I have written a very simple version of tagish NTSystemLogin to work with JBoss
and meet my requirements. I am not sure where best to post this code so I'll
paste it here.
package com.tagish.auth.win32;
import org.jboss.security.auth.spi.*;
import org.jboss.security.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.tagish.auth.Utils;
import java.util.*;
import javax.security.auth.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.LoginException;
import java.security.acl.Group;
import java.security.Principal;
public class JBossNTSystemLogin extends AbstractServerLoginModule {
// Native object
protected NTSystem ntSystem;
protected String defaultDomain = null;
protected Log logit= LogFactory.getLog(this.getClass());
public void initialize(Subject subject, CallbackHandler
callbackHandler, Map sharedState, Map options)
{
super.initialize(subject,callbackHandler,sharedState,options);
// Construct the native proxy
ntSystem = new NTSystem();
ntSystem.checkVersion();
// get the options
defaultDomain = (String) options.get("default-domain");
}
protected Principal getIdentity(){
return new SimplePrincipal(ntSystem.getName());
}
protected Group[] getRoleSets() throws LoginException{
Group[] roleSets = { new SimpleGroup( "Roles" ) };
// get NT group names
// make the group names upper case for future comparison
String[] groups = ntSystem.getGroupNames(false);
if (logit.isDebugEnabled())
logit.debug(new StringBuffer("Build roles group "));
for (int g = 0; groups != null && g < groups.length; g++) {
if (groups[g] != null) {
String upperRole = groups[g].toUpperCase();
roleSets[ 0 ].addMember( new
SimplePrincipal(upperRole) );
if (logit.isDebugEnabled())
logit.debug(new
StringBuffer(upperRole).append(" added"));
}
}
return roleSets;
}
public boolean login() throws LoginException
{
// username and password
String username;
char password[] = null;
String domain;
try {
// prompt for a username and password
if (callbackHandler == null)
throw new LoginException("Error: no
CallbackHandler available to garner authentication information from the user");
Callback[] callbacks = new
Callback[defaultDomain == null ? 3 : 2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password:
", false);
if (defaultDomain == null) {
callbacks[2] = new
TextInputCallback("Domain: ");
}
try {
callbackHandler.handle(callbacks);
// Get username...
username = ((NameCallback)
callbacks[0]).getName();
// ...password...
password = ((PasswordCallback)
callbacks[1]).getPassword();
((PasswordCallback)callbacks[1]).clearPassword();
// ...and domain.
if (defaultDomain == null) {
domain = ((TextInputCallback)
callbacks[2]).getText();
} else {
domain = defaultDomain;
}
if (domain != null && domain.length()
== 0) {
domain = null;
}
} catch (java.io.IOException ioe) {
throw new
LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException("Error: " +
uce.getCallback().toString() +
" not available to garner
authentication information from the user");
}
// Attempt to logon using the supplied
credentials
ntSystem.logon(username, password, domain);
// may throw
loginOk = true;
if (logit.isDebugEnabled())
logit.debug(new
StringBuffer("Successful NT authentication for user ").append(
username).append(" on domain
").append(domain));
if (getUseFirstPass() == true) {
// Add the username and password to the
shared state map
sharedState.put("javax.security.auth.login.name", username);
sharedState.put("javax.security.auth.login.password", password);
}
} finally {
Utils.smudge(password);
}
return super.login();
}
}
**********************************
The login-config.xml entries are:
<application-policy name = "NTLogin">
<login-module code = "com.tagish.auth.win32.JBossNTSystemLogin"
flag = "required">
<module-option name =
"default-domain">yourntdomainname</module-option>
<module-option name =
"password-stacking">useFirstPass</module-option>
</login-module>
</application-policy>
I hope this is of help to somebody.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3864621#3864621
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3864621
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
