Custom Login Module
I'm trying to implement Cutsom Login Module in JBoss. Right now I'm trying to pass credentials in clear text. Once it works I will change the code to fetch from a service.
{code}
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import java.util.Map;
import java.security.acl.Group;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
public class CustomUsernamePasswordLoginModule extends UsernamePasswordLoginModule
{
private static final Logger LOGGER = LoggerFactory.getLogger(CustomUsernamePasswordLoginModule.class);
@Override
public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options)
{
// We could read options passed via <module-option> in standalone.xml if there were any here
// For an example see http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/5/html/Security_Guide/sect-Custom_LoginModule_Example.html
// We could also f.ex. lookup a data source in JNDI
// For an example see http://www.docjar.com/html/api/org/jboss/security/auth/spi/DatabaseServerLoginModule.java.html
super.initialize(subject, callbackHandler, sharedState, options);
}
@Override
protected String getUsername()
{
return "admin";
}
/**
* (required) The UsernamePasswordLoginModule modules compares the result of this
* method with the actual password.
*/
@Override
protected String getUsersPassword() throws LoginException {
return "admin";
}
/**
* (optional) Override if you want to change how the password are compared or
* if you need to perform some conversion on them.
*/
@Override
protected boolean validatePassword(String inputPassword, String expectedPassword) {
return true;
}
/**
* (required) The groups of the user, there must be at least one group called
* "Roles" (though it likely can be empty) containing the roles the user has.
*/
@Override
protected Group[] getRoleSets() throws LoginException {
SimpleGroup group = new SimpleGroup("Roles");
return new Group[] { group };
}
}
standalone-full.xml
....
<security-domain name="encrypted-ds" cache-type="default">
<authentication>
<login-module code="com.gs.jboss.security.CustomUsernamePasswordLoginModule" flag="required">
<module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=DefaultDS"/>
</login-module>
</authentication>
</security-domain>
....
server.log - Log Level is Trace
....
17:21:37,256 TRACE [org.jboss.security] (MSC service thread 1-2) PBOX000200: Begin isValid, principal: null, cache entry: null
17:21:37,256 TRACE [org.jboss.security] (MSC service thread 1-2) PBOX000209: defaultLogin, principal: null
17:21:37,258 TRACE [org.jboss.security] (MSC service thread 1-2) PBOX000221: Begin getAppConfigurationEntry(encrypted-ds), size: 7
17:21:37,261 TRACE [org.jboss.security] (MSC service thread 1-2) PBOX000224: End getAppConfigurationEntry(encrypted-ds), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: com.gs.jboss.security.CustomUsernamePasswordLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=managedConnectionFactoryName, value=jboss.jca:service=LocalTxCM,name=DefaultDS
17:21:37,263 TRACE [org.jboss.security] (MSC service thread 1-2) PBOX000201: End isValid, result = false
17:21:37,268 ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-2) Exception during createSubject()PBOX000016: Access denied: authentication failed: java.lang.SecurityException: PBOX000016: Access denied: authentication failed
at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84)
at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1069)
at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1064)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_45]
{code}