[jboss-user] [Security & JAAS/JBoss] - Re: UsernamePasswordLoginModule and client origin

ragavgomatam do-not-reply at jboss.com
Wed Feb 27 22:06:46 EST 2008


Remote Ejb's clients look up the jndi to get the ejb handle...Prior to that they log in as follows.

import javax.security.auth.Subject;
  | import javax.security.auth.login.LoginContext;
  | import javax.security.auth.login.LoginException;
  | 
  | public class CustomClient {
  | 
  | 	/**
  | 	 * @param args
  | 	 */
  | 	@SuppressWarnings("unchecked")
  | 	public static void main(String[] args) {
  | 		LoginContext ctx = null;
  | 		try {
  | 			ctx = new LoginContext("client-login", new CustomHandler(args[0],
  | 					args[1],args[2]));
  | 			ctx.login();
  | 
  | // Look up ejb after jaas login above and invoke it in your PriviligedAction
  | 
  |               Subject.doAs(ctx.getSubject(), new CustomAction()); 
  | 
  |  		} catch (LoginException le) {
  | 			System.err.println("LoginContext cannot be created. "
  | 					+ le.getMessage());
  | 			System.exit(-1);
  | 		} catch (SecurityException se) {
  | 			System.err.println("LoginContext cannot be created. "
  | 					+ se.getMessage());
  | 		}
  | 	}
  | 
  | }


import java.security.PrivilegedAction;
  | 
  | public class CustomAction implements PrivilegedAction {
  | 
  | 	public Object run() {
  | 		//Look up ejb & invoke methods
  | 	}
  | 
  | }



Call back handler Implementation. In addition to Name, Password, ask user to enter IP information through TextInputCallback as shown..Retrieve this in your Login Module login()...Verify the presence of client IP in the login() ...If absent throw exception.....Hope this helps


import javax.security.auth.callback.Callback;
  | import javax.security.auth.callback.CallbackHandler;
  | import javax.security.auth.callback.NameCallback;
  | import javax.security.auth.callback.PasswordCallback;
  | import javax.security.auth.callback.TextInputCallback;
  | import javax.security.auth.callback.UnsupportedCallbackException;
  | 
  | public class CustomHandler implements CallbackHandler {
  | 
  | 	private String name;
  | 	private String password;
  | 	private String text;
  | 
  | 	public void handle(Callback[] callbacks)
  | 			throws UnsupportedCallbackException {
  | 		for (int i = 0; i < callbacks.length; i++) {
  | 			if (callbacks instanceof NameCallback) {
  | 				NameCallback nc = (NameCallback) callbacks;
  | 				nc.setName(this.name);
  | 			} else if (callbacks instanceof PasswordCallback) {
  | 				PasswordCallback pc = (PasswordCallback) callbacks;
  | 				pc.setPassword(this.password.toCharArray());
  | 			} else if (callbacks instanceof TextInputCallback) {
  | 				TextInputCallback tc = (TextInputCallback) callbacks;
  | 				pc.setText(this.text);
  | 			} else {
  | 				throw (new UnsupportedCallbackException(callbacks,
  | 						"Callback handler not support"));
  | 			}
  | 		}
  | 	}
  | 
  | 	public CustomHandler(String name, String password,String text) {
  | 		this.name = name;
  | 		this.password = password;
  | 		this.text = text;
  | 	}
  | 
  | }

For Local Clients, which I assume are web based....That is whose calls would be over Http, you could use the Tomcat Valve to introspect the IP...

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4132710#4132710

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4132710



More information about the jboss-user mailing list