2 Replies Latest reply on Oct 26, 2007 12:45 PM by Anil Saldanha

    Accessing Roles from Custom LoginModule return NULL

    Alexander Hartner Expert

      I have implemented my own login module and configure the login-config.xml file. I am able to authenticate users. However when I try to access the principal's roles it always returns null. Tomcat requires the developer to configure different classes for users and roles and uses the class to differentiate. However in JBoss I have not found the configuration for this. I am trying to use this LoginModule to secure web servers and ejb's.

      I am guessing that this is my problem.

      import java.io.IOException;
      import java.security.acl.Group;
      import java.util.Map;
      import javax.security.auth.Subject;
      import javax.security.auth.callback.Callback;
      import javax.security.auth.callback.CallbackHandler;
      import javax.security.auth.callback.NameCallback;
      import javax.security.auth.callback.PasswordCallback;
      import javax.security.auth.callback.UnsupportedCallbackException;
      import javax.security.auth.login.LoginException;
      import javax.security.auth.spi.LoginModule;
      import org.apache.log4j.Logger;
      
      public class SimpleLoginModule implements LoginModule {
       private Logger logger = Logger.getLogger(SimpleLoginModule.class);
       private Subject subject;
       private CallbackHandler callbackHandler;
      
       public SimpleLoginModule() {
       logger.info("Constructed new CIELogingModule");
       }
      
       public boolean abort() throws LoginException {
       logger.info("Aborted");
       return true;
       }
      
       public boolean commit() throws LoginException {
       logger.info("Granted Permissions");
       return true;
       }
      
       public void initialize(Subject subject, CallbackHandler callbackHandler, Map state, Map options) {
       logger.info("Initialise : "+options);
       this.subject = subject;
       this.callbackHandler=callbackHandler;
       }
      
       public boolean login() throws LoginException {
       logger.info("Login");
       NameCallback nameCallback = new NameCallback("User Name");
       PasswordCallback passwordCallback = new PasswordCallback("User Password", false);
       Callback[] callbacks = new Callback[2];
       callbacks[0] = nameCallback;
       callbacks[1] = passwordCallback;
       logger.info("Configured callbacks");
       try {
       logger.info("Handling callbacks");
       callbackHandler.handle(callbacks);
       logger.info("Handled callbacks");
       } catch (UnsupportedCallbackException ex) {
       ex.printStackTrace();
       } catch (IOException ex) {
       ex.printStackTrace();
       }
       String userid = "default";
       String password = "default";
       try {
       if (nameCallback.getName() != null) {
       userid = nameCallback.getName();
       }
       if (passwordCallback.getPassword() != null) {
       password = new String(passwordCallback.getPassword());
       }
       logger.info("Processed callbacks");
       passwordCallback.clearPassword();
       logger.info("Attempt to login with :"+userid+" and "+password);
       } catch (Exception e) {
       e.printStackTrace();
       }
       JAASUser user = new JAASUser(1,userid);
       JAASRole role = new JAASRole("friends");
       subject.getPrincipals().add(user);
       subject.getPrincipals().add(role);
       return true;
       }
      
       public boolean logout() throws LoginException {
       logger.info("Logout");
       subject.getPrincipals().clear();
       return true;
       }
      }
      


      I tried adding the getRoleSets method as shown below which I got from an example in this forum, but this did not make any difference.

       public Group[] getRoleSets() throws LoginException {
       Group grp = new JAASGroup("Roles");
       grp.addMember(new JAASRole("friend"));
       grp.addMember(new JAASRole("friends"));
       return new Group[]{grp};
       }