[jboss-user] [Beginner's Corner] - custom login module and admin-console
Martin Simka
do-not-reply at jboss.com
Wed Jan 5 10:45:40 EST 2011
Martin Simka [http://community.jboss.org/people/simkam] created the discussion
"custom login module and admin-console"
To view the discussion, visit: http://community.jboss.org/message/579061#579061
--------------------------------------------------------------
Hi,
My custom login module authenticates user against active directory and assigns roles from database. It works great with jmx-console but I can't get it work with admin-console. No error, no exception, just HTTP Status 404 - /admin-console/loggedIn.seam after succesfull authentication
Login Module
public class LdapDBLoginModule implements LoginModule {
private static final String LDAP_URL = "ldap-url";
private static final String LDAP_DOMAIN = "ldap-domain";
private static final String LDAP_BASE_DN = "ldap-base-dn";
private static final String APPLICATION_NAME = "application-name";
private static final String DS_JNDI_NAME = "ds-jndi-name";
private static final String QRY_PARAM_UZIVATEL = "uzivatel";
private static final String QRY_PARAM_SKUPINA = "skupina";
private static final String ROLE_QUERY = "SELECT nazev_role as role, uzivatel as uziv "
+ "FROM jbosslogin_pristupy pristup "
+ "LEFT JOIN jbosslogin_role role on pristup.role=role.id "
+ "LEFT JOIN jbosslogin_uzivatele uziv on uziv.username=pristup.uzivatel "
+ "WHERE role.aplikace=? and uziv.typ=?";
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
private boolean success = false;
private MyPrincipal userPrincipal;
private Set<String> roles;
private String ldapUrl;
private String ldapBaseDn;
private String dsJndiName;
private String applicationName;
private String ldapDomain;
private static final Logger logger = Logger.getLogger(LdapDBLoginModule.class.getName());
/**
* Incializace
* @param subject
* @param callbackHandler
* @param sharedState
* @param options
*/
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
logger.log(Level.INFO, "initialize login");
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
this.ldapUrl = (String) options.get(LDAP_URL);
this.ldapBaseDn = (String) options.get(LDAP_BASE_DN);
this.dsJndiName = (String) options.get(DS_JNDI_NAME);
if (dsJndiName == null) {
dsJndiName = "java:/DefaultDS";
}
this.applicationName = (String) options.get(APPLICATION_NAME);
this.ldapDomain = (String) options.get(LDAP_DOMAIN);
roles = new HashSet<String>();
logger.log(Level.INFO, "application {0}", applicationName);
logger.log(Level.INFO, "dsJndiName {0}", dsJndiName);
}
@Override
public boolean login() throws LoginException {
logger.log(Level.INFO, "initialize login");
if (callbackHandler == null) {
logger.log(Level.INFO, "Chyba prihlaseni. Neni dostupny CallbackHandler");
throw new LoginException("Chyba prihlaseni. Neni dostupny CallbackHandler");
}
NameCallback nc = new NameCallback("User name: ", "guest");
PasswordCallback pc = new PasswordCallback("Password: ", false);
Callback[] callbacks = {nc, pc};
String username = null;
String password = null;
try {
callbackHandler.handle(callbacks);
username = nc.getName();
password = new String(pc.getPassword());
logger.log(Level.INFO, "uzivatel {0}", username);
logger.log(Level.INFO, "heslo {0}", password);
try {
LdapControl ldapControl = new LdapControl(ldapUrl, username + "@" + ldapDomain, password, ldapBaseDn);
try {
ADUser adUser = ldapControl.getUserByUsername(username, ZdasFilters.ZDAS_USER_BY_USERNAME);
userPrincipal = parseAdUser(adUser);
roles = getDataZDb(username, adUser.getMemberOf());
if (roles.isEmpty()) {
logger.log(Level.INFO, "Prihlaseni uzivatele {0} se nezdarilo, overeni proti databazi pristupu.", username);
throw new FailedLoginException("Prihlaseni uzivatele " + username + " se nezdarilo, overeni proti databazi pristupu.");
}
} catch (AdZaznamNenalezenException azne) {
userPrincipal = new MyPrincipal(username, "", "", username, "");
}
success = true;
logger.log(Level.INFO, "Uzivatel {0}prihlasenen. LoginOk: {1}", new Object[]{username, success});
return true;
} catch (AuthenticationException ae) {
logger.log(Level.INFO, "Prihlaseni uzivatele {0} se nezdarilo, overeni proti domene.", username);
throw new FailedLoginException("Prihlaseni uzivatele " + username + " se nezdarilo, overeni proti domene.");
} catch (NamingException ne) {
logger.log(Level.INFO, "Chyba prihlaseni. Chyba spojeni s LDAP");
LoginException le = new LoginException("Chyba prihlaseni. Chyba spojeni s LDAP");
le.initCause(ne);
throw le;
}
} catch (IOException ioe) {
logger.log(Level.INFO, "Chyba prihlaseni. Nepodarilo se precist username/password");
LoginException le = new LoginException("Chyba prihlaseni. Nepodarilo se precist username/password");
le.initCause(ioe);
throw le;
} catch (UnsupportedCallbackException uce) {
logger.log(Level.INFO, "CallbackHandler nepodporuje: {0}", uce.getCallback());
LoginException le = new LoginException("CallbackHandler nepodporuje: " + uce.getCallback());
le.initCause(uce);
throw le;
}
}
@Override
public boolean commit() throws LoginException {
logger.log(Level.INFO, "commit, loginOk: {0}", success);
if (!success) {
return false;
}
Set principals = subject.getPrincipals();
principals.add(userPrincipal);
MyGroup group = new MyGroup("Roles");
logger.log(Level.INFO, "Role: {0}", roles);
for (String str : roles) {
MyGroup g = new MyGroup(str);
g.addMember(group);
principals.add(g);
group.addMember(g);
}
principals.add(group);
return true;
}
@Override
public boolean abort() throws LoginException {
logger.log(Level.INFO, "abort login");
success = false;
logout();
return true;
}
@Override
public boolean logout() throws LoginException {
logger.log(Level.INFO, "logout");
Set principals = subject.getPrincipals();
principals.remove(userPrincipal);
MyGroup group = new MyGroup("Roles");
for (String str : roles) {
MyGroup myGroup = new MyGroup(str);
principals.remove(myGroup);
group.addMember(myGroup);
}
principals.remove(group);
return true;
}
private MyPrincipal parseAdUser(ADUser adUser) {
String desc = adUser.getDescription();
String osobniCislo = null;
if (desc != null) {
if (desc.contains(";")) {
osobniCislo = desc.split(";")[0];
} else {
osobniCislo = desc;
}
}
return new MyPrincipal(adUser.getsAMAccountName(), adUser.getName(), adUser.getSn(), adUser.getDisplayName(), osobniCislo);
}
private Set<String> getDataZDb(String username, List<String> skupiny) throws LoginException {
Connection conn = null;
PreparedStatement ps = null;
ResultSet rs = null;
try {
InitialContext ic = new InitialContext();
DataSource ds = (DataSource) ic.lookup(dsJndiName);
conn = ds.getConnection();
ps = conn.prepareStatement(ROLE_QUERY);
ps.setString(1, applicationName);
ps.setString(2, QRY_PARAM_UZIVATEL);
rs = ps.executeQuery();
Set<String> set = new HashSet<String>();
while (rs.next()) {
String u = rs.getString("uziv");
if (u.trim().equals(username)) {
set.add(rs.getString("role"));
}
}
ps.setString(2, QRY_PARAM_SKUPINA);
rs = ps.executeQuery();
while (rs.next()) {
String u = rs.getString("uziv");
for (String skup : skupiny) {
if (u.trim().equals(skup)) {
set.add(rs.getString("role"));
break;
}
}
}
return set;
} catch (NamingException ne) {
logger.log(Level.INFO, "Chyba prihlasni. Chyba datasource.");
LoginException le = new LoginException("Chyba prihlasni. Chyba datasource.");
le.initCause(ne);
throw le;
} catch (SQLException sqle) {
logger.log(Level.INFO, "Chyba prihlasni. Chyba query.", sqle);
LoginException le = new LoginException("Chyba prihlasni. Chyba query.");
le.initCause(sqle);
throw le;
} finally {
if (rs != null) {
try {
rs.close();
} catch (SQLException e) {
}
}
if (ps != null) {
try {
ps.close();
} catch (SQLException e) {
}
}
if (conn != null) {
try {
conn.close();
} catch (SQLException ex) {
}
}
}
}
}
Any idea?
Also I'm not sure about commit method. Maybe there is a mistake.
(jboss-6.0.0.Final)
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/579061#579061]
Start a new discussion in Beginner's Corner at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20110105/190726e8/attachment-0001.html
More information about the jboss-user
mailing list