4 Replies Latest reply on Feb 6, 2009 1:53 AM by Alexey Tomin

    JAAS problem with LoginModule

    Alexey Tomin Newbie

      I use jdk 1.6.11/win32, JBossAS 5RC2.
      EAR contains EJB with jboss.xml:

      <?xml version='1.0' encoding='UTF-8' ?>
      <jboss>
       <security-domain>java:/jaas/ASKUR</security-domain>
      </jboss>


      in login-config.xml:
      <application-policy name = "ASKUR">
       <authentication>
       <login-module code = "ru.infosfera.auth.RolesLoginModule" flag = "required"/>
       </authentication>
       </application-policy>


      in RolesLoginModule:
      private Map<String, ?> sharedState;
       public void initialize(Subject subject, CallbackHandler callbackHandler,
       Map<String, ?> sharedState, Map<String, ?> options)
       { this.sharedState = sharedState; }
      
       public boolean login() throws LoginException {
       log.error("sharedState.size() = " + sharedState.size());
       return true;
       }


      in this EJB exist stateless bean:
      public class AuthContext implements AuthContextLocal, AuthContextRemote {
       @Resource EJBContext ejbContext;
       public String test() {
       return ejbContext.getCallerPrincipal().getName();
       }


      Client code:
      System.setProperty("java.security.auth.login.config","auth.conf");
       Hashtable<String, String> params = new Hashtable<String, String>();
       params.put(Context.PROVIDER_URL , "jnp://localhost:1099");
       params.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
       params.put(Context.AUTHORITATIVE, "true");
       LoginContext lc = new LoginContext("ASKUR",new ClientCallBackHandler("root","root"));
       lc.login();
       Context ctx = new InitialContext(params);
       Object obj = ctx.lookup("EJB/Auth/AuthContext");
       AuthContextRemote auth = (AuthContextRemote) PortableRemoteObject.narrow(obj, AuthContextRemote.class);
       System.out.println("Auth: " + auth.test());


      in auth.conf:
      ASKUR {
       org.jboss.security.ClientLoginModule required;
      };


      Result:
      EJB bean method test() return username (root), but in Login module datas not sended
      [RolesLoginModule] sharedState.size() = 0


      What need to do? I want check usename...

        • 1. Re: JAAS problem with LoginModule
          Wolfgang Knauf Master

          Hi,

          please provide full code of your login module (e.g. the base class).

          I built a custom login module once, and it looked like this:

          public class MyLoginModule extends UsernamePasswordLoginModule
          {
          
           public void initialize(Subject subject, CallbackHandler callbackHandler,
           Map sharedState, Map options)
           {
           super.initialize(subject, callbackHandler, sharedState, options);
          
           ...initialize module according to config from "options"....
          
           }
          
           /**Get roles of current user
           * @return An Array of user roles roles
           */
           protected Group[] getRoleSets() throws LoginException
           {
           Group[] groups = { new SimpleGroup("Roles") };
          
           String user = super.getUsername();
          
           //Get roles for user:
           SimplePrincipal role = new SimplePrincipal("role_of_user");
           groups[0].addMember(role);
           return groups;
           }
          
           /**Get password of current user
           * @return Password of user
           * @throws LoginException If user was not found
           */
           protected String getUsersPassword() throws LoginException
           {
           String user = super.getUsername();
           if (user.equals ("root") )
           {
           return "rootpassword";
           }
           }
          




          I think you should not override method "login", but "getRoleSets" and "getUsersPassword"

          Hope this helps

          Wolfgang

          • 2. Re: JAAS problem with LoginModule
            Alexey Tomin Newbie

             

            "Wolfgang Knauf" wrote:
            please provide full code of your login module (e.g. the base class).
            [/quot]
            public class RolesLoginModule implements LoginModule {
             private static final Log log = LogFactory.getLog(RolesLoginModule.class);
             private Subject subject;
             private CallbackHandler callbackHandler;
             private Map<String, ?> sharedState;
             private Map<String, ?> options;
            
             public void initialize(Subject subject, CallbackHandler callbackHandler,
             Map<String, ?> sharedState, Map<String, ?> options)
             {
             this.subject = subject;
             this.callbackHandler = callbackHandler;
             this.sharedState = sharedState;
             this.options = options;
             }
            
             public boolean login() throws LoginException {
             log.error("sharedState.size() = " + sharedState.size()); //0
             log.error("subject.getPrincipals().size()=" + subject.getPrincipals().size()); //0
             log.error("options.size() = " + options.size()); //1
             return true;
             }
             public boolean logout() throws LoginException { return true; }
             public boolean abort() throws LoginException { return true; }
             public boolean commit() throws LoginException { return true; }
            }
            


            • 3. Re: JAAS problem with LoginModule
              Alexey Tomin Newbie

              Now I test it in jboss-5.0.0.GA-jdk6.zip
              Same result...

              • 4. Re: JAAS problem with LoginModule
                Alexey Tomin Newbie

                Sory, fixed.

                NameCallback nc = new NameCallback("User name: ", "guest");
                 PasswordCallback pc = new PasswordCallback("Password: ", false);
                 Callback[] callbacks = {nc, pc};
                 callbackHandler.handle(callbacks);
                 username = nc.getName();
                 password = pc.getPassword();