0 Replies Latest reply on Jan 10, 2012 1:22 AM by Satish Kinikiri

    Logging in using UsernamePasswordHandler with no password option

    Satish Kinikiri Newbie

      Hi

       

      I am trying to introduce single-sign-on (SSO) for our application.

      Currently our application has a custom login module. I want to retain it the same authenication process when user is logging in directly with username/password (through non-SSO).

       

      And want to add authenication system to when the user tried to login into my app using application through some API.

      (Through SSO user name is availalble but not password I will make use of the username to create roles)

      Current authenication process :

       

      LoginClient loginClient = new LoginClient(loginName, loginPassword, true /* server login */);

      AppIQUserData user = loginClient.login();

      ......

      ......

       

      and Login client is

       

      public LoginClient(String username, String password, boolean serverLogin)

              throws LoginException

          {

              this(new UsernamePasswordHandler(username, password), serverLogin);

          }

       

      public LoginClient (CallbackHandler handler, boolean serverLogin) throws LoginException

          {

              this(handler, serverLogin ? SecurityConstants.SECURITY_DOMAIN : SecurityConstants.CLIENT_DOMAIN, serverLogin);

          }

       

       

          public LoginClient (CallbackHandler handler, String securityDomain, boolean serverLogin) throws LoginException

          {

              log.trace2("login security domain: " + securityDomain);

              this.serverLogin = serverLogin;

              context = new LoginContext(securityDomain, handler);

          }

       

      /**

           * Perform a login to the AppIQ system.

           * @return The AppIQUserData that has been authenticated

           * @throws LoginException if the login fails

           */

          public synchronized AppIQUserData login() throws LoginException

          {

              log.trace2("login - " + (serverLogin ? "SERVER" : "CLIENT"));

       

              context.login();

       

       

              if (!serverLogin)

                  return null;

       

              Subject subject = context.getSubject();

              if (subject == null)

                  throw new LoginException(LocalizationUtilities.localize("Exceptions", "LoginFailedNoSubject"));

              log.trace2("login SERVER returns subject: " + subject.toString());

       

       

              AppIQUserData user = SecurityMethods.getCallerPrincipal(subject);

              if (user == null)

                  throw new LoginException(LocalizationUtilities.localize("Exceptions", "UnableToExtractAppIQUserData"));

       

       

              /* Stash the context in a cache so that we can re-authenticate when we

                           * need to in order to force updates to login credentials when

                           * necessary.

                           */

                          SecurityMethods.add(context);

       

       

              return user;

       

          }

       

       

      Any idea how we can have the option of avoiding authenication when we are using UsernamePasswordHandler.

       

       

       

       

      Thanks

      Satish.kinikiri@gmail.com