[jboss-user] [Security & JAAS/JBoss] - Re: Integration of Custom Client and Server Login Modules

kearns do-not-reply at jboss.com
Tue Jul 18 04:11:25 EDT 2006 

hi,

The jsp page where the client enters the data is shown below. You will see that I extract the credential 'customer id' from the subject to use in a call to a BankMgr Bean via a delegate (BankMgrDelegate). The BankMgr bean is in the 'securBankDomain' which uses the CustomServerLogin module to map the 'customer id' credential to a role. Specific roles have access to specific methods.

<!-- 
    jaas.jsp: Simple JSP page to test custom JAAS RdbmsLoginModule.
-->

<%
if (request.getParameter("user") == null) {
%>
	
		<input type=text name=user>
		<input type=text name=pass>
		<input type=submit value=submit>
	
<%
} else {
	// just so you can see the debug messages
	//System.setOut(new PrintStream(response.getOutputStream()));

    try {
        // Get the form's username & password fields
        //
	    String user = request.getParameter("user");
	    String pass = request.getParameter("pass");

        // Use the username/password to initialize the
        // callback handler and then do the authentication.
        //
	    PassiveCallbackHandler cbh = new PassiveCallbackHandler(user, pass);

	    LoginContext lc = new LoginContext("Example", cbh);

	    lc.login();

        // Loop through all Principals and Credentials.
        //
        Iterator it = lc.getSubject().getPrincipals().iterator();
        while (it.hasNext()) 
            out.println("Authenticated: " + it.next().toString() + "");

		// as the credential is not any specific class, but can be any object the type is 
		// past as an augument. Here RdbmsPrinciple extends java.util.Properties.
        it = lc.getSubject().getPublicCredentials(Properties.class).iterator();

		out.println("Credentials: ");
		String id = null;
		Properties credential = null;
        while (it.hasNext())
        	credential = (Properties)it.next();
        	id = credential.getProperty("customer id");
            out.println(credential.toString());
 
 		// initialise bank manager delegate
 		BankMgrDelegate bankMgrDelegate = new BankMgrDelegate();
        bankMgrDelegate.init();     
        
        // call BankMgr bean
            if (id != null) {
                int custId = Integer.parseInt(id);
                try {
                    out.println(bankMgrDelegate.getCustomerData(custId).toString());
                } catch (Exception e) {
                    out.println("jaas: call BankMgr bean - "+e.getMessage());
                }
            } else {
               out.println("Controller: processRequest - INVALID parameter *** userId ***");  
            }   
            
	
	    lc.logout();
	             
        } catch (Exception e) {
        out.println("Caught Exception: " + e);
    	}
}
%>
 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3958687#3958687

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3958687

More information about the jboss-user mailing list