3 Replies Latest reply on Apr 29, 2008 12:05 PM by ragavgomatam

    ClientLoginModule and additional state

    lukeb
    lukeb Apr 28, 2008 8:16 AM

      I have a server side custom login module which I want to pass additional state into.

      I'm currently using the ClientLoginModule from my standalone Java application to get my credentials over to the server.

      Is there anyway of getting some additional state from the client to the server using the ClientLoginModule?

      I've looked at the source code and can't see anything obvious, just wondered if I'd missed anything?

      If it's not possible, I guess I'll have to write my own custom client login module which implements additional callbacks and stores the info in a custom principal.

      Thanks for any help you can give.

      • 2196 Views
      • Tags:
        • 1. Re: ClientLoginModule and additional state
          ragavgomatam
          ragavgomatam Apr 28, 2008 9:16 PM (in response to lukeb)

          LoginModules are designed for authentication/authorization. State information is specific to your application, where as JAAS modules are not designed to handle state information. However this said, you can pass in static information to the module by Map options & Map sharedState. These are set up in the login-config.xml...Check out if passing static information through these maps would be helpful for you or not. Also writing your own CustomLogin module may not help as it is not designed to pass state info.

            • Actions
          • 2. Re: ClientLoginModule and additional state
            lukeb
            lukeb Apr 29, 2008 5:18 AM (in response to lukeb)

            Thank you for the reply and sorry - I didn't quite make myself clear. Using state was not the correct term.

            Having read the JAAS tutorial I see that a Subject can have many principals. For instance a username, a social security number etc. Using the ClientLoginModule (from a remote java client) I was hoping that I could add addition principals to my Subject and the additional Principals would be available in the server in my custom login module. This isn't the case.

            I think I know why now as in the SecurityClientInterceptor.java JBoss does the following:


            public Object invoke(org.jboss.aop.joinpoint.Invocation invocation) throws Throwable
 {
 // Get Principal and credentials
 Principal principal = SecurityActions.getPrincipal();
 if (principal != null) invocation.getMetaData().addMetaData("security", "principal", principal);

 Object credential = SecurityActions.getCredential();
 if (credential != null) invocation.getMetaData().addMetaData("security", "credential", credential);

 return invocation.invokeNext();
 }



            So it appears that only a Principal and Credential are remoted to the server in the ejb call meta data.

            Not that I really know anything about it but I was expecting to see a Subject used rather than a Principal.

            I'll investigate using a custom principal.

            I can see no way from a remote java client to get information into the options and shared state maps as I understand it, they are purely for purposes of communication between login modules and for configuration options.


              • Actions
            • 3. Re: ClientLoginModule and additional state
              ragavgomatam
              ragavgomatam Apr 29, 2008 12:05 PM (in response to lukeb)

              Yeah...As you say adding a CustomPrincipal with additional properties could help. There is a post in this same forum where an example (full source code) on CustomPincipal with additional properties is posted. Check it out.

                • Actions