I've extended the class, UsernamePasswordLoginModule, but am unable to get a successful login. I've even tried just returning true for the login(), and commit() methods.
No matter what, I get the following:
WARN [jbossweb] WARNING: AUTH FAILURE: role for <whatever login I try>
Please let me know if you see anything obvious with the pieces below.
Thank you in advance.
Here's a portion of my web.xml
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Project</realm-name>
</login-config>
<security-role>
<role-name>Admin</role-name>
</security-role>
And here's the portion from my login-config.xml
<application-policy name="project">
<login-module code="com.arch.tpproject.ProjectLoginModel" flag="required">
<module-option name="principal">guest</module-option>
<module-option name="userName">guest</module-option>
<module-option name="password">guest</module-option>
<module-option name="roles">Admin</module-option>
</login-module>
</application-policy>
<
And finally, my code.
public boolean login() throws LoginException
{ return true; }
protected boolean validatePassword(String inputPassword, String expectedPassword)
{ return true;
}
public Group[] getRoleSets()
{
SimpleGroup groups[] = new SimpleGroup[1];
SimpleGroup sg = new SimpleGroup("Roles");
sg.addMember((java.security.Principal)(new SimplePrincipal("Admin")));
groups[0] = sg;
// groups[0].addMember(new SimplePrincipal("project"));
return groups;
}
As far as I can remember the only 2 methods you need to override are:
protected String getUsersPassword() - use getUsername() within this to get the Subject's username.
protected Group[] getRoleSets() - as you have done
Regards,
Sean