1 Reply Latest reply on Feb 26, 2009 7:37 PM by Erik Lindquist

    JBoss SSO and Oracle

    Erik Lindquist Newbie

      I'm trying to get SSO working with my Oracle database. According to the documentation I've seen so far, I'll need to implement a LoginProvider. Before I get too far, I'd like to make sure I'm on the right track.

      I'm assuming that all of the elements that are defined in the sso.cfg.xml will be available to my LoginProvider thanks to the SSO mechanism that will call the setProperties() method of my provider.

      (I know that the following are incomplete)

      sso.cfg.xml :

      <jboss-sso>
       <identity-management>
       <login>
       <provider id="si:my:oracle:login" class="my.security.OracleLoginProvider">
       <property name="connectionURL">jdbc:oracle:thin:@localhost:1521:orcl</property>
       <property name="username">user</property>
       <property name="password">pass</property>
       <property name="existsSQL">select 'ok' from user_table where login_id=?</property>
       <property name="loginSQL">select 'ok' from user_table where login_id=? and password=?</property>
       </provider>
       </login>
       </identity-management>
      </jboss-sso>
      


      Here's what I have so far for the LoginProvider:

      
      package my.security;
      
      import org.jboss.security.idm.*;
      import java.security.Principal;
      import java.util.Collection;
      import java.sql.*;
      
      public class OracleLoginProvider implements LoginProvider {
      
       static { // is there a better way to do this?
       java.sql.DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
       }
      
       private Properties props;
       private String id;
      
       public OracleLoginProvider() {
       }
      
       public String setId(String id) throws IdentityException {
       this.id = id;
       }
      
       public String getId() throws IdentityException {
       return id;
       }
      
       public boolean exists(Principal principal) throws IdentityException, SQLException {
       return exists(principal.getName());
       }
      
       public boolean exists(String username) throws IdentityException, SQLException {
       Connection conn = connect();
      
       // username and existsQuery are set in sso.cfg.xml
       String username = props.getProperty("username");
       String sql = props.getProperty("existsQuery");
      
       try {
       PreparedStatement ps = conn.prepareStatement(sql);
       ps.setString(1, username);
       ResultSet rs = ps.executeQuery();
       return rs.next();
       }
       finally { conn.close(); }
       }
      
       public Identity read(Principal principal) throws IdentityException {
       return read(principal.getName());
       }
      
       public Identity read(String username) throws IdentityException {
       Identity ident = new Identity();
       ident.setUserName(username);
      // need to set roles too.
       return ident;
       }
      
      
       public boolean login(Principal principal,byte[] password) throws IdentityException;
      
       public boolean login(String username,byte[] password) throws IdentityException;
      
       public Collection readAllRoles() throws IdentityException;
      
       public void setProperties(Properties props) {
       this.props = props;
       }
      
       private java.sql.Connection connect () {
       // connectionURL, username and password are set in sso.cfg.xml
       String url = props.getProperty("connectionURL");
       String username = props.getProperty("username");
       String password = props.getProperty("password");
      
       return DriverManager.getConnection(url, username, password);
       }
      
      }
      


      Does that look right?


        • 1. Re: JBoss SSO and Oracle
          Erik Lindquist Newbie

          Self-reply: I can see a few things wrong with the code - like I'm checking the wrong username in the exists() method - but in the bigger picture, am I going the right direction?

          Specifically, is this SSO LoginProvider going to replace my JAAS configuration - that and the UsernameAndPasswordLoginModule?