[jboss-user] [JBoss Portal] - Custom JAAS login module
cgrahl
do-not-reply at jboss.com
Tue Sep 18 10:26:05 EDT 2007
Hello,
I'm new to JBoss Portal, and i'm need to authenticate using my own user database. For testing purposes, i made a very simple Jaas login module. It so simple that it not even authenticates! :-) The login() method always returns true.
I'm using it just to learn what configuration must be done on the portal to use it.
Here is my code:
| public class TestLoginModule implements LoginModule {
|
| private Subject subject;
|
| private CallbackHandler callbackHandler;
|
| private Map sharedState;
|
| private Map options;
|
| private String username = null;
|
| private boolean loginOk = false;
|
| private SimplePrincipal usernamePrincipal;
|
| private Object password;
|
| public boolean abort() throws LoginException {
| // TODO Auto-generated method stub
| return false;
| }
|
| public boolean commit() throws LoginException {
| System.out.println("commit()");
| if (!loginOk)
| return false;
|
| usernamePrincipal = new SimplePrincipal(username);
| password = new String("idontusethis");
|
| subject.getPrincipals().add(usernamePrincipal);
| subject.getPublicCredentials().add(password);
|
| this.username = null;
| return true;
| }
|
| public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
| System.out.println("initialize(). CallbackHandler: " + callbackHandler.toString());
| this.subject = subject;
| this.callbackHandler = callbackHandler;
| this.sharedState = sharedState;
| this.options = options;
| }
|
| public boolean login() throws LoginException {
| System.out.println("login()");
| NameCallback namecallback = new NameCallback("Enter username");
| PasswordCallback passwordcallback = new PasswordCallback("Enter password", false);
|
| try {
| callbackHandler.handle(new Callback[] { namecallback, passwordcallback });
|
| username = namecallback.getName();
| password = new String(passwordcallback.getPassword());
|
| System.out.println("TODO\t" + this.getClass().getName() + ": Call Authentication Code.");
| System.out.println("Username: " + username + " password: " + password);
|
| loginOk = true;
| return true;
| } catch (UnsupportedCallbackException e) {
| } catch (java.io.IOException e) {
| } finally {
| }
|
| return false;
| }
|
| public boolean logout() throws LoginException {
| // TODO Auto-generated method stub
| return false;
| }
|
| }
|
I changed the login-config.xml as follows:
<login-module code="com.senior.security.jaas.TestLoginModule" flag="required">
| <module-option name="unauthenticatedIdentity">guest</module-option>
| <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
| <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
| <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
| <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
| <module-option name="additionalRole">Authenticated</module-option>
| <module-option name="password-stacking">useFirstPass</module-option>
| </login-module>
|
When i try to login, using admin/admin or user/user, the console shows the corret username/password pair. But the browser shows the "HTTP Status 403 - Access to the requested resource has been denied" error page.
I press the "back" button on the browser, and the user shows logged in (on the upper right corner of the screen). But I can't go to my dashboard.
Did I miss some configuration step?
What I must do to configure my own login module?
Thank you
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4085539#4085539
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4085539
More information about the jboss-user
mailing list