[jboss-user] [Security & JAAS/JBoss] - Re: JAAS Authentication from stand alone client

eefahs do-not-reply at jboss.com
Mon Aug 25 04:59:51 EDT 2008


Thank you very much for the response, I think I need more help..

Yes,  I am using CallbackHandler.  
I think I need to explain my requirement little bit more....

In my application initially it comes with a login screen and after user enters a username and password and presss login button it will create a LoginContext as follows
 	new LoginContext("myJaas", subject, new MyCallbackHandler(UserId, Password, serverUrl));

and then it will call loginContext.login()
And in my client side I have created a jaas.config file as follows
myJaas {
   org.jboss.security.ClientLoginModule required;
   com.my.security.jboss.db.DbLoginModuleImpl required debug=false authOnLogin=true;

SO it should internally call the login methods of each of these loginModules... (So For this we have to copy the LoginModule  jar file to client side also right?)
and my DbLoginModuleImpl is as follows and the login method will just validate the useid and password with the database column values. If both exists in db, the method will return true. and the jaas authentication ends there... 

Here is my LoginModule

final public class DbLoginModuleImpl implements LoginModule {
	private Subject subject;
	private CallbackHandler callbackHandler;
	private boolean isloginSucceeded;
	private boolean isprincipalsInSubject;
	private boolean isException;
	private ArrayList principalsForSubject = new ArrayList();

	public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
		this.subject = subject;
		this.callbackHandler = callbackHandler;
	public boolean login() throws LoginException {

			String userName = null;
			String passwordHave = null;
			String airlineCode = null;

			Callback[] callbacks = getCallbacks();
			String userValue = getUserName(callbacks);
			userName = userValue;
			if (userName.length() > 0) {
				passwordHave = getPasswordHave(userName, callbacks);

			if (validateUser(userName, passwordHave)) {
				System.out.println("DbLoginModuleImpl.login() :: VALID USER");
				SessionPrincipal sessionPrincipal = new SessionPrincipal(userName);
				isloginSucceeded = true;
				return true;
			} else {
				System.out.println("DbLoginModule.login() :: INVALID USER");
				throw new FailedLoginException("Invalid User");
		} catch (SystemException systemException) {
			throw new FailedLoginException(systemException.getErrorCode());
		} finally {
		           System.out.println("DbLoginModule exiting login()");


	public boolean commit() throws LoginException {
		if (isloginSucceeded) {
			isprincipalsInSubject = true;
			return true;
		} else {
			return false;

	public boolean abort() throws LoginException {
		if (isprincipalsInSubject) {
			isprincipalsInSubject = false;
		return true;

	public boolean logout() throws LoginException {
		return true;


But the problem with JBOSS is that, it will not execute the login method immediately when we called the logincontext.login()  Am I correct?  

It will execute it only when we try to execute method on a EJB for which we define a <security-domain>java:/jaas/myJaas</security-domain>. Also for that EJB we have to declare  <security-role-ref>  attribute with the required roles.   

And in my case i dont have a role, if the LoginModule.login method validates the username and password successfully, it should be allowed to execute the above bean method also...   how can I achieve this?

Basically, I just want to validate the username and password with the JAAS authentication  no roles nothing... 

Help me..

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4172232#4172232

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4172232

More information about the jboss-user mailing list