[jboss-user] [Security & JAAS/JBoss] - Custom LoginModule, standalone application, InitialContext i

piotr.koper do-not-reply at jboss.com
Tue Sep 18 04:32:37 EDT 2007


This is my first post on JBoss forums, but not last :-). 

A tried to implement my own LoginModule. It is very simple - so even it works :-). But not exactly as i want.

When I'm trying to log-in with my LoginModule (extends AbstractServerLoginModule) - it works for web applications (ever). But when i'm trying to log-in with standalone app (further SA) - i have some unstable behaviour: sometimes it works, and sometimes not. Works when i log-in with web-app earlier. When it works not - then in my debug i see, that SecurityAssociation is empty... I think it's cache guilt :-) i mean - it works on cached data, and when there is no data in cache - goodbye :-)

My LoginModule uses SecurityAssociation container (for getting principal and credential). I fill also "subject" with this data (username and credential from SecurityAssociation).

Important thing is that i have also my own client LoginModule. This login module do only two things: puts data from callback to SecurityAssociation, fill subject on commit and clear all when abort or logout is invoked. I also use sometimes ClientLoginModule, but it works (fails) exactly as mine (in standalone app).

So my questions are:
1) What things should be done at method login, commit, abort and logout?
2) My login module works only with use of LoginContext instance, but JBoss modules can also work with InitialContext env-s attributes/properies:

  | 		Hashtable env = new Hashtable();
  | 		env.put(Context.PROVIDER_URL, "jnp://");
  | 				env.put("java.naming.factory.initial","org.jnp.interfaces.NamingContextFactory");
  | 		env.put("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");
  | 		env.put(Context.SECURITY_AUTHENTICATION, "simple");
  | 		env.put(Context.SECURITY_PRINCIPAL, "j2ee");
  | 		env.put(Context.SECURITY_CREDENTIALS, "j2ee");
  | 		env.put(Context.SECURITY_PROTOCOL,"domain");
  | 		InitialContext ctx = new InitialContext(env);

how is it possible? What should I do to enable this feature in my module (client or server)?

Useful informations:
* i work with Windows XP SP2 and JBoss 4.2.1
* i load my security domain "dynamic", configs files: 
   application.xml - ejbs and web module
   jboss-app.xml - includes module-service login-service.xml
   jboss-service.xml - specify that login-config.xml is my AuthConfig
   login-config.xml - defines my domain
   login-service.xml - sets cache timeout
* in SA app i use auth.conf file with content:

  | jbc {
  | 	org.jboss.security.ClientLoginModule required;
  | };

I'm trying to log-in in SA with code:
		LoginContext loginContext = new LoginContext("jbc", callbackHandler);
  | 		loginContext.login();

callbackHandler fills NameCallback and PasswordCallback.

Any suggestion will be appreciate :-)


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4085356#4085356

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4085356

More information about the jboss-user mailing list