-
1. Re: JBOSS basic auth login popped even after using only Cust
juserp Aug 22, 2005 9:58 AM (in response to juserp)Since the AuthenticatorBase was invoking the BASIC logging, I tried setting the request.userPrincipal in my valve. After doing this I now do not get the login prompt, however it fails with following exception:
2005-08-22 19:14:57,688 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /jmx-console/
2005-08-22 19:14:57,688 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[HtmlAdaptor]' against GET /index.jsp --> true
2005-08-22 19:14:57,688 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[HtmlAdaptor]' against GET /index.jsp --> true
2005-08-22 19:14:57,688 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
2005-08-22 19:14:57,688 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions
2005-08-22 19:14:57,688 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()
2005-08-22 19:14:57,688 DEBUG [org.apache.catalina.authenticator.BasicAuthenticator] Already authenticated 'ORCLADMIN'
2005-08-22 19:14:57,688 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling accessControl()
2005-08-22 19:14:57,688 DEBUG [org.apache.catalina.realm.RealmBase] Checking roles ORCLADMIN
2005-08-22 19:14:57,688 ERROR [org.apache.catalina.connector.CoyoteAdapter] An exception or error occurred in the container during the request processing
java.lang.NullPointerException
at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.hasRole(JBossSecurityMgrRealm.java:286)
at org.apache.catalina.realm.RealmBase.hasResourcePermission(RealmBase.java:763)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:464)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at my.sso.MyValve.invoke(MyValve.java:99)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:307)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:385)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:748)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:678)
at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:871)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
Kindly guide what am i doing wrong/missing? -
2. Re: JBOSS basic auth login popped even after using only Cust
juserp Aug 22, 2005 10:11 AM (in response to juserp)my loginmodule code is:
/*
* Test OSSO LoginModule
*/
package my.sso;
import java.security.Principal;
import java.util.Map;
import java.security.Principal;
import java.security.acl.Group;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.Util;
import org.jboss.security.auth.spi.AbstractServerLoginModule;
/** An implementation of AbstractServerLoginModule that imposes
* an identity == HeaderVar REMOTE_USER on
* the login process.
*/
public class OSSOLoginModule extends AbstractServerLoginModule
{
/** The login identity */
private Principal identity;
public OSSOLoginModule()
{
System.out.println("Inside OSSOLoginModule Constructor ");
}
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options)
{
super.initialize(subject, callbackHandler, sharedState, options);
System.out.println("Inside OSSOLoginModule Initialize ");
}
/* Retrieve the Header value and set it as identity.
*/
public boolean login() throws LoginException
{
System.out.println("Inside OSSOLoginModule Login ");
super.loginOk = false;
String username = getUsernameFromCallback();
if( username == null )
{
System.out.println("No username retrieved");
}
if( identity == null )
{
try
{
identity = createIdentity(username);
System.out.println("Identity created in login");
}
catch(Exception e)
{
System.out.println("Failed to create principal");
throw new LoginException("Failed to create principal: "+ e.getMessage());
}
}
if( getUseFirstPass() == true )
{ // Add the username and password to the shared state map
sharedState.put("javax.security.auth.login.name", username);
}
super.loginOk = true;
System.out.println("User '" + identity + "' authenticated, loginOk="+loginOk);
return true;
}
/* Set dummy roles.Called during commit */
protected Principal getIdentity()
{
System.out.println("Inside getIdentity, returned is" + identity);
return identity;
}
protected String getUsername()
{
String username = null;
if( getIdentity() != null )
username = getIdentity().getName();
System.out.println("User in getUsername is '" + username);
return username;
}
/** Called by login() to acquire the username
authentication. This method does no validation of either.
@return String, username
@exception LoginException thrown if CallbackHandler is not set or fails.
*/
protected String getUsernameFromCallback() throws LoginException
{
String username = null;
// Get username
if( callbackHandler == null )
{
throw new LoginException("Error: no CallbackHandler available " +
"to collect authentication information");
}
NameCallback nc = new NameCallback("User name:");
Callback[] callbacks = {nc};
try
{
callbackHandler.handle(callbacks);
username = nc.getName();
System.out.println("Username set from callback is " + username);
}
catch(java.io.IOException ioe)
{
throw new LoginException(ioe.toString());
}
catch(UnsupportedCallbackException uce)
{
throw new LoginException("CallbackHandler does not support: " + uce.getCallback());
}
return username;
}
/* Set dummy roles.Called during commit */
protected Group[] getRoleSets()
{
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles};
roles.addMember(new SimplePrincipal("JBossAdmin"));
roles.addMember(new SimplePrincipal("HttpInvoker"));
roles.addMember(new SimplePrincipal("Role2"));
System.out.println("Inside getRoleSets");
return roleSets;
}
}
And my Valve code is:
package my.sso;
import java.io.IOException;
import java.util.Enumeration;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletRequest;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.Subject;
import java.security.Principal;
import org.jboss.security.SimplePrincipal;
import java.security.acl.Group;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
public class MyValve
extends ValveBase
{
private boolean isPresent;
public void invoke(Request request, Response response)
throws IOException, ServletException
{
boolean flag;
String username1 = request.getRemoteUser();
//Using getAttribute
String remoteAttr = (String)request.getAttribute("REMOTE_USER");
System.out.println("Enter, REMOTE_USER="+ username1);
System.out.println("REMOTE_USER as attribute is"+ remoteAttr);
System.out.println("jmx-consoletest");
try {
OSSOUsernameHandler handler = new OSSOUsernameHandler(remoteAttr);
if (handler == null)
{
System.out.println("handler is null");
}
System.out.println("handler is not null");
LoginContext lc = new LoginContext("jmx-consoletest", handler);
if (lc == null)
{
System.out.println("lc is null");
}
System.out.println("lc is not null");
lc.login();
Subject subject = lc.getSubject();
if (subject == null)
{
System.out.println("subject is null");
}
System.out.println("subject is not null");
Set groups = subject.getPrincipals(Group.class);
Group roles = (Group) groups.iterator().next();
flag = roles.isMember(new SimplePrincipal("JBossAdmin"));
System.out.println("flag is" + flag);
flag = roles.isMember(new SimplePrincipal("JBossAdmin1"));
System.out.println("flag 1s" + flag);
request.setUserPrincipal(new SimplePrincipal(remoteAttr));
String name = request.getUserPrincipal().getName();
System.out.println("name is" + name);
} catch(LoginException e) {
;
}
getNext().invoke(request, response);
}
}
I have spent couple of days on this, your help is highly appreciated.