1 Reply Latest reply on Mar 5, 2014 9:27 AM by arjant

Wildfly LoginModule

smog Mar 4, 2014 10:54 AM

Hi,

my problem is: i need to read a cookie with username, afterwards i get corresponding roles for this username via REST. My idea was to write some kind of AuthenticationFilter

@WebFilter(urlPatterns = {"/*"})

public class AuthenticationFilter implements Filter {

...

@Override

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {

final Subject subject = new Subject();

subject.getPrincipals().add(new SimplePrincipal("1234"));

try {

LoginContext loginContext = new LoginContext("login-ctx", subject);

loginContext.login();

filterChain.doFilter(servletRequest, servletResponse);

} catch (Exception ex) {

ex.printStackTrace();

}

...

And corresponding LoginModule:

public class CustomLoginModule extends AbstractServerLoginModule {

@Override

public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {

super.initialize(subject, callbackHandler, sharedState, options);

}

@Override

public boolean login() throws LoginException {

System.out.println(CustomLoginModule.class.getSimpleName() + ".login()");

return true;

}

@Override

public boolean commit() throws LoginException {

System.out.println(CustomLoginModule.class.getSimpleName() + ".commit()");

return true;

}

@Override

public boolean abort() throws LoginException {

System.out.println(CustomLoginModule.class.getSimpleName() + ".abort()");

return false;

}

@Override

public boolean logout() throws LoginException {

System.out.println(CustomLoginModule.class.getSimpleName() + ".logout()");

return true;

}

@Override

protected Principal getIdentity() {

try {

return createIdentity(subject.getPrincipals().toArray(new Principal[1])[0].getName());

} catch (Exception e) {

}

return null;

}

@Override

protected Group[] getRoleSets() throws LoginException {

String[] roles = new String[] {"Administrator"};

Group[] groups = {new SimpleGroup("Roles")};

for(int r = 0; r < roles.length; r ++) {

SimplePrincipal role = new SimplePrincipal(roles[r]);

groups[0].addMember(role);

}

return groups;

}

Everything works fine both login and commit methods are called, but this request is not populated with Principal and Roles. getIdentity() and getRoleSets() function are never called.

What i am doing wrong? Is it legal to call LoginModule in Filter? How can i achieve my goal?

tnx in advance,

best regards!

1. Re: Wildfly LoginModule

arjant Mar 5, 2014 9:27 AM (in response to smog)

You're making a very classic mistake.

When you just instantiate a JAAS login module and call login(), there is no way the application server is made aware of that login. Also be aware that the JAAS module you're using is not standard; it's JBoss specific. See http://arjan-tijms.blogspot.com/2014/02/jaas-in-java-ee-is-not-universal and specifically http://raymondkng.sys-con.com/node/171477 and http://java.sys-con.com/node/1002315 for some background.

In order to do what you want you have to either use the Java EE 7 standard authentication modules (see e.g. http://arjan-tijms.blogspot.com/2012/11/implementing-container-authentication.html) or continue to use the JBoss specific ones. In either case the auth/login module has to be installed up front, so the container (JBoss here) calls your login module when it needs to make a pre-dispatch decision.
1 of 1 people found this helpful
Actions