JBoss Community

jboss a7 JAAS custom login sso

created by abiya in JBoss AS 7 Development - View the full discussion

Hi,

 

I have an exisitng application which has JAAS security enabled and CasssoFilter for SSO working fine in weblogic. I am trying to get it work in jboss as7 and am not very clear on the security configuration to be done. Below is the list of what I have configured so far and I get the Principal value as null when I login.

 

My configurations:

 

<jboss-web>

<security-domain flushOnSessionInvalidation="true">metreo</security-domain>

</jboss-web>

 

standalone.xml

-----------------------

        <subsystem xmlns="urn:jboss:domain:security:1.0">

            <security-domains>

                <security-domain name="other" cache-type="default">

                    <authentication>

                        <login-module code="Disabled" flag="required"/>

                    </authentication>

                </security-domain>

                <security-domain name="metreo">

                    <authentication>

                        <login-module code="com.metreo.platform.security.jboss.jboss600.jaas.jdbc.DatabaseServerLoginModule" flag="required">

                            <module-option name="dsJndiName" value="java:jboss/datasources/weblogic.jdbc.jts.demopool"/>

                            <module-option name="principalsQuery" value="select password from m_user where m_user_name=? and m_user_status=1"/>

                            <module-option name="rolesQuery" value="select userRoles, 'Roles' from UserRoles where username=?"/>

                            <module-option name="userPrincipalForUserQuery" value="select m_user_id, m_org_id from m_user where m_user_name = ? and m_user_status = ?"/>

                            <module-option name="metreoRolesQuery" value="select grp.m_group_name, grp.m_group_id, grp.m_group_type from m_group grp,m_user usr, m_user_group usrgrp where usrgrp.m_user_id = ? and usrgrp.m_group_id = grp.m_group_id and usr.m_user_name = ?"/>

                            <module-option name="hashAlgorithm" value="MD5"/>

                            <module-option name="hashEncoding" value="base64"/>

                            <module-option name="unauthenticatedIdentity" value="guest"/>

                        </login-module>

                    </authentication>

                </security-domain>

            </security-domains>

        </subsystem>



.DatabaseServerLoginModule.java

------------------------------------------------





public

class JDBCLoginModule extends DatabaseServerLoginModule {



16:00:19,638 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) Begin invoke, caller=null

16:00:19,648 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) End invoke, caller=null

16:00:19,648 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) Begin invoke, caller=null

16:00:19,658 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/metreoSSO].[jsp]] (http--127.0.0.1-7001-2)  Disabling the response for futher output

16:00:19,658 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) End invoke, caller=null

16:00:19,698 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) Begin invoke, caller=null

public void

initialize(Subject a_subject,

 

 

 

 

 

 

 

 

CallbackHandler a_callbackHandler, Map a_sharedState, Map a_options) {

 

super

.initialize(a_subject, a_callbackHandler, a_sharedState, a_options);

this.m_subject

= a_subject;

try

{

m_userPrincipalForUserQuery

= (String) a_options

.get(USER_PRINCIPALS_QUERY

);

m_metreoRolesQuery = (String)a_options.get(METREO_ROLES_QUERY

);

} catch

(Exception ex) {

ex.printStackTrace();

throw new

RuntimeException(ex);

public

boolean login() throws

LoginException {

 

 

try

{

 

m_success = super

.login();

 

// See if shared credentials exist

 

if (m_success == true

) {

 

// Setup our view of the user

Object username =

sharedState

.get(

"javax.security.auth.login.name"

);

String name = username.toString();

 

Object password =

sharedState

.get(

"javax.security.auth.login.password"

);

MetreoJAASUser metreoUser = getUserPncplForUser(name);

 

m_tempPrincipals.add(metreoUser);

setupUserRoles(m_tempPrincipals

, metreoUser);

 

} else

{

throw new LoginException("Authentication failed"

);

}

 

return (true

);

 

} catch

(LoginException ex) {

throw

ex;

} catch

(Exception ex) {

m_success = false

;

throw new LoginException(ex.getMessage

());

}

}

// My other methods

}

 

log stacktrace:

-------------------

I enabled trace level debug and got to see the following,

16:00:19,638 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) Begin invoke, caller=null

16:00:19,648 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) End invoke, caller=null

16:00:19,648 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) Begin invoke, caller=null

16:00:19,658 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/metreoSSO].[jsp]] (http--127.0.0.1-7001-2)  Disabling the response for futher output

16:00:19,658 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) End invoke, caller=null

16:00:19,698 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) Begin invoke, caller=null

 

Please let me know what else should I configure.



Thanks,

Abiya

 

Reply to this message by going to Community

Start a new discussion in JBoss AS 7 Development at Community