twittemb- Here is the CustomAuthenticator code that we use in the JBoss Federated SSO project. I am pasting the code for the FormAuthenticator
| /* | * JBoss, Home of Professional Open Source | * Copyright 2005, JBoss Inc., and individual contributors as indicated | * by the @authors tag. See the copyright.txt in the distribution for a | * full listing of individual contributors. | * | * This is free software; you can redistribute it and/or modify it | * under the terms of the GNU Lesser General Public License as | * published by the Free Software Foundation; either version 2.1 of | * the License, or (at your option) any later version. | * | * This software is distributed in the hope that it will be useful, | * but WITHOUT ANY WARRANTY; without even the implied warranty of | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | * Lesser General Public License for more details. | * | * You should have received a copy of the GNU Lesser General Public | * License along with this software; if not, write to the Free | * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA | * 02110-1301 USA, or see the FSF site: http://www.fsf.org. | */ | package org.jboss.security.authenticator; | | | //core java classes | import java.io.IOException; | import java.security.Principal; | | | //servlet classes | import javax.servlet.ServletException; | | | //core jboss specific classes | | | //core catalina classes for tomcat specific functions | import org.apache.catalina.connector.Request; | import org.apache.catalina.connector.Response; | import org.apache.catalina.deploy.LoginConfig; | import org.apache.catalina.authenticator.FormAuthenticator; | | | //JBoss-SSO Framework classes | //jboss-sso-saml library | import org.jboss.security.saml.SingleSignOn; | import org.jboss.security.saml.SSOException; | import org.jboss.security.valve.*; | | //jboss-identity-management classes | import org.jboss.security.idm.Identity; | import org.jboss.security.idm.IdentityManager; | import org.jboss.security.idm.IdentityProvider; | | //jboss-sso-common classes | import org.jboss.security.util.HTTPUtil; | import org.jboss.security.util.SSOUtil; | | | | /** | * @author Sohil Shah - [EMAIL PROTECTED] | * | * The SSOAutoLogin Tomcat Form Authenticator intercepts requests and checks the presence of an SSOToken domain cookie. | * If a domain cookie is found it is processed and a Principal is generated resulting in AutoLogin | */ | public class SSOAutoLoginForm extends FormAuthenticator | { | | //----------------------------------------------------- Instance Variables | | /** | * Descriptive information about this implementation. | */ | private static final String info = "org.jboss.security.valve.SSOAutoLogin/1.0"; | | | // ------------------------------------------------------------- Properties | | | /** | * Return descriptive information about this Valve implementation. | */ | public String getInfo() | { | return (info); | } | | | /** | * | */ | public void invoke(Request request, Response response) | throws IOException, ServletException | { | try | { | boolean wasSSOPerformed = false; | boolean performSSO = false; | SSOSession activeSession = SSOSession.getSSOSession(request.getSession(true)); | | //check for the block on automatic sso login, if one is found, don't perform the automatic login | //without this, the user is never able to logout, because all dependent requests to "logout usecase", | //fire up the automatic sso login | if(activeSession.getTurnOff()==null) | { | performSSO = true; | } | | | if(performSSO) | { | wasSSOPerformed = this.performSSO(request,response); | } | | if(!wasSSOPerformed) | { | //if I get here then no SSO processing was done. perform the regular form based authentication | super.invoke(request,response); | if( | request.getSessionInternal(false)!=null && | request.getSessionInternal(false).getPrincipal()!=null && | SSOSession.getSSOSession(request.getSession()).getPrincipal()==null | ) | { | SSOSession.getSSOSession(request.getSession()). | setPrincipal( | request.getContextPath(), | request.getSessionInternal(false).getPrincipal()); | } | return; | } | | //this is only if SSO automated login happened on this request | this.getNext().invoke(request,response); | } | catch(SSOException ssoe) | { | ssoe.printStackTrace(); | throw new ServletException(ssoe); | } | catch(Exception e) | { | e.printStackTrace(); | throw new ServletException(e); | } | } | | | /** | * | * @param request | * @param response | * @return | */ | private boolean performSSO(Request request,Response response) throws IOException,SSOException,Exception | { | boolean wasSSOPerformed = false; | String ssoToken = null; | boolean ssoCookieFound = false; | | //find the SSOToken cookie and setup the proper state | ssoToken = HTTPUtil.getSSOToken(request,SingleSignOn.SSO_TOKEN); | if(ssoToken!=null && ssoToken.trim().length()>0) | { | ssoCookieFound = true; | } | | | if(ssoCookieFound) | { | Principal principal = request.getSessionInternal(true).getPrincipal(); | if(principal==null) | { | //perform auto login for this principal | LoginConfig config = this.context.getLoginConfig(); | String username = SSOUtil.getUsername(ssoToken); | String password = this.getPassword(username); | request.setAttribute(SingleSignOn.SSO_USERNAME,username); | request.setAttribute(SingleSignOn.SSO_PASSWORD,password); | | | boolean ssoLogin = this.ssoLogin(request,response,config); | if(ssoLogin) | { | String requestURI = request.getRequestURI(); | String contextPath = request.getContextPath(); | SSOSession ssoSession = SSOSession.getSSOSession(request.getSession()); | ssoSession.setPrincipal(contextPath, | request.getSessionInternal(true).getPrincipal()); | wasSSOPerformed = true; | } | } | } | return wasSSOPerformed; | } | | /** | * | * @param request | * @param response | * @param config | * @return | * @throws IOException | */ | private boolean ssoLogin(Request request,Response response,LoginConfig config) | throws IOException | { | boolean success = false; | | Principal principal = null; | | // Validate any credentials already included with this request | String username = (String)request.getAttribute(SingleSignOn.SSO_USERNAME); | String password = (String)request.getAttribute(SingleSignOn.SSO_PASSWORD); | principal = this.context.getRealm().authenticate(username, password); | if (principal != null) | { | register(request, response, principal,"FORM",username, password); | success = true; | } | return success; | } | | | /** | * | */ | private String getPassword(String username) throws Exception | { | String password = null; | | //perform check against JBoss' central identity data (stored in LDAP) | IdentityProvider provider = IdentityManager.findProvider(); | | if( | provider.exists(username) | ) | { | Identity identity = provider.read(username); | password = new String(identity.getPassword()); | } | | return password; | } | } | Hope this helps Thanks Sohil View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959707#3959707 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3959707 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
