1 Reply Latest reply on Apr 30, 2008 6:12 AM by Dean Pullen

    Custem JAAS IdentityLoginModule

    Venkata Apparao Newbie

      Hi I am using the following code to authenticate users to my portal.

      public class SsoLoginModule extends IdentityLoginModule
      {
       private static final Logger logger = Logger.getLogger(SsoLoginModule.class);
       private static final String DEFAULT_USER_ROLE = "User";
       private static final String JNDI_TRANS_MGR = "java:/TransactionManager";
       private static final String POLICY_CONTEXT_HTTP_SERVLET =
       "javax.servlet.http.HttpServletRequest";
       private static final String OPTION_NAME_DEFAULT_ROLE = "defaultRole";
       private static final String OPTION_NAME_ROLE_MOD_JNDI = "roleModuleJNDIName";
      
      
      
      
       // public static final short UNDEFINED_TIMEZONE = (short)0;
      
       protected String defaultRoleForNewUser = DEFAULT_USER_ROLE;
       protected String roleModuleJNDIName;
       private RoleModule roleModule = null;
       private UserModule userModule = null;
       private UserProfileModule userProfileModule = null;
       private MembershipModule membershipModule = null;
       private Transaction transaction;
       private SessionFactory identitySessionFactory;
       private boolean success;
       private Session session;
      
       /**
       * Initialize the login module.
       * @param subject Authentication subject
       * @param callbackHandler Callback handler for the login module
       * @param sharedState Shared State Map
       * @param options Configuration options of the login module
       */
       public void initialize(Subject subject, CallbackHandler callbackHandler,
       Map sharedState, Map options) {
       super.initialize(subject, callbackHandler, sharedState, options);
       logger.info("Initializing login module.");
       String specifiedDefaultRole=(String)options.get(OPTION_NAME_DEFAULT_ROLE);
       if (!isNullOrEmpty(specifiedDefaultRole)) {
       defaultRoleForNewUser = specifiedDefaultRole;
       }
       roleModuleJNDIName = (String)options.get(OPTION_NAME_ROLE_MOD_JNDI);
       logger.info("Role module JNDI = "+roleModuleJNDIName);
       }
      
       /**
       * Perform log in process.
       */
       public boolean login() throws LoginException {
       logger.info("Inside login.");
       createUserIfNew();
       return super.login();
       }
      
       /**
       * Create user if user does not exist.
       */
       protected void createUserIfNew() throws LoginException {
       try {
       logger.info("Inside createUserIfNew.");
       TransactionManager tm = (TransactionManager)
       new InitialContext().lookup(JNDI_TRANS_MGR);
       Transactions.required(tm, new Transactions.Runnable() {
       public Object run() throws Exception {
       String username = null;
       User user = null;
       try {
       username = (getUsernameAndPassword())[0];
       logger.info("Username = " + username);
      
       try {
      
       userModule = (UserModule)new InitialContext().lookup("java:portal/UserModule");
       logger.info("After getting the UserModule");
       roleModule = (RoleModule)new InitialContext().lookup("java:/portal/RoleModule");
       logger.info("After getting the RoleModule");
       userProfileModule = (UserProfileModule)new InitialContext().lookup("java:portal/UserProfileModule");
       logger.info("After getting the UserProfileModule");
       membershipModule = (MembershipModule)new InitialContext().lookup("java:portal/MembershipModule");
       //logger.info("After getting the MembershipModule");
       } catch (NamingException e1) {
       // TODO Auto-generated catch block
       e1.printStackTrace();
       }
       /*userModule = getUserModule();
       // roleModule = getRoleModule();
       //membershipModule = getMembershipModule();
       logger.info("After getting the UserModule");
       userProfileModule = getUserProfileModule();
       logger.info("After getting the UserProfileModule");*/
       logger.info("Before getting user from UserModule.");
       //identitySessionFactory = (SessionFactory)new InitialContext().lookup("java:/portal/IdentitySessionFactory");
       //session = identitySessionFactory.openSession();
       // transaction = session.beginTransaction();
       user = userModule.findUserByUserName(username);
       logger.info("User ID in the table jbp_users ="+user.getId().toString());
       fillContextWithUserProfile(userProfileModule, user);
       // success = true;
       return null;
       }
       catch(NoSuchUserException nsue) {
       // User not found, let's create it
       logger.info("Create new user " + username);
       HttpServletRequest request = getHttpServletRequest();
       logger.info(request.getHeader(Constant.SSO_UID)+","+
       request.getHeader(Constant.SSO_GESSOUID));
       logger.info("Just about to create User");
       user = userModule.createUser(
       request.getHeader(Constant.SSO_UID),"Pa55word");
       // request.getHeader(Constant.SSO_EMAIL));
       logger.info("User object is ="+user);
       logger.info("User created successfully");
       if(null == userProfileModule) {
       userProfileModule = getUserProfileModule();
      
       }
       fillContextWithUserProfile(userProfileModule, user);
       Set roleSet = new HashSet();
       roleSet.add(getRoleModule().findRoleByName(defaultRoleForNewUser));
       membershipModule = getMembershipModule();
       membershipModule.assignRoles(user, roleSet);
       //success = true;
       return null;
       }
       catch (Exception e) {
       e.printStackTrace();
       throw new LoginException("Error in find/create user: " +
       e.getMessage());





      It is working fine upto the red marked line, at that line it is giving the following exception ClassCastException : org.jboss.portal.idetity.db.HibernateRoleModuleImpl.


      I configured inside my login-config.xml as below

      <policy>
       <!-- For the JCR CMS -->
       <application-policy name="cms">
       <authentication>
       <login-module code="org.apache.jackrabbit.core.security.SimpleLoginModule" flag="required"/>
       </authentication>
       </application-policy>
      
       <!-- <application-policy name="portal">
       <authentication>-->
      
       <!--To configure LDAP support with IdentityLoginModule please check documentation on how to
       configure portal identity modules for this-->
       <!-- <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="required">
       <module-option name="unauthenticatedIdentity">guest</module-option>
       <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
       <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
       <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
       <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
       <module-option name="additionalRole">Authenticated</module-option>
       <module-option name="password-stacking">useFirstPass</module-option>
       </login-module>-->
      
      
       <application-policy name="portal">
       <authentication>
       <login-module code="com.ge.health.jboss.portal.security.jaas.SsoLoginModule" flag="required">
       <module-option name="unauthenticatedIdentity">guest</module-option>
       <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
       <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
       <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
       <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
       <module-option name="additionalRole">Authenticated</module-option>
       <module-option name="password-stacking">useFirstPass</module-option>
       <module-option name="defaultRole">User</module-option>
       </login-module>[/code}]
      
      
      
      when i try to login i am getting the 403 error saying authentication failed.
      
      
      Can any one help me to reslove this issue.