4 Replies Latest reply on Jan 27, 2004 5:55 AM by Juha Lindfors

    Difficulty with LoginContext

    firepoet Newbie

       

      "firepoet" wrote:
      Greetings all,

      I'm attempting to implement a custom filter that authenticates different users in different ways depending on the state of the application. The filter loads a LoginContext and attempts to perform the login using a generic HtmlCallbackHandler we've written with Apache's ECS. However, the custom login module we've written isn't even getting loaded. It seems to be using the default login module (evidenced when we change prompts and they don't change on-screen).

      We have configured an "auth.conf" file, and archived it in the same .JAR file as our module's .class file:

      Custom {
       auth.CustomLoginModule required
       datasource=java:/ds/customDS
       debug="true";
      };


      We let our applications choose which module to use in a properties file, also bundled in the same .JAR file:

      auth.loginModuleName=Custom


      We attempt to tell Java to use the "Custom" module in our code:

      public LoginContext getLoginContext(CallbackHandler handler) throws ConfigurationException {
       try {
       if (loginModuleName == null) {
       String url = getClass().getClassLoader().getResource(AUTH_CONFIG).toString();
       System.setProperty("java.security.auth.login.config", url);
       loginModuleName = getConfig().getProperty(AUTH_MODULE, "");
       if (loginModuleName.length() == 0) {
       return null;
       }
       }
       System.out.println("New context returned with module: " + loginModuleName + " and handler: " + handler.getClass().getName());
       return new LoginContext(loginModuleName, handler);
       } catch (Exception e) {
       throw new ConfigurationException(e);
       }
       }


      Finally, in our filter:

      try {
       LoginContext context = Config.getInstance().getLoginContext(loginHandler);
       if (context != null) {
       context.login();
       }
       filterChain.doFilter(servletRequest, servletResponse);
       return;
       } //etc...
      


      We have code that emits HTML depending on what callbacks appeared from the module, and all that is working. However, the callbacks that show up aren't the callbacks from our module. Is there something I'm missing, something that JBoss does that overrides the System.setProperty(...) call that tells my filter's LoginContext which module to use to authenticate?

      Thanks for any help in advance,

      Stephen Starkey.

      P.S. Why in the world doesn't this board preserve white space in code blocks? :-)


        • 1. Re: Difficulty with LoginContext
          Juha Lindfors Master

           

          "juha@jboss.org" wrote:
          "firepoet" wrote:

          We have configured an "auth.conf" file, and archived it in the same .JAR file as our module's .class file:


          The JBoss security manager uses login-config.xml to configure security domains and login modules.

          "firepoet" wrote:

          P.S. Why in the world doesn't this board preserve white space in code blocks? :-)


          Yeah it sucks, I've bugged it.


          • 2. Re: Difficulty with LoginContext
            firepoet Newbie

             

            "firepoet" wrote:
            Thanks for your help! I've successfully ported the .conf file into the login-config.xml file and the module loads up no problem. In fact, it gets loaded, we pass our credentials through, and the module returns true. HOWEVER... :-). Somehow a LoginException is getting thrown:

            javax.security.auth.login.LoginException: Login Failure: all modules ignored
             at javax.security.auth.login.LoginContext.invoke(LoginContext.java:779)
             at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
             at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
             at java.security.AccessController.doPrivileged(Native Method)
             at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
             at javax.security.auth.login.LoginContext.login(LoginContext.java:535)
             at com.xb.servlet.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:61)
            (...)
            


            Our XML looks like:

             <application-policy name="Xplanner">
             <authentication>
             <login-module code="com.xb.xplanner.auth.XplannerLoginModule" flag="required">
             <module-option name="datasource">java:/xplannerDB</module-option>
             <module-option name="debug">true</module-option>
             </login-module>
             </authentication>
             </application-policy>
            


            • 3. Re: Difficulty with LoginContext
              firepoet Newbie

               

              "firepoet" wrote:
              Can somebody at least tell me if I'm going to have to pay somebody to get support for this particular problem?


              • 4. Re: Difficulty with LoginContext
                Juha Lindfors Master

                 

                "juha@jboss.org" wrote:
                Hello Stephen,

                Please drop me an email if you're interested in getting development support contract to solve this. From your description of using custom callback handlers etc. in your original mail it appears to me that this would be more comfortably solved with a dedicated support contact rather than over forums (plus you get access to people who implemented the security framework directly). Alternatively, you can contact <a href="mailto:sales@jboss.org">sales@jboss.org</a> directly and request information on support offerings.