[jboss-user] [Security & JAAS/JBoss] - Re: looking for working example: custom login module extends
ragavgomatam
do-not-reply at jboss.com
Thu Jan 10 22:43:05 EST 2008
I have a custom login module that is working fine with jboss 4.2.1 and jboss 5 Beta 3. Caveat is I extend the AbstractServerLoginModule NOT UsernamePasswordLoginModule. But this should not a big issue as UsernamePasswordLoginModule extends AbstractServerLoginModule. So enjoy...
Code
package com.jaas.module;
|
| import java.math.BigDecimal;
| import java.security.Principal;
| import java.security.acl.Group;
| import java.sql.SQLException;
| import java.util.Arrays;
| import java.util.Map;
| import java.util.Set;
|
| import javax.naming.Context;
| import javax.naming.InitialContext;
| import javax.naming.NamingException;
| import javax.security.auth.Subject;
| import javax.security.auth.callback.Callback;
| import javax.security.auth.callback.CallbackHandler;
| import javax.security.auth.callback.NameCallback;
| import javax.security.auth.callback.PasswordCallback;
| import javax.security.auth.callback.UnsupportedCallbackException;
| import javax.security.auth.login.LoginException;
| import javax.sql.DataSource;
|
| import org.apache.commons.dbutils.QueryRunner;
| import org.apache.commons.dbutils.handlers.ArrayHandler;
| import org.jboss.security.SimpleGroup;
| import org.jboss.security.SimplePrincipal;
| import org.jboss.security.auth.spi.AbstractServerLoginModule;
|
| public class CustomLoginModule extends AbstractServerLoginModule {
|
| private Principal principal;
|
| private String authSql;
|
| private String rolesSql;
|
| private String name = null;
|
| private String password = null;
|
| @SuppressWarnings("unused")
| private String ssn = null;
|
| public void initialize(Subject subject, CallbackHandler callbackHandler,
| Map sharedState, Map options) {
| super.initialize(subject, callbackHandler, sharedState, options);
| this.authSql = (String) options.get("authSql");
| this.rolesSql = (String) options.get("rolesSql");
| }
|
| public boolean login() throws LoginException {
|
| //this is a protected boolean in Super class
| loginOk = false;
| if (this.callbackHandler == null) {
| throw new LoginException("No callback handler is available");
| }
|
| Callback callbacks[] = new Callback[2];
|
| callbacks[0] = new NameCallback("Name :");
| callbacks[1] = new PasswordCallback("Password :", false);
|
| try {
| this.callbackHandler.handle(callbacks);
| name = ((NameCallback) callbacks[0]).getName().trim();
| password = new String(((PasswordCallback) callbacks[1])
| .getPassword());
|
| Object[] results = (Object[]) getQueryRunner().query(authSql,
| new Object[] { name, password }, new ArrayHandler());
|
| ssn = ((BigDecimal) results[3]).toString();
| principal = new CustomPrincipal((String) results[0],
| (String) results[1], ((BigDecimal) results[2]).toString(),
| ((BigDecimal) results[3]).toString());
|
| loginOk = true;
|
| } catch (java.io.IOException ioe) {
| ioe.printStackTrace();
| throw new LoginException(ioe.toString());
| } catch (UnsupportedCallbackException ce) {
| ce.printStackTrace();
| throw new LoginException("Error: " + ce.getCallback().toString());
| } catch (SQLException ex) {
| ex.printStackTrace();
| }
| return loginOk;
| }
|
| @Override
| protected Principal getIdentity() {
| return this.principal;
| }
|
| @Override
| protected Group[] getRoleSets() {
|
| Group roleGroup = new SimpleGroup("Roles");
| Group callerPrincipal = new SimpleGroup("CallerPrincipal");
| Group[] groups = { roleGroup, callerPrincipal };
|
| try {
| Object[] grps = (Object[]) getQueryRunner().query(rolesSql,
| new Object[] { name }, new ArrayHandler());
| for (int i = 0; i < grps.length; i++) {
| roleGroup.addMember(new SimplePrincipal(((String) grps)
| .trim()));
| }
| } catch (SQLException ex) {
| ex.printStackTrace();
| }
| callerPrincipal.addMember(this.principal);
| return groups;
| }
|
| public boolean commit() throws LoginException {
|
| boolean flag = false;
|
| if (!loginOk) {
| abort();
| throw new LoginException(
| "Error: Username Password failed to authenticate ");
| }
|
| if (loginOk) {
| Set<? super Principal> setOfPrincipals = subject.getPrincipals();
| setOfPrincipals.add(this.principal);
| setOfPrincipals.addAll(Arrays.asList(this.getRoleSets()));
| flag = true;
| } else {
| flag = false;
| }
| return flag;
| }
|
| public boolean logout() {
|
| this.subject.getPrincipals().remove(this.principal);
| subject = null;
| return true;
|
| }
|
| public boolean abort() {
|
| if ((subject != null) && (this.principal != null)) {
| Set setOfPrincipals = subject.getPrincipals();
| setOfPrincipals.remove(this.principal);
| }
| subject = null;
| this.principal = null;
| return true;
|
| }
|
| private Context getContext() throws NamingException {
| return new InitialContext();
| }
|
| private DataSource getDataSource() {
| DataSource ds = null;
| try {
| ds = (DataSource) getContext().lookup("java:jdbc/OracleDS");
| } catch (NamingException ne) {
| ne.printStackTrace();
| }
| return ds;
| }
|
| private QueryRunner getQueryRunner() {
| return new QueryRunner(getDataSource());
| }
|
| }
|
|
|
My Custom Principal
Code
package com.jaas.module;
|
| import java.security.Principal;
|
| public class CustomPrincipal implements Principal {
|
| private String firstName;
|
| private String lastName;
|
| private int age;
|
| private int ssn;
|
| public String getName() {
| String name = "";
| name = this.lastName != null ? this.firstName + " " + this.lastName
| : this.firstName;
| return name;
| }
|
| public String getFirstName() {
| return this.firstName;
| }
|
| public String getLastName() {
| return this.lastName;
| }
|
| public int getAge() {
| return this.age;
| }
|
| private void setFirstName(String firstName) {
| this.firstName = firstName;
| }
|
| private void setLastName(String lastName) {
| this.lastName = lastName;
| }
|
| private void setAge(String age) {
| this.age = Integer.parseInt(age);
| }
|
| public CustomPrincipal(String fName, String lName, String age, String ssn) {
| setFirstName(fName.trim());
| if (lName != null)
| setLastName(lName.trim());
| setAge(age.trim());
| setSsn(ssn.trim());
| }
|
| public CustomPrincipal(String name) {
| setFirstName(name.trim());
| }
|
| public int getSsn() {
| return this.ssn;
| }
|
| public void setSsn(String ssn) {
| this.ssn = Integer.parseInt(ssn);
| }
|
| }
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4118904#4118904
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4118904
More information about the jboss-user
mailing list