the UserPrinciple:
| package com.xxx.database;
|
| import java.security.Principal;
|
| /**
| *
| */
| public final class UserPrincipal implements Principal {
|
| private final String name;
|
| /**
| * @param nameIn
| *
| */
| public UserPrincipal(final String nameIn) {
| if (nameIn == null) {
| throw new IllegalArgumentException("No null principal
name accepted");
| }
| this.name = nameIn;
| }
|
| /**
| * @param o
| * Object
| * @return boolean aanderson Aug 7, 2007
| * @see java.lang.Object#equals(java.lang.Object)
| */
| @Override
| public boolean equals(final Object o) {
| if (o == this) {
| return true;
| }
| if (o instanceof Principal) {
| final Principal that = (Principal) o;
| return this.name.equals(that.getName());
| }
| return false;
| }
|
| /**
| * @return String
| * @see java.security.Principal#getName()
| */
| public String getName() {
| return this.name;
| }
|
| /**
| * @return int
| * @see java.lang.Object#hashCode()
| */
| @Override
| public int hashCode() {
| return this.name.hashCode();
| }
|
| /**
| * @return String
| * @see java.lang.Object#toString()
| */
| @Override
| public String toString() {
| return "PortalPrincipal[" + this.name + "]";
| }
| }
|
|
and the custom module:
| /**
| * HMIDataBaseLoginModule
| *
| */
| package com.xxx.database;
|
| import java.io.IOException;
| import java.security.acl.Group;
| import java.sql.SQLException;
| import java.util.Map;
|
| import javax.security.auth.Subject;
| import javax.security.auth.callback.Callback;
| import javax.security.auth.callback.CallbackHandler;
| import javax.security.auth.callback.NameCallback;
| import javax.security.auth.callback.UnsupportedCallbackException;
| import javax.security.auth.login.FailedLoginException;
| import javax.security.auth.login.LoginException;
|
| import org.jboss.security.auth.spi.DatabaseServerLoginModule;
|
| /**
| *
| */
| public final class HMIDataBaseLoginModule extends DatabaseServerLoginModule
{
|
| private static final org.apache.log4j.Logger LOG =
org.apache.log4j.Logger.getLogger(HMIDataBaseLoginModule.class);
| private String dsJndiName = "java:/OracleDS";
| // do not remove this field
| private UserPrincipal identity;
| //private long lockoutTime;;
| private int maxRetries;
|
| /**
| * @param subjectIn [EMAIL PROTECTED] Subject}
| * @param callbackHandlerIn [EMAIL PROTECTED] CallbackHandler}
| * @param sharedStateIn [EMAIL PROTECTED] Map}
| * @param optionsIn [EMAIL PROTECTED] Map}
| * @see
org.jboss.security.auth.spi.DatabaseServerLoginModule#initialize(javax.security.auth.Subject,
javax.security.auth.callback.CallbackHandler, java.util.Map, java.util.Map)
| */
| @Override
| public void initialize(final Subject subjectIn, final CallbackHandler
callbackHandlerIn, final Map sharedStateIn, final Map optionsIn) {
| super.initialize(subjectIn, callbackHandlerIn, sharedStateIn,
optionsIn);
| LOG.info("Initializing LoginModule");
| try {
| this.maxRetries = Integer.valueOf((String)
optionsIn.get("maxRetries")).intValue();
| this.dsJndiName = (String) optionsIn.get("dsJndiName");
| //this.lockoutTime = Long.valueOf((String)
optionsIn.get("lockTimeMillies")).longValue();
| this.callbackHandler = callbackHandlerIn;
| if (this.callbackHandler == null) {
| this.callbackHandler = new HMICallbackHandler();
| }
| } catch (final Throwable e) {
| HMIDataBaseLoginModule.LOG.error("Error initializing",
e);
| }
| HMIDataBaseLoginModule.LOG.debug("LoginModule initialized");
| }
|
| /**
| * @return boolean
| * @throws LoginException le
| *
| * @see org.jboss.security.auth.spi.UsernamePasswordLoginModule#login()
| */
| @Override
| public boolean login() throws LoginException {
| HMIDataBaseLoginModule.LOG.debug("in
HMIDataBaseLoginModule.login");
| if (this.callbackHandler == null) {
| throw new LoginException("No callback handler is
available");
| }
| if (super.login()) {
| // do not remove this line, super implementation needs
it
| final Object username =
this.sharedState.get("javax.security.auth.login.name");
| }
| final String name = this.getUsername();
| User user = null;
| try {
| user =
DatabaseLoginDAO.getDAO(this.dsJndiName).getThisUser(name);
| } catch (SQLException e) {
| super.loginOk = false;
| throw new FailedLoginException("Database lookup
failed");
| }
| if (user == null) {
| super.loginOk = false;
| throw new FailedLoginException("No such user");
| }
| if (user.isUserTermed()) {
| super.loginOk = false;
| throw new FailedLoginException("User is Termed");
| }
| final Callback[] callbacks = new Callback[1];
| callbacks[0] = new NameCallback("hmiLogin", name);
| String named = null;
| try {
| this.callbackHandler.handle(callbacks);
| named = ((NameCallback) callbacks[0]).getName();
| } catch (final IOException ioe) {
| throw new LoginException(ioe.toString());
| } catch (final UnsupportedCallbackException ce) {
| throw new LoginException("Error: " +
ce.getCallback().toString());
| }
| user = this.incrementCounter(user);
| if (this.getCounter(user) > this.maxRetries) {
| super.loginOk = false;
| throw new FailedLoginException("Account Locked, to many
failed attempts");
| }
| super.loginOk = true;
| this.incrementLoginCount(user);
| LOG.info("User succesfully logged in");
| return true;
| }
|
| /**
| * Subclass to use the PortalPrincipal to make the username easier to
retrieve by the portal.
| * @param username String
| * @return [EMAIL PROTECTED] UserPrincipal}
| * @throws Exception e
| * @see
org.jboss.security.auth.spi.AbstractServerLoginModule#createIdentity(java.lang.String)
| */
| @Override
| protected UserPrincipal createIdentity(final String username) throws
Exception {
| HMIDataBaseLoginModule.LOG.debug("LoginModule.createIdentity("
+ username + ")");
| return new UserPrincipal(username);
| }
|
| /**
| * @return Group[]
| * @throws LoginException le
| * @see
org.jboss.security.auth.spi.DatabaseServerLoginModule#getRoleSets()
| */
| @Override
| protected Group[] getRoleSets() throws LoginException {
| HMIDataBaseLoginModule.LOG.debug("LoginModule.getRoleSets");
| return
DatabaseLoginDAO.getDAO(this.dsJndiName).getRoleSets(this.getUsername());
| }
|
| /**
| * this method must be maintained do to super implementation
| * @return String the users password
| * @throws LoginException le
| * @see
org.jboss.security.auth.spi.DatabaseServerLoginModule#getUsersPassword()
| */
| @Override
| protected String getUsersPassword() throws LoginException {
|
HMIDataBaseLoginModule.LOG.debug("LoginModule.getUsersPassword");
| return
DatabaseLoginDAO.getDAO(this.dsJndiName).getUsersPassword(this.getUsername());
| }
|
| /**
| * @param inputPassword String
| * @param expectedPassword String
| * @return boolean
| * @see
org.jboss.security.auth.spi.UsernamePasswordLoginModule#validatePassword(java.lang.String,
java.lang.String)
| */
| @Override
| protected boolean validatePassword(final String inputPassword, final
String expectedPassword) {
| return
super.validatePassword(PasswordEncrypter.encrypt(inputPassword),
expectedPassword);
| }
|
| private int getCounter(final User user) {
| return user.getLoginAttempts();
| }
|
| private User incrementCounter(final User user) {
|
HMIDataBaseLoginModule.LOG.debug("LoginModule.incrementCounter");
| try {
| return
DatabaseLoginDAO.getDAO(this.dsJndiName).incrementLoginAttempts(user);
| } catch (final SQLException e) {
| HMIDataBaseLoginModule.LOG.error("Query failed" +
e.getMessage());
| }
| // don't ask why
| return user;
| }
|
| private void incrementLoginCount(final User user) {
|
HMIDataBaseLoginModule.LOG.debug("LoginModule.incrementLoginCount");
|
DatabaseLoginDAO.getDAO(this.dsJndiName).incrementLoginCount(user);
| }
|
| }
|
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4096762#4096762
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4096762
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
