[jboss-dev-forums] [JBoss AS 7 Development] - jboss a7 JAAS custom login sso
abiya
do-not-reply at jboss.com
Mon Jan 9 06:04:46 EST 2012
abiya [http://community.jboss.org/people/abiya] created the discussion
"jboss a7 JAAS custom login sso"
To view the discussion, visit: http://community.jboss.org/message/645381#645381
--------------------------------------------------------------
Hi,
I have an exisitng application which has JAAS security enabled and CasssoFilter for SSO working fine in weblogic. I am trying to get it work in jboss as7 and am not very clear on the security configuration to be done. Below is the list of what I have configured so far and I get the Principal value as null when I login.
My configurations:
<jboss-web>
<security-domain flushOnSessionInvalidation="true">metreo</security-domain>
</jboss-web>
standalone.xml
-----------------------
<subsystem xmlns="urn:jboss:domain:security:1.0">
<security-domains>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Disabled" flag="required"/>
</authentication>
</security-domain>
<security-domain name="metreo">
<authentication>
<login-module code="com.metreo.platform.security.jboss.jboss600.jaas.jdbc.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/weblogic.jdbc.jts.demopool"/>
<module-option name="principalsQuery" value="select password from m_user where m_user_name=? and m_user_status=1"/>
<module-option name="rolesQuery" value="select userRoles, 'Roles' from UserRoles where username=?"/>
<module-option name="userPrincipalForUserQuery" value="select m_user_id, m_org_id from m_user where m_user_name = ? and m_user_status = ?"/>
<module-option name="metreoRolesQuery" value="select grp.m_group_name, grp.m_group_id, grp.m_group_type from m_group grp,m_user usr, m_user_group usrgrp where usrgrp.m_user_id = ? and usrgrp.m_group_id = grp.m_group_id and usr.m_user_name = ?"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="base64"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
</authentication>
</security-domain>
</security-domains>
</subsystem>
.DatabaseServerLoginModule.java
------------------------------------------------
****public
***
*
***class** JDBCLoginModule **extends** DatabaseServerLoginModule {
***
16:00:19,638 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) Begin invoke, caller=null
16:00:19,648 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) End invoke, caller=null
16:00:19,648 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) Begin invoke, caller=null
16:00:19,658 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/metreoSSO].[jsp]] (http--127.0.0.1-7001-2) Disabling the response for futher output
16:00:19,658 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) End invoke, caller=null
16:00:19,698 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) Begin invoke, caller=null
**public** **void** initialize(Subject a_subject,
CallbackHandler a_callbackHandler, Map a_sharedState, Map a_options) {
***super***.initialize(a_subject, a_callbackHandler, a_sharedState, a_options);
**this**.m_subject = a_subject;
**try** {
++m_userPrincipalForUserQuery++ = (String) a_options
.get(++USER_PRINCIPALS_QUERY++);
++m_metreoRolesQuery++ = (String)a_options.get(++METREO_ROLES_QUERY++);
} **catch** (Exception ex) {
ex.printStackTrace();
**throw** **new** RuntimeException(ex);
**public
****boolean** login() **throws**LoginException {
**try**{
m_success = ***super***.login();
// See if shared credentials exist
**if** (m_success == **true**) {
// Setup our view of the user
Object username =sharedState
.get(
"javax.security.auth.login.name");
String name = username.toString();
Object password =sharedState
.get(
"javax.security.auth.login.password");
MetreoJAASUser metreoUser = getUserPncplForUser(name);
m_tempPrincipals.add(metreoUser);
setupUserRoles(m_tempPrincipals, metreoUser);
} **else** {
**throw** **new** LoginException("Authentication failed");
}
**return** (**true**);
} **catch** (LoginException ex) {
**throw** ex;
} **catch** (Exception ex) {
m_success = **false**;
**throw** **new** LoginException(ex.getMessage());
}
}
// My other methods
}
log stacktrace:
-------------------
I enabled trace level debug and got to see the following,
16:00:19,638 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) Begin invoke, caller=null
16:00:19,648 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) End invoke, caller=null
16:00:19,648 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) Begin invoke, caller=null
16:00:19,658 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/metreoSSO].[jsp]] (http--127.0.0.1-7001-2) Disabling the response for futher output
16:00:19,658 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) End invoke, caller=null
16:00:19,698 TRACE [org.jboss.as.web.security.SecurityContextAssociationValve] (http--127.0.0.1-7001-2) Begin invoke, caller=null
Please let me know what else should I configure.
Thanks,
Abiya
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/645381#645381]
Start a new discussion in JBoss AS 7 Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2225]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20120109/06106fa8/attachment.html
More information about the jboss-dev-forums
mailing list