8 Replies Latest reply on Aug 20, 2007 1:54 PM by D D

    JAAS/JACC...help...please....

    Casey Boyd Novice

      Portal: 2.6.1
      JBoss AS: 3.4
      MySQL

      I want to write a portlet that authenticates and authorizes the user.

      I can authenticate just fine...

      
      UsernamePasswordHandler handler = new
      UsernamePasswordHandler(this.username, this.password.toCharArray());
      
      LoginContext logincontext = new LoginContext("portal", handler);
      
      logincontext.login();
      
      Subject subject = logincontext.getSubject();
      
      


      This works fine....but how to I give the correct permissions to the user? I can get the Principals, but what do I do with them? Do I even need them? How do I forward the user to the "/auth" url?

      ANY help would be very helpful...

      Thanks

      indy

        • 1. Re: JAAS/JACC...help...please....
          Sohil Shah Master

          Indy-

          If you seek enlightenment please follow this forum thread ;)

          http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4073177#4073177

          Thanks

          • 2. Re: JAAS/JACC...help...please....
            Casey Boyd Novice

            Thats the one i have been trying to follow...

            I am very new to this so I apologize...

            I get the user authenticated and get their Principals (Roles)...

            What I don't understand is how to tell the Portal framework that this user is "Authenticated".

            I tried using the JACC Portal Permission factory and adding the role "Authenticated" with no luck...

            I just assume the Portal framework is smart enough to forward the user to the "/auth" context once an "Authenticated" role has been added.

            I just need a little...ah..."push"...in the right direction... :)

            indy

            • 3. Re: JAAS/JACC...help...please....
              Sohil Shah Master

              Indy-

              You will need integration inside of tomcat to achieve this, using Valve/Authenticator approach.

              Krish from previous thread successfully did this.

              Krish, can you share some of your insight with Indy on this issue.

              Thanks

              • 4. Re: JAAS/JACC...help...please....
                D D Newbie

                This is the approach you want to take.

                http://jboss.org/index.html?module=bb&op=viewtopic&t=116375


                Sohil, rewriting the valve ???? That's basically what he's asking how to do, no one seems to know.

                Post 116375 looks to be getting closer to a solution.

                • 5. Re: JAAS/JACC...help...please....
                  Casey Boyd Novice

                  creative777,

                  Thanks for the help...that is exactly what i need...

                  I will try it out and let you know how it goes...

                  thanks

                  indy

                  • 6. Re: JAAS/JACC...help...please....
                    D D Newbie

                    Indy,

                    I assume you have been checking out the jbosssx lib in source. This has an authorization manager class.

                    Instead of calling the usually login(), you use the managers authenticate(), you can use this class as it look like it does alot of account setup. It also puts the user information into a cache, I'm thinking this is what is missing just a guess though at this point.

                    Cheers

                    • 7. Re: JAAS/JACC...help...please....
                      D D Newbie

                      I reviewed Sohil's post and did review the Tomcat Authenticator and I can now see what the hurdles are in regard to circumventing the Tomcat Valve.

                      Portal extends the JBoss security which extends the Tomcat security scheme although I think it is still possible to setup a portlet with just portal authorization would get pretty ugly.

                      So rewriting the Tomcat Authenticator and applying as a custom servlet would be the easier route. Not sure what that will be but if anyone has done this I and Indy would appreciate it if you would share some code.

                      • 8. Re: JAAS/JACC...help...please....
                        D D Newbie


                        JSF

                        public String submit(){
                        String retVal = "";
                        String j_username = getUserId().getValue().toString();
                        String j_password = getPassword().getValue().toString();
                        ExternalContext externalContext = getFacesContext().getExternalContext();
                        String jsessionid = ((HttpSession)externalContext.getSession(false)).getId();
                        // Only if sanity checks and validations on j_username & j_password pass, proceed further.

                        ApplicationParameter.getLogger().debug("Current jsessionid=" + jsessionid);
                        ApplicationParameter.getLogger().debug("submitting login details (userId: " + j_username + " & password: " + j_password + ") to /j_security_check ...");
                        try {
                        URL jSecurityCheckURL = new URL("http://localhost:9080/raweb/j_security_check;jsessionid=0000" + jsessionid + ":-1&j_username=" + j_username + "&j_password" + j_password);
                        HttpURLConnection jSecurityCheckURLConnection = (HttpURLConnection)jSecurityCheckURL.openConnection();
                        jSecurityCheckURLConnection.setRequestMethod("POST");
                        jSecurityCheckURLConnection.setInstanceFollowRedirects(false);
                        // jSecurityCheckURLConnection.addRequestProperty("j_username", j_username);
                        // jSecurityCheckURLConnection.addRequestProperty("j_password", j_password);
                        // jSecurityCheckURLConnection.setRequestProperty("j_username", j_username);
                        // jSecurityCheckURLConnection.setRequestProperty("j_password", j_password);
                        jSecurityCheckURLConnection.connect();
                        ApplicationParameter.getLogger().debug("j_security_check returned: " + jSecurityCheckURLConnection.getResponseCode() + ": " + jSecurityCheckURLConnection.getResponseCode());

                        if (null != externalContext) {
                        String remoteUser = externalContext.getRemoteUser();
                        ApplicationParameter.getLogger().debug("Authenticated username: " + remoteUser);
                        HttpServletRequest httpServletRequest = (HttpServletRequest)externalContext.getRequest();
                        Principal principal = httpServletRequest.getUserPrincipal();
                        if (null != principal) {
                        String userName = principal.getName();
                        ApplicationParameter.getLogger().debug("Authenticated username: " + userName);
                        }
                        } else {
                        ApplicationParameter.getLogger().debug("Unable to obtain Faces ExternalContext and hence the remote user details.");
                        }
                        } catch (MalformedURLException ex) {
                        ApplicationParameter.getLogger().error(ex);
                        retVal = "";
                        } catch (IOException ex) {
                        ApplicationParameter.getLogger().error(ex);
                        retVal = "";
                        }

                        return retVal;
                        }