[jboss-user] [JBoss Portal] - Re: Custom JAAS login module
creative777
do-not-reply at jboss.com
Fri Sep 21 20:07:52 EDT 2007
Here is some test code I hacked for creating a LoginModule using hibernate driven by my database. Obviously, this could be extended many ways.
Hope this gets you further along.
Creative
import java.util.*;
import javax.security.auth.*;
import javax.security.auth.spi.*;
import javax.security.auth.login.*;
import javax.security.auth.callback.*;
import com.xxxx.dao.jaas.Users;
import org.hibernate.*;
import javax.naming.*;
public class LoginModule implements LoginModule{
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
// configurable option
private boolean debug = false;
// username and password
private String username;
private String password;
//authentication status
boolean auth_success = true;
boolean commit_success = false;
boolean password_mismatch= false;
boolean invalid_user= false;
//User Credentials
private String _lastname = null;
private String _firstname = null;
private String _email = null;
private String _userid = null;
private MyEmailPrincipal emailPrincipal = null;
private MyFirstnamePrincipal fnamePrincipal = null;
private MyLastnamePrincipal lnamePrincipal = null;
private MyUserIdPrincipal userIdPrincipal = null;
/**
* Initialize this LoginModule.
*
*
*
* @param subject the Subject to be authenticated.
*
* @param callbackHandler a CallbackHandler for communicating
* with the end user (prompting for user names and
* passwords, for example).
*
* @param sharedState shared LoginModule state.
*
* @param options options specified in the login
* Configuration for this particular
* LoginModule.
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
System.out.println("MyJdbcLoginModule:InitMethod");
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
}
/**
* Authenticate the user by prompting for a user name and password.
*
*
*
* @return true in all cases since this LoginModule
* should not be ignored.
*
* @exception FailedLoginException if the authentication fails.
*
* @exception LoginException if this LoginModule
* is unable to perform the authentication.
*/
public boolean login() throws LoginException {
System.out.println("MyJdbcLoginModule:login()");
// get the callback handler with the user name and password
if (callbackHandler == null)
throw new LoginException("MyJdbcLoginModule: No CallbackHandler Available");
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username");
callbacks[1] = new PasswordCallback("Password: ", false);
try {
callbackHandler.handle(callbacks);
username = ((NameCallback)callbacks[0]).getName();
password = new String(((PasswordCallback)callbacks[1]).getPassword());
auth_success = validateUser(username, password);
if(!auth_success){
if(password_mismatch){
throw new LoginException("Invalid Password");
}else if(invalid_user){
throw new LoginException("Invalid Username");
}
}
return true;
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException use) {
throw new LoginException("MyJdbcLoginModule: Not Supported"+ use.getCallback().toString() );
}
}
/**
* This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
*
* @exception LoginException if the commit fails.
*
* @return true if this LoginModule's own login and commit
* attempts succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
System.out.println("MyJdbcLoginModule:commit()");
System.out.println(auth_success);
if (auth_success) {
commit_success= true;
fnamePrincipal = new MyFirstnamePrincipal(_firstname);
lnamePrincipal = new MyLastnamePrincipal(_lastname);
emailPrincipal = new MyEmailPrincipal(_email);
userIdPrincipal = new MyUserIdPrincipal(_userid);
System.out.println("Adding principals");
subject.getPrincipals().add(fnamePrincipal);
subject.getPrincipals().add(lnamePrincipal);
subject.getPrincipals().add(emailPrincipal);
subject.getPrincipals().add(userIdPrincipal);
} else {
commit_success = false;
}
return commit_success;
}
/**
* This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* login and commit methods),
* then this method cleans up any state that was originally saved.
*
*
*
* @exception LoginException if the abort fails.
*
* @return false if this LoginModule's own login and/or commit attempts
* failed, and true otherwise.
*/
public boolean abort() throws LoginException {
System.out.println("MyJdbcLoginModule:abort()");
if (!auth_success) {
// authentication failure
username = null;
password = null;
this.subject.getPrincipals().clear();
return true;
}
return false;
}
/**
* Logout the user.
*
* This method removes the SamplePrincipal
* that was added by the commit method.
*
*
* @exception LoginException if the logout fails.
*
* @return true in all cases since this LoginModule
* should not be ignored.
*/
public boolean logout() throws LoginException {
System.out.println("MyJdbcLoginModule:logout()");
this.username = null;
this.password = null;
this.subject.getPrincipals().clear();
return true;
}
/**
* This method does the actual authentication by validating in the database
* if the user exists and if the password matches or not.
*
*/
public boolean validateUser(String username, String password){
try{
Context ctx = new InitialContext();
SessionFactory factory = (SessionFactory) ctx.lookup("java:/hibernate/SessionFactory");
Session sess = factory.openSession();
Query query = sess.createQuery("from Users as users where username = '" + username + "' and password = '" + password + "'");
List rList = query.list();
String _password = null;
System.out.println("Found " + rList.size() + " entrie(s) for this user.");
if(rList.size() > 0 ){
//the user exists in the database there auth_success=true
_password = ((Users)rList.get(0)).getPassword();
_lastname = ((Users)rList.get(0)).getLastname();
_firstname = ((Users)rList.get(0)).getFirstname();
_email = ((Users)rList.get(0)).getEmail();
_userid = new Integer(((Users)rList.get(0)).getUserid()).toString();
} else {
//if no results obtained means the user is not present in the database
auth_success = false;
invalid_user = true;
return auth_success;
}
//user exists and check if the password matches..
System.out.println(password + " equals " + _password);
if(!password.equals(_password)){
auth_success = false;
password_mismatch= true;
return auth_success;
}
}catch(Exception sqx){
System.err.println("MyJdbcLoginModule: Exception encountered while retrieving values");
System.err.println(sqx);
auth_success = false;
}finally {
}
System.out.println(auth_success);
return auth_success;
}
}
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4087460#4087460
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4087460
More information about the jboss-user
mailing list