6 Replies Latest reply on Mar 13, 2009 6:18 AM by vantek

    custom  sso :cas

      I have done cas sso with jboss portal successfully.

      Now I want to use our userinfo database for Authenticate.
      I write a new CASAuthenticationService implements AuthenticationService
      instead of the CASAuthenticationService in the portal-identity-sso-lib.jar.

      public class CASAuthenticationService implements AuthenticationService{
       private final static Logger logger = Logger.getLogger(CASAuthenticationService.class);
       private String datasource = null;
       private String queryPasswordByUserNameSql = null;
      
      
       public String getQueryPasswordByUserNameSql() {
       return queryPasswordByUserNameSql;
       }
       public void setQueryPasswordByUserNameSql(String queryPasswordByUserNameSql) {
       this.queryPasswordByUserNameSql = queryPasswordByUserNameSql;
       }
      
      
      
       public String getDatasource() {
       return datasource;
       }
       public void setDatasource(String datasource) {
       this.datasource = datasource;
       }
       public void start(){
      
       }
       public void stop(){
      
       }
      
       @Override
       public boolean authenticate(String userName, String password) {
       logger.info("userName="+userName+",password="+password);
       Connection c = null;
       PreparedStatement ps = null;
       ResultSet rs = null;
       try {
       Context ctx = new InitialContext();
       DataSource ds = (DataSource) ctx.lookup(this.datasource);
       c = ds.getConnection();
       ps = c.prepareStatement(this.queryPasswordByUserNameSql);
       ps.setString(1, userName);
       rs = ps.executeQuery();
       if(rs!=null&&rs.next()){
       String tmpPassword = rs.getString(1);
       tmpPassword = EncryptHelper.dencrypt(tmpPassword);
       logger.info("password equals="+(password.equals(tmpPassword)));
       return password.equals(tmpPassword);
       }
       } catch (Exception e) {
       e.printStackTrace();
       logger.error(e);
       return false;
       }finally{
       try{
       if(rs!=null){
       rs.close();
       }
       if(ps!=null){
       ps.close();
       }
       if(!c.isClosed()){
       c.close();
       }
       }catch(Exception e){
       logger.error(e);
       }
       }
       return false;
       }
      
      }
      



       <mbean code="test.portal.identity.sso.cas.crm.CASAuthenticationService"
       name="portal:service=Module,type=CASAuthenticationService"
       xmbean-dd=""
       xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
       <xmbean/>
       <attribute name="Datasource">java:/jdbc/CRM</attribute>
       <attribute name="QueryPasswordByUserNameSql">select password from personinfo where userCode=?</attribute>
       </mbean>
      



      I deploy the jar and start server.
      It runs well.
      and the CASAuthenticationService ruturn true after sign in,cas server gives a ticket too.
      But portal still redirect to a portal login page.

      I am wondering and puzled.
      I need help.

      thanks

        • 1. Re: custom  sso :cas

          who can tell me what happend after the cas Authentication?

          • 2. Re: custom  sso :cas

             

            14:31:58,031 INFO [STDOUT] 2008-08-27 14:31:58,031 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jboss.portal.identity.auth.CASAuthenticationHandler successfully authenticated the user which provided the following credentials: 029>
            14:31:58,031 INFO [STDOUT] 2008-08-27 14:31:58,031 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-4-Sj5l6zeeBvWhj9qnMNUtidYUEKeNeCBcdyw-20] for service [http://localhost/portal/auth/portal/default/default] for user [029]>
            
            




            • 3. Re: custom  sso :cas

              After the cas Authentication ,jbp use
              jboss-portal.sar\conf\login-config.xml to do another
              login check.

              I trace the DBIdentityLoginModule,however,the login method never called.

              the getUsersPassword() is not called too.

              • 4. Re: custom  sso :cas

                I find out there is another authentication after the CAS authentication.

                I write a custom DBIdentityLoginModule class .
                Object sharedStatepassword = sharedState.get("javax.security.auth.login.password");

                The value of sharedStatepassword is null in the DBIdentityLoginModule after CAS authentication.
                After redirect to the portal's login page,input username and password,the value of sharedStatepassword is correct.
                why after the cas authentication sharedStatepassword lost the value?
                It's a problem.

                • 5. Re: custom  sso :cas
                  vantek

                  Hi

                  dis you resolve your problem? I've got almost the same, with a custom CASAuthenticationService which allows all user connection(for the moment), and a custom login module in jb Portal, which allows all user connection too.

                  in the login module, username entered in CAS is ok, but the user password is null...

                  so for the moment, login is ok because both CASauthentication service and login module allows all users. But when jboss portal try to synchronize user with jboss portal users, i've got a null pointer exception on the password =/

                  thanks in advance.

                  • 6. Re: custom  sso :cas
                    vantek

                    Weel, i don't know if the password is really the problem...

                    i've got this exception, no more infos =/

                    11:18:33,260 WARN [SynchronizingLoginModule] Failed to sychronize identity of user: vantek
                    javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.NullPointerException: null text
                     at org.jboss.portal.identity.auth.SynchronizingLoginModule.performSynchronization(SynchronizingLoginModule.java:397)
                     at org.jboss.portal.identity.auth.SynchronizingLoginModule.commit(SynchronizingLoginModule.java:222)
                     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                     at java.lang.reflect.Method.invoke(Method.java:597)
                     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
                     at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
                     at java.security.AccessController.doPrivileged(Native Method)
                     at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
                     at javax.security.auth.login.LoginContext.login(LoginContext.java:580)
                     at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
                     at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
                     at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
                     at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
                     at org.jboss.portal.identity.sso.cas.CASAuthenticationValve.invoke(CASAuthenticationValve.java:348)
                     at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
                     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
                     at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
                     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
                     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
                     at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
                     at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
                     at java.lang.Thread.run(Thread.java:619)