Creating a custom login module in Wildfly 9.0.2

Version 1

    Following steps would give an idea on basic steps involved in creating a custom login module(following example extends out of the box module 'UsernamePasswordLoginModule')

    1)create a security domain in standalone.xml

    eg:

                    <security-domain name="customSecurity" cache-type="default">

                        <authentication>

                            <login-module code="com.CustomModule" flag="required"/>

                        </authentication>

                        <authorization>

                            <policy-module code="PermitAll" flag="required"/>

                        </authorization>

                    </security-domain>

     

    2)create custom login module

    eg:

              public class CustomModule extends UsernamePasswordLoginModule{

     

                     @Override

                     protected Group[] getRoleSets() throws LoginException {

                          /**any role could be returned as the security domain declared in above standalone.xml allows permission for all roles*/

                          SimpleGroup group = new SimpleGroup("Roles");

                           try {

                               group.addMember(new SimplePrincipal("noGroup"));

                           } catch (Exception e) {

                               throw new LoginException("Failed to create group member for " + group);

                           }

                           return new Group[] { group };

                     }

     

                     @Override

                     protected boolean validatePassword(String inputPassword, String expectedPassword) {

                          /**do actual validation,'this.getUsernameAndPassword()' returns username,&password sent to this module*/

                          return true;

                       }

     

                     @Override

                     protected String getUsersPassword() throws LoginException {

                          /** 'this.getUsernameAndPassword()' would provide username,&password sent to this module*/

                          /**this method could be used if user entered password need to be hashed before validation is done by above 'validatePassword' method */

                          return "sri";

                     }

              }

    3)ways to deploy Custom Login Module

         a)adding as a new module in wildfly(simple steps,plz check docs on how to add a new module in wildfly)

         or

         b)if WAR artifact uses this Login Module,package this as a jar within the artifact

     

    4)if WAR artifact uses this Login Module,make it aware of this security domain through 'jboss-web.xml',and place this xml inside WEB-INF directory

          eg:

              <jboss-web>

                  <security-domain>java:/jaas/customSecurity</security-domain>

              </jboss-web>

     

    5)invoke custom login module from filter or servlet to perform authentication after clicking login button of any custom UI login screen

         eg:

              httpRequest.login("wildfly", "meowfly");

        note:need servlet 3 api libraries to use above login method

     

    6)once validated by login module(ie validatePassword() returns true,& getRoleSets() matches with roles declared in standalone.xml),Principal object would be available to EJBs,interceptors MAGICALLY

         eg:

              @Resource

              private javax.ejb.SessionContext sessionContext;

              String caller = sessionContext.getCallerPrincipal().getName();

     

    hope above steps give an idea on how to override other out of the box login modules