1 Reply Latest reply on Jul 14, 2005 12:12 PM by Daniel Blaisdell

    Additional Credentials in login-config.xml

    Daniel Blaisdell Newbie

      How can I configure login-config.xml to push additional credentials into my context? Such as a login index?

      <application-policy name="firsthealthinc">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
       <module-option name="dsJndiName">java:/PostgresDS</module-option>
       <module-option name="principalsQuery">select password from tblemployee where login=? and inactive='f'</module-option>
       <module-option name="rolesQuery">
       select securityroles.role,rolegroup from tblemployeeroles
       inner join tblemployee on tblemployeeroles.employeeid=tblemployee.employeekey
       inner join securityroles on tblemployeeroles.role=securityroles.roleid
       where tblemployee.login=?
       </module-option>
       <module-option name = "unauthenticatedIdentity">guest</module-option>
       </login-module>
      
       <login-module code = "org.jboss.security.ClientLoginModule" flag = "required">
       </login-module>
      
       </authentication>
      
      </application-policy>
      


        • 1. Re: Additional Credentials in login-config.xml
          Daniel Blaisdell Newbie

          I was able to solve my own problem by writing a custom login module.

          The class below keeps track of my LoginIndex

          public final class LoginIndex implements Principal {
          
           final int loginindex;
          
           public LoginIndex(int login) {
           loginindex=login;
           }
          
          
           /**
           * @return Returns the loginindex.
           */
           public int getLoginindex() {
           return loginindex;
           }
          
          
           /* (non-Javadoc)
           * @see java.security.Principal#getName()
           */
           public String getName() {
           return "LoginIndex";
           }
          
           public String toString() {
           return "Login Index: " + loginindex;
           }
          }
          


          The Custom Module Makes an additional database call based on a customizable query
          public class CustomDBServerLoginModule extends DatabaseServerLoginModule {
          
           private String loginIndexQuery;
           private LoginIndex loginIndex;
          
           public void initialize(Subject subject, CallbackHandler callbackHandler,
           Map sharedState, Map options) {
           super.initialize(subject, callbackHandler, sharedState, options);
           loginIndexQuery = (String) options.get("loginIndexQuery");
           getLoginIndex();
           }
          
           protected void getLoginIndex() {
           try {
           InitialContext ic = new InitialContext();
           DataSource ds = (DataSource) ic.lookup(this.dsJndiName);
           Connection con = ds.getConnection();
           PreparedStatement prepStmt = con.prepareStatement(loginIndexQuery);
           ResultSet rs = prepStmt.executeQuery();
           if (rs.next()) {
           loginIndex = new LoginIndex(rs.getInt(1));
           subject.getPrincipals().add(loginIndex);
           log.info(loginIndex);
           }
           con.close();
           } catch (SQLException e1) {
           e1.printStackTrace();
           } catch (NamingException e) {
           e.printStackTrace();
           }
           }
          }
          


          And finally the login-config.xml file glues it all together.
          <application-policy name="firsthealthinc">
           <authentication>
           <login-module code="com.firsthealthinc.security.CustomDBServerLoginModule" flag="required">
           <module-option name="dsJndiName">java:/PostgresDS</module-option>
           <module-option name="principalsQuery">select password from tblemployee where login=? and inactive='f'</module-option>
           <module-option name="rolesQuery">
           select securityroles.role,rolegroup from tblemployeeroles
           inner join tblemployee on tblemployeeroles.employeeid=tblemployee.employeekey
           inner join securityroles on tblemployeeroles.role=securityroles.roleid
           where tblemployee.login=?
           </module-option>
           <module-option name = "unauthenticatedIdentity">guest</module-option>
           <module-option name = "loginIndexQuery">select nextval('employeelogin_seq')</module-option>
           </login-module>
          
           <login-module code = "org.jboss.security.ClientLoginModule" flag = "required">
           </login-module>
          
           </authentication>
          
          </application-policy>