[jboss-user] [Security & JAAS/JBoss] - Re: In valve getRemoteUser value returned as NULL always
sohil.shah@jboss.com
do-not-reply at jboss.com
Thu Jul 20 17:35:28 EDT 2006
twittemb-
Here is the CustomAuthenticator code that we use in the JBoss Federated SSO project. I am pasting the code for the FormAuthenticator
| /*
| * JBoss, Home of Professional Open Source
| * Copyright 2005, JBoss Inc., and individual contributors as indicated
| * by the @authors tag. See the copyright.txt in the distribution for a
| * full listing of individual contributors.
| *
| * This is free software; you can redistribute it and/or modify it
| * under the terms of the GNU Lesser General Public License as
| * published by the Free Software Foundation; either version 2.1 of
| * the License, or (at your option) any later version.
| *
| * This software is distributed in the hope that it will be useful,
| * but WITHOUT ANY WARRANTY; without even the implied warranty of
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
| * Lesser General Public License for more details.
| *
| * You should have received a copy of the GNU Lesser General Public
| * License along with this software; if not, write to the Free
| * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
| * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
| */
| package org.jboss.security.authenticator;
|
|
| //core java classes
| import java.io.IOException;
| import java.security.Principal;
|
|
| //servlet classes
| import javax.servlet.ServletException;
|
|
| //core jboss specific classes
|
|
| //core catalina classes for tomcat specific functions
| import org.apache.catalina.connector.Request;
| import org.apache.catalina.connector.Response;
| import org.apache.catalina.deploy.LoginConfig;
| import org.apache.catalina.authenticator.FormAuthenticator;
|
|
| //JBoss-SSO Framework classes
| //jboss-sso-saml library
| import org.jboss.security.saml.SingleSignOn;
| import org.jboss.security.saml.SSOException;
| import org.jboss.security.valve.*;
|
| //jboss-identity-management classes
| import org.jboss.security.idm.Identity;
| import org.jboss.security.idm.IdentityManager;
| import org.jboss.security.idm.IdentityProvider;
|
| //jboss-sso-common classes
| import org.jboss.security.util.HTTPUtil;
| import org.jboss.security.util.SSOUtil;
|
|
|
| /**
| * @author Sohil Shah - sohil.shah at jboss.com
| *
| * The SSOAutoLogin Tomcat Form Authenticator intercepts requests and checks the presence of an SSOToken domain cookie.
| * If a domain cookie is found it is processed and a Principal is generated resulting in AutoLogin
| */
| public class SSOAutoLoginForm extends FormAuthenticator
| {
|
| //----------------------------------------------------- Instance Variables
|
| /**
| * Descriptive information about this implementation.
| */
| private static final String info = "org.jboss.security.valve.SSOAutoLogin/1.0";
|
|
| // ------------------------------------------------------------- Properties
|
|
| /**
| * Return descriptive information about this Valve implementation.
| */
| public String getInfo()
| {
| return (info);
| }
|
|
| /**
| *
| */
| public void invoke(Request request, Response response)
| throws IOException, ServletException
| {
| try
| {
| boolean wasSSOPerformed = false;
| boolean performSSO = false;
| SSOSession activeSession = SSOSession.getSSOSession(request.getSession(true));
|
| //check for the block on automatic sso login, if one is found, don't perform the automatic login
| //without this, the user is never able to logout, because all dependent requests to "logout usecase",
| //fire up the automatic sso login
| if(activeSession.getTurnOff()==null)
| {
| performSSO = true;
| }
|
|
| if(performSSO)
| {
| wasSSOPerformed = this.performSSO(request,response);
| }
|
| if(!wasSSOPerformed)
| {
| //if I get here then no SSO processing was done. perform the regular form based authentication
| super.invoke(request,response);
| if(
| request.getSessionInternal(false)!=null &&
| request.getSessionInternal(false).getPrincipal()!=null &&
| SSOSession.getSSOSession(request.getSession()).getPrincipal()==null
| )
| {
| SSOSession.getSSOSession(request.getSession()).
| setPrincipal(
| request.getContextPath(),
| request.getSessionInternal(false).getPrincipal());
| }
| return;
| }
|
| //this is only if SSO automated login happened on this request
| this.getNext().invoke(request,response);
| }
| catch(SSOException ssoe)
| {
| ssoe.printStackTrace();
| throw new ServletException(ssoe);
| }
| catch(Exception e)
| {
| e.printStackTrace();
| throw new ServletException(e);
| }
| }
|
|
| /**
| *
| * @param request
| * @param response
| * @return
| */
| private boolean performSSO(Request request,Response response) throws IOException,SSOException,Exception
| {
| boolean wasSSOPerformed = false;
| String ssoToken = null;
| boolean ssoCookieFound = false;
|
| //find the SSOToken cookie and setup the proper state
| ssoToken = HTTPUtil.getSSOToken(request,SingleSignOn.SSO_TOKEN);
| if(ssoToken!=null && ssoToken.trim().length()>0)
| {
| ssoCookieFound = true;
| }
|
|
| if(ssoCookieFound)
| {
| Principal principal = request.getSessionInternal(true).getPrincipal();
| if(principal==null)
| {
| //perform auto login for this principal
| LoginConfig config = this.context.getLoginConfig();
| String username = SSOUtil.getUsername(ssoToken);
| String password = this.getPassword(username);
| request.setAttribute(SingleSignOn.SSO_USERNAME,username);
| request.setAttribute(SingleSignOn.SSO_PASSWORD,password);
|
|
| boolean ssoLogin = this.ssoLogin(request,response,config);
| if(ssoLogin)
| {
| String requestURI = request.getRequestURI();
| String contextPath = request.getContextPath();
| SSOSession ssoSession = SSOSession.getSSOSession(request.getSession());
| ssoSession.setPrincipal(contextPath,
| request.getSessionInternal(true).getPrincipal());
| wasSSOPerformed = true;
| }
| }
| }
| return wasSSOPerformed;
| }
|
| /**
| *
| * @param request
| * @param response
| * @param config
| * @return
| * @throws IOException
| */
| private boolean ssoLogin(Request request,Response response,LoginConfig config)
| throws IOException
| {
| boolean success = false;
|
| Principal principal = null;
|
| // Validate any credentials already included with this request
| String username = (String)request.getAttribute(SingleSignOn.SSO_USERNAME);
| String password = (String)request.getAttribute(SingleSignOn.SSO_PASSWORD);
| principal = this.context.getRealm().authenticate(username, password);
| if (principal != null)
| {
| register(request, response, principal,"FORM",username, password);
| success = true;
| }
| return success;
| }
|
|
| /**
| *
| */
| private String getPassword(String username) throws Exception
| {
| String password = null;
|
| //perform check against JBoss' central identity data (stored in LDAP)
| IdentityProvider provider = IdentityManager.findProvider();
|
| if(
| provider.exists(username)
| )
| {
| Identity identity = provider.read(username);
| password = new String(identity.getPassword());
| }
|
| return password;
| }
| }
|
Hope this helps
Thanks
Sohil
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959707#3959707
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3959707
More information about the jboss-user
mailing list