Let me add some information. It may be helpful.
We used some time ago weblogic and now we are "translating" our code to JBOSS. And
there is one important point - SECURITY. We are tring to remake security using JAAS
tchnology.... And we used java.security.LoginModule to create new LoginModule for
JBOSS but not UsernamePasswordLoginModule (May be we are on a wrong way?). And this is
our LoginModule:
| package XXXXXX.security;
|
| import org.jboss.logging.Logger;
| import org.jboss.security.NestableGroup;
|
| import javax.security.auth.login.LoginException;
| import javax.security.auth.Subject;
| import javax.security.auth.spi.LoginModule;
| import javax.security.auth.callback.*;
| import java.util.Map;
| import java.util.Set;
| import java.util.Iterator;
| import java.io.IOException;
| import java.security.acl.Group;
| import java.security.Principal;
|
| public class XXXXXXLoginModule implements LoginModule
| {
| private Subject subject = null;
| private CallbackHandler callbackHandler = null;
| private Map sharedState=null;
| private Map options=null;
| private boolean useFirstPass = false;
| private boolean loginOK = false;
|
| private UserPrincipal userPrincipal = null;
|
| private static final Logger log = Logger.getLogger(XXXXXXLoginModule.class);
|
| public void initialize(Subject subject, CallbackHandler callbackHandler,
| Map sharedState, Map options)
| {
| this.subject = subject;
| this.callbackHandler = callbackHandler;
| this.sharedState = sharedState;
| this.options = options;
| String passwordStacking = (String) options.get("password-stacking");
| if( passwordStacking != null &&
passwordStacking.equalsIgnoreCase("useFirstPass") )
| useFirstPass = true;
|
| log.debug("initialized! caller = "+callbackHandler.getClass().getName());
| log.debug("subject = "+subject.getClass().getName());
| }
|
| public boolean login() throws LoginException
| {
| String[] info = getUserAndPassword();
| userPrincipal = new UserPrincipal(info[0]);
| loginOK = info[0]==null?false:info[0].equals(info[1]);
| log.debug("loginOK="+loginOK);
| return loginOK;
| }
|
| public boolean abort() throws LoginException
| {
| return true;
| }
|
| public boolean commit() throws LoginException
| {
| if(loginOK)
| {
| Set principals = subject.getPrincipals();
| principals.add(userPrincipal);
|
| for (Iterator it = principals.iterator(); it.hasNext();)
| {
| Principal principal = (Principal) it.next();
|
| }
|
| Role role = new Role("Roles");
| role.addMember(userPrincipal);
| principals.add(role);
| log.debug("Added "+userPrincipal+" class:
"+userPrincipal.getClass().getName()+" to group "+role.getName());
| return true;
| }
| else
| {
| return false;
| }
| }
|
| public boolean logout() throws LoginException
| {
| subject.getPrincipals(UserPrincipal.class).remove(userPrincipal);
| return true;
| }
|
| private String[] getUserAndPassword() throws LoginException
| {
| String[] ret = new String[2];
| if(callbackHandler==null)
| {
| throw new LoginException("Callback handler = null");
| }
| NameCallback nameCallback = new NameCallback("Name:","guest");
| PasswordCallback passwordCallback = new
PasswordCallback("Password:",false);
| try
| {
| callbackHandler.handle(new Callback[]{nameCallback,passwordCallback});
| String name = nameCallback.getName();
| String password = null;
| char[] tmpPassword = passwordCallback.getPassword();
| char[] tmpPassword2 = new char[tmpPassword.length];
| System.arraycopy(tmpPassword,0,tmpPassword2,0,tmpPassword.length);
| password=new String(tmpPassword2);
| ret[0]=name;
| ret[1]=password;
| }
| catch (IOException e)
| {
| throw new LoginException("Can't handle callbacks: "+e);
| }
| catch (UnsupportedCallbackException e)
| {
| throw new LoginException("Can't handle callbacks: "+e);
| }
| return ret;
| }
|
| protected Group createGroup(String name, Set principals)
| {
| Group roles = null;
| Iterator iter = principals.iterator();
| while( iter.hasNext() )
| {
| Object next = iter.next();
| if( (next instanceof Group) == false )
| continue;
| Group grp = (Group) next;
| if( grp.getName().equals(name) )
| {
| roles = grp;
| break;
| }
| }
| // If we did not find a group create one
| if( roles == null )
| {
| roles = new Role(name);
| principals.add(roles);
| }
| return roles;
| }
|
|
| }
|
Subject was created corretly(?). I check this by:
| <%
| Subject subject = SecurityAssociation.getSubject();
| Iterator it = subject.getPrincipals().iterator();
| out.println("subject!");
| while (it.hasNext())
| {
| Object o = (Object) it.next();
| out.println("object="+o+" ");
| out.println("class="+o.getClass().getName()+"<br>");
| }
| %>
|
result:
| subject: object=qwe class=XXXXXX.security.UserPrincipal
| object=Roles(members) class=XXXXXX.security.Role
|
Where is the problem? Why after "request.getPrincipal()" I get "SimplePrincipal"?
P.S. XXXXXX - our packages
<a
href="http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3823836#3823836";>View
the original post</a>
<a
href="http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3823836>Reply
to the post</a>
-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
