[jboss-user] [Security & JAAS/JBoss] - JAAS in Jboss 5.0 GA
shivaji.byrapaneni
do-not-reply at jboss.com
Tue May 26 07:06:20 EDT 2009
Hi There,
im a new bee to Jboss and JAAS as well
i tried to implement soem thing on jboss with jaas like this
1) a Login Page popup to teh user asking dor user id & password
2) After he clicks on login i thught of validating that using JAAS
3) If login is returned succesful i though of putting the subject in session for my future actions on th applications
im using
jsf 1.2 with richfaces
Jboss 5.0 GA
Here is what i did
1) I had created a configuration file like this
nomination_authenticator.config
|
| /** Login Configuration for the JAAS Sample Application **/
|
| NominationSystem {
| com.security.login.SecurityLoginModule required debug=true;
| };
|
|
2) is one of my startup filter in my init i did this
|
| System.setProperty("-Djava.security.auth.login.config",
| "nomination_authenticator.config
| ");
|
|
nomination_authenticator.config is available in my classpath.
3) i wrote a Autheticator in which a method will be called from my managed bean after collecting the user id and password which usre provides on screen
|
| package com.authentication;
|
| import java.io.IOException;
|
| import javax.security.auth.callback.Callback;
| import javax.security.auth.callback.CallbackHandler;
| import javax.security.auth.callback.NameCallback;
| import javax.security.auth.callback.PasswordCallback;
| import javax.security.auth.callback.UnsupportedCallbackException;
| import javax.security.auth.login.LoginContext;
| import javax.security.auth.login.LoginException;
|
| import com.logger.NominationLogger;
|
| public class Authenticator {
|
|
| public static boolean AuthenticateUser(String userid, String password)
| throws Exception {
| LoginContext lc = null;
|
| try {
| lc = new LoginContext("NominationSystem",
| new AuthenticatorCallbackHandler(userid, password));
| } catch (LoginException le) {
| NominationLogger.error("Cannot create LoginContext. "
| + le.getMessage());
| throw le;
| } catch (SecurityException se) {
| NominationLogger.error("Cannot create LoginContext. "
| + se.getMessage());
| throw se;
| }
|
| try {
| lc.login();
| } catch (LoginException e) {
| NominationLogger.error("Login Error" + e.getMessage());
| throw e;
| }
|
| return false;
| }
| }
|
| class AuthenticatorCallbackHandler implements CallbackHandler {
| private String userId = null;
| private String password = null;
|
| public AuthenticatorCallbackHandler(String userId, String password) {
| this.userId = userId;
| this.password = password;
| }
|
| public void handle(Callback[] callbacks) throws IOException,
| UnsupportedCallbackException {
| for (int i = 0; i < callbacks.length; i++) {
| if (callbacks
| instanceof NameCallback) {
| NameCallback nc = (NameCallback) callbacks
| ;
| nc.setName(userId);
|
| } else if (callbacks
| instanceof PasswordCallback) {
| PasswordCallback pc = (PasswordCallback) callbacks
| ;
| pc.setPassword(getPasswordAsCharArray(password));
| } else {
| throw new UnsupportedCallbackException(callbacks
| ,
| "Unrecognized Callback");
| }
| }
| }
|
| private char[] getPasswordAsCharArray(String password) {
| char[] charArrPassword = null;
| charArrPassword = new char[password.length()];
| for (int i = 0; i < password.length(); i++)
| charArrPassword
| = password.charAt(i);
| return charArrPassword;
| }
| }
|
bold font method will be called from my managed bean with user id and password.
and my Login module is this
|
| package com.security.login;
|
| import java.util.Map;
|
| import javax.security.auth.Subject;
| import javax.security.auth.callback.Callback;
| import javax.security.auth.callback.CallbackHandler;
| import javax.security.auth.callback.NameCallback;
| import javax.security.auth.callback.PasswordCallback;
| import javax.security.auth.callback.UnsupportedCallbackException;
| import javax.security.auth.login.FailedLoginException;
| import javax.security.auth.login.LoginException;
|
| import com.logger.NominationLogger;
| import com.managedbeans.NominationBaseBean;
|
| public class SecurityLoginModule implements javax.security.auth.spi.LoginModule {
| // initial state
| private Subject subject;
| private CallbackHandler callbackHandler;
| private Map sharedState;
| private Map options;
| // configurable option
| private boolean debug = false;
| // the authentication status
| private boolean succeeded = false;
| private boolean commitSucceeded = false;
| // username and password
| private String userId;
| private String password;
| private String role;
| private String name;
| // principle object
| private NominationPrinciple nominationPrincipal;
|
| public void initialize(Subject subject, CallbackHandler callbackHandler,
| Map sharedState, Map options) {
| this.subject = subject;
| this.callbackHandler = callbackHandler;
| this.sharedState = sharedState;
| this.options = options;
| // initialize any configured options
| debug = "true".equalsIgnoreCase((String) options.get("debug"));
| }
|
| public boolean login() throws LoginException {
| // prompt for a user name and password
| if (callbackHandler == null)
| throw new LoginException("Error: no CallbackHandler available "
| + "to garner authentication information from the user");
|
| Callback[] callbacks = new Callback[2];
| callbacks[0] = new NameCallback("user name: ");
| callbacks[1] = new PasswordCallback("password: ", false);
|
| try {
| callbackHandler.handle(callbacks);
| userId = ((NameCallback) callbacks[0]).getName();
| char[] tmpPassword = ((PasswordCallback) callbacks[1])
| .getPassword();
| password = getPasswordAsString(tmpPassword);
| ((PasswordCallback) callbacks[1]).clearPassword();
| } catch (java.io.IOException ioe) {
| throw new LoginException(ioe.toString());
| } catch (UnsupportedCallbackException uce) {
| throw new LoginException("Error: " + uce.getCallback().toString()
| + " not available to garner authentication information "
| + "from the user");
| }
| // print debugging information
| if (debug) {
| NominationLogger.debug("user id: " + userId);
| NominationLogger.debug("Password: " + password);
| }
| // verify the username/password
| boolean usernameCorrect = false;
| boolean passwordCorrect = false;
| // Hit db here with user id and password and get the details
| // assign role to role variable
| if (userId.equals("testUser"))
| usernameCorrect = true;
| if (usernameCorrect && password.equals("testPassword")) {
| // authentication succeeded!!!
| passwordCorrect = true;
| if (debug)
| NominationLogger.debug("authentication succeeded");
| // seeting some test role
| role = "testRole";
| // setting test name
| name = "Shivaji";
| succeeded = true;
| return true;
| } else {
| // authentication failed -- clean out state
| if (debug)
| NominationLogger.debug("authentication failed");
| succeeded = false;
| userId = null;
| password = null;
| throw new FailedLoginException("Invalid login");
| }
| }
|
| public boolean commit() throws LoginException {
|
| if (succeeded == false) {
| return false;
| } else {
| nominationPrincipal = new NominationPrinciple(name, role, userId);
| if (!subject.getPrincipals().contains(nominationPrincipal))
| subject.getPrincipals().add(nominationPrincipal);
|
| if (debug) {
| NominationLogger.debug("added SamplePrincipal to Subject");
| }
|
| // setting subject to session
| new NominationBaseBean().getNominationSessionBean().setSubject(
| subject);
|
| // in any case, clean out state
| userId = null;
| password = null;
| name = null;
| role = null;
|
| commitSucceeded = true;
| return true;
| }
| }
|
| public boolean abort() throws LoginException {
|
| if (succeeded == false) {
| return false;
| } else if (succeeded == true && commitSucceeded == false) {
| // login succeeded but overall authentication failed
| succeeded = false;
| userId = null;
| role = null;
| password = null;
| name = null;
| nominationPrincipal = null;
| } else {
| // overall authentication succeeded and commit succeeded,
| // but someone else's commit failed
| logout();
| }
| return true;
| }
|
| public boolean logout() throws LoginException {
| subject.getPrincipals().remove(nominationPrincipal);
| succeeded = false;
| succeeded = commitSucceeded;
| userId = null;
| role = null;
| password = null;
| name = null;
| nominationPrincipal = null;
| return true;
| }
|
| private String getPasswordAsString(char[] password) {
| StringBuffer stringPassword = new StringBuffer();
| for (int i = 0; i < password.length; i++)
| stringPassword.append("" + password
| );
| return stringPassword.toString();
| }
| }
|
|
in my web.xml i added this
|
| <security-constraint>
| <!--
| A collection of protected resources along with the access mechanism
| -->
| <web-resource-collection>
| <web-resource-name>Restricted to Secure role</web-resource-name>
| <description>Declarative security</description>
| <url-pattern>/*</url-pattern>
| <http-method>HEAD</http-method>
| <http-method>GET</http-method>
| <http-method>POST</http-method>
| <http-method>PUT</http-method>
| <http-method>DELETE</http-method>
| </web-resource-collection>
| <!-- The list of roles that can access the resource. -->
| <auth-constraint>
| <role-name>User</role-name>
| <role-name>Approver</role-name>
| <role-name>Account_L_D</role-name>
| <role-name>L_D</role-name>
| </auth-constraint>
| </security-constraint>
|
in my web-inf i added jboss-web.xml
|
| <?xml version="1.0" encoding="UTF-8"?>
| <jboss-web>
| <security-domain>java:/jaas/NominationSecurity</security-domain>
| </jboss-web>
|
|
i added thsi in my login-config.xml
| <application-policy name="NominationSecurity">
| <authentication>
| <login-module code="com.security.login.SecurityLoginModule"
| flag="required">
| <module-option name="usersProperties">props/nominationSystem-users.properties</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
|
this is all what i did for my application
but when i tried to access the login page it giving me access denied
im sure that i did something absured pls correct me if i.
please help me in understanding and making my wish working...
Thanks a lot in advance
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4233269#4233269
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4233269
More information about the jboss-user
mailing list