The principal is created in the client login module, and propagated across the wire. Why don't you extend the client side stuff? You will have to write another Principal, since the SimplePrincipal used by ClientLoginModule holds only a single string, and yours needs to hold two - the user and ssn. The ssn could be collected by a TextInputCallback.setText() in your callback handler.
I recall the contributed server-side code also uses a SimplePrincipal, so you'll need to make some extensions/changes there, too.
> The principal is created in the client login module,
> and propagated across the wire. Why don't you extend
> the client side stuff? You will have to write another
> Principal, since the SimplePrincipal used by
> ClientLoginModule holds only a single string, and
> yours needs to hold two - the user and ssn.
Yeah that is what i had in mind, but after i traced through the login modules, there is no principal being created anywhere with that username (I am not using 'shared login'. What does that mean? I guess that is jboss specifc? ). I put a println in everywhere a new SimplePrincipal or new Principal gets created and nothing ever gets created with 'ssn##java'; only 'java'. Can you give it a try?
> The ssn could be collected by a TextInputCallback.setText()in your callback handler.
This will not work. I tried it and my login fails everytime, unless i take the line including TextInputHandler out of the code; heck nothing comes back from the container, no messages or debug statements or anything. This looks like a bug. It is unclear how the TextInputHandler would even map to a login form anyways. Maybe there should be a HTMLInputHandler class that takes the name of the field as a constructor argument. What if i had two or three or four other values on the login page? How would i distinguish between them?
The more i see of JAAS in JBoss the more frustrated i get. I am not sure if it is just this implementation or jaas in general. It seems very inflexible.
1) I can't manually login against the container and have resources available to me other than from the Servlet in which I did the manual login call.
I should be able to create a login page and have it call my login servlet, do the login, and if successful, have access to any protected resource allowed to me without having to login on every request.
2) The mapping of callbacks to the form inputs is very unclear. What does the prompt arguement do for a HTML form?
> I recall the contributed server-side code also uses a
> SimplePrincipal, so you'll need to make some
> extensions/changes there, too.
not sure if this is what you are looking for
but in ClientLoginModule
i think this is what gets propagated and you can change it to whatever you want
hope this helps
This topic is also very interesting to me.
Any ideas how really does SecurityAssociation propagate its static principal and credential fieds ?
I havent found any direct references to SecurityAssociation from any of JBoss JNDI classes (where I guess they supposed to be).
I want my own ClientLoginModule, not JBoss suplied one, so I just cant continue with Jboss security without understanding this mechanism.
only three sources of info afaik
1. http://jboss.org/documentation/HTML/index.html chapter9
and the howto on jaas chapter 13
2. scott starks article on javaworld
3. and of course this newsgroup..
anyones looked at suns documentation on JAAS ? is it any good?
> not sure if this is what you are looking for
> but in ClientLoginModule
> search for
Where is this class? I do not see it in CVS. Since it is not imported it must be in the org.jboss.security package. This means it is not portable. I thought the whole idea of using Jaas for authentication and authorization was to be portable?
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/jboss/jbosssx/src/main/org/jboss/security/ is where i found this class..
from my limited understanding of jaas(im a vb programmer!) and from the diagram on
http://jboss.org/documentation/HTML/ch09s09.html fig9.6 you use the Client\auth.conf login module to bind the data which is sent to the jboss\tomcat login module..
i dont see a 'SecurityAssociation" source there. Can you take a look?
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/jboss/jboss/src/main/org/jboss/security/ is the link for the security association class
the link i gave was for the clientloginmodule class which is what you should be concerned with the principal is being set there with the username