? Whats wrong with the first code? Any particular reason for that?

Thanks
Shilpa

Here is some test code I hacked for creating a LoginModule using hibernate driven by my database. Obviously, this could be extended many ways.

Hope this gets you further along.

Creative


import java.util.*;

import javax.security.auth.*;
import javax.security.auth.spi.*;
import javax.security.auth.login.*;
import javax.security.auth.callback.*;
import com.xxxx.dao.jaas.Users;
import org.hibernate.*;
import javax.naming.*;

public class LoginModule implements LoginModule{

// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;

// configurable option
private boolean debug = false;

// username and password
private String username;
private String password;

//authentication status
boolean auth_success = true;
boolean commit_success = false;
boolean password_mismatch= false;
boolean invalid_user= false;

//User Credentials
private String _lastname = null;
private String _firstname = null;
private String _email = null;
private String _userid = null;

private MyEmailPrincipal emailPrincipal = null;
private MyFirstnamePrincipal fnamePrincipal = null;
private MyLastnamePrincipal lnamePrincipal = null;
private MyUserIdPrincipal userIdPrincipal = null;

/**
* Initialize this LoginModule.
*
*
*
* @param subject the Subject to be authenticated.
*
* @param callbackHandler a CallbackHandler for communicating
* with the end user (prompting for user names and
* passwords, for example).
*
* @param sharedState shared LoginModule state.
*
* @param options options specified in the login
* Configuration for this particular
* LoginModule.
*/


public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {

System.out.println("MyJdbcLoginModule:InitMethod");

this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;


}

/**
* Authenticate the user by prompting for a user name and password.
*
*
*
* @return true in all cases since this LoginModule
* should not be ignored.
*
* @exception FailedLoginException if the authentication fails.
*
* @exception LoginException if this LoginModule
* is unable to perform the authentication.
*/
public boolean login() throws LoginException {

System.out.println("MyJdbcLoginModule:login()");
// get the callback handler with the user name and password
if (callbackHandler == null)
throw new LoginException("MyJdbcLoginModule: No CallbackHandler Available");

Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username");
callbacks[1] = new PasswordCallback("Password: ", false);

try {
callbackHandler.handle(callbacks);
username = ((NameCallback)callbacks[0]).getName();
password = new String(((PasswordCallback)callbacks[1]).getPassword());

auth_success = validateUser(username, password);

if(!auth_success){
if(password_mismatch){
throw new LoginException("Invalid Password");
}else if(invalid_user){
throw new LoginException("Invalid Username");
}
}
return true;
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException use) {
throw new LoginException("MyJdbcLoginModule: Not Supported"+ use.getCallback().toString() );
}
}

/**
* This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
*
* @exception LoginException if the commit fails.
*
* @return true if this LoginModule's own login and commit
* attempts succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
System.out.println("MyJdbcLoginModule:commit()");
System.out.println(auth_success);

if (auth_success) {
commit_success= true;
fnamePrincipal = new MyFirstnamePrincipal(_firstname);
lnamePrincipal = new MyLastnamePrincipal(_lastname);
emailPrincipal = new MyEmailPrincipal(_email);
userIdPrincipal = new MyUserIdPrincipal(_userid);

System.out.println("Adding principals");

subject.getPrincipals().add(fnamePrincipal);
subject.getPrincipals().add(lnamePrincipal);
subject.getPrincipals().add(emailPrincipal);
subject.getPrincipals().add(userIdPrincipal);

} else {
commit_success = false;
}
return commit_success;
}

/**
* This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* login and commit methods),
* then this method cleans up any state that was originally saved.
*
*
*
* @exception LoginException if the abort fails.
*
* @return false if this LoginModule's own login and/or commit attempts
* failed, and true otherwise.
*/
public boolean abort() throws LoginException {

System.out.println("MyJdbcLoginModule:abort()");
if (!auth_success) {
// authentication failure
username = null;
password = null;
this.subject.getPrincipals().clear();
return true;
}
return false;
}

/**
* Logout the user.
*
* This method removes the SamplePrincipal
* that was added by the commit method.
*
*
* @exception LoginException if the logout fails.
*
* @return true in all cases since this LoginModule
* should not be ignored.
*/
public boolean logout() throws LoginException {
System.out.println("MyJdbcLoginModule:logout()");
this.username = null;
this.password = null;
this.subject.getPrincipals().clear();
return true;
}


/**
* This method does the actual authentication by validating in the database
* if the user exists and if the password matches or not.
*
*/

public boolean validateUser(String username, String password){

try{

Context ctx = new InitialContext();
SessionFactory factory = (SessionFactory) ctx.lookup("java:/hibernate/SessionFactory");
Session sess = factory.openSession();

Query query = sess.createQuery("from Users as users where username = '" + username + "' and password = '" + password + "'");

List rList = query.list();

String _password = null;
System.out.println("Found " + rList.size() + " entrie(s) for this user.");

if(rList.size() > 0 ){
//the user exists in the database there auth_success=true
_password = ((Users)rList.get(0)).getPassword();
_lastname = ((Users)rList.get(0)).getLastname();
_firstname = ((Users)rList.get(0)).getFirstname();
_email = ((Users)rList.get(0)).getEmail();
_userid = new Integer(((Users)rList.get(0)).getUserid()).toString();


} else {
//if no results obtained means the user is not present in the database
auth_success = false;
invalid_user = true;
return auth_success;
}

//user exists and check if the password matches..

System.out.println(password + " equals " + _password);

if(!password.equals(_password)){
auth_success = false;
password_mismatch= true;
return auth_success;
}

}catch(Exception sqx){
System.err.println("MyJdbcLoginModule: Exception encountered while retrieving values");
System.err.println(sqx);
auth_success = false;
}finally {

}
System.out.println(auth_success);
return auth_success;
}
}