5 Replies Latest reply on Oct 10, 2006 7:05 AM by Venkatesh babu

    what action does it do?

    wang wei Newbie

      Hi all,
      Today I read the source code about the portal, when I see the



      in login.jsp. I can not find what "j_security_check" do in the project, I am not familiar with the portal , so can you tell me what does it do next , and how does it get data from the database? I am confused the most is how does portal get data from the database, such as login the system, where does it access the database, I can not find it form the source code. So I hope anyone of you can answer it , thanks very much!

        • 1. Re: what action does it do?
          Sohil Shah Master

          Wendy-

          j_security_check is used to perform JAAS security based login which is what portal uses.


          The Login is handled by a JAAS login module called org.jboss.portal.identity.auth.IdentityLoginModule

          in portal..

          For details on JAAS check out http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossSX

          Thanks
          Sohil

          • 2. Re: what action does it do?
            wang wei Newbie

            sorry, i am not use the version2.4.0
            I used the version 2.2.0, what class does j_security_check called?I still confused how does it called class, use "j_security_check". becaues there is not the word match "j_security_check".

            • 3. Re: what action does it do?
              wang wei Newbie

              Hi sohik.shah,

              After read mateials about JAAS. I know how the security framwork works in the JBoss server. But I still confused that how "j_security_check" called the classs work, is the name of "j_security_check" have some rules? For I did not find another "j_security_check" in the configure file or other security file. So can you tell me , how it works? Thanks!

              • 4. Re: what action does it do?
                wang wei Newbie

                Hi all,

                I use the version 2.2.0 and the Login is handle by org.jboss.portal.core.security.jaas.ModelLoginModule.
                the code is :

                public class ModelLoginModule
                extends UsernamePasswordLoginModule
                {

                protected String userModuleJNDIName;
                protected String additionalRole;
                protected String havingRole;

                public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
                {
                super.initialize(subject, callbackHandler, sharedState, options);

                // Get data
                userModuleJNDIName = (String)options.get("userModuleJNDIName");
                additionalRole = (String)options.get("additionalRole");
                havingRole = (String)options.get("havingRole");

                // Some info
                log.trace("userModuleJNDIName = " + userModuleJNDIName);
                log.trace("additionalRole = " + additionalRole);
                log.trace("havingRole = " + havingRole);
                }

                private UserModule userModule;

                protected UserModule getUserModule() throws NamingException
                {
                if (userModule == null)
                {
                userModule = (UserModule)new InitialContext().lookup(userModuleJNDIName);
                }
                return userModule;
                }

                protected String getUsersPassword() throws LoginException
                {
                try
                {
                TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
                String password = (String)Transactions.required(tm, new Transactions.Runnable()
                {
                public Object run() throws Exception
                {
                try
                {
                UserModule module = getUserModule();
                User user = module.findUserByUserName(getUsername());
                if (havingRole == null || user.getRoleNames().contains(havingRole))
                {
                return user.getPassword();
                }
                else
                {
                return null;
                }
                }
                catch (NoSuchUserException e)
                {
                return null;
                }
                catch (Exception e)
                {
                throw new LoginException(e.toString());
                }
                }
                });

                // Returning null as password is enough to veto the login
                return password;
                }
                catch (Exception e)
                {
                Throwable cause = e.getCause();
                throw new LoginException(cause.toString());
                }
                }

                protected Group[] getRoleSets() throws LoginException
                {
                try
                {
                TransactionManager tm = (TransactionManager)new InitialContext().lookup("java:/TransactionManager");
                return (Group[])Transactions.required(tm, new Transactions.Runnable()
                {
                public Object run() throws Exception
                {
                try
                {
                UserModule module = getUserModule();
                User user = module.findUserByUserName(getUsername());
                Set roleNames = user.getRoleNames();

                //
                Group rolesGroup = new SimpleGroup("Roles");

                //
                if (additionalRole != null)
                {
                rolesGroup.addMember(createIdentity(additionalRole));
                }

                //
                for (Iterator iterator = roleNames.iterator(); iterator.hasNext();)
                {
                String roleName = (String)iterator.next();
                try
                {
                Principal p = createIdentity(roleName);
                rolesGroup.addMember(p);
                }
                catch (Exception e)
                {
                log.debug("Failed to create principal " + roleName, e);
                }
                }

                //
                return new Group[]{rolesGroup};
                }
                catch (Exception e)
                {
                throw new LoginException(e.toString());
                }
                }
                });
                }
                catch (Exception e)
                {
                Throwable cause = e.getCause();
                throw new LoginException(cause.toString());
                }
                }
                }

                How does it login, I still confused. and how does the page forward? do not have the portlet control it.
                could you explain that to me? Thanks very much!

                • 5. Re: what action does it do?
                  Venkatesh babu Newbie

                  Hey.... i too want the same info, could anybody tell how it works or point out where the docs are available for this.....

                  Thanks in advance
                  Venky