Nerad bych se mylil, ale prenos credentials z klienta na server neni postihnut J2EE specifikaci. Proto musis pouzit podpurnou jaas klient knihovnu z daneho aplikacniho serveru.
Mej se, fil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roman Heinrich Sent: Monday, July 02, 2007 3:18 PM To: Java Subject: Re: JDBCRealm Zdravim, posielam Vam login modul z jednej aplikacie, skuste ho upravit pre Vase potreby: import java.util.List; import java.util.Map; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.FailedLoginException; import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; public class MyLoginModule implements LoginModule { private Log log = LogFactory.getLog(MyLoginModule .class); // initial state private Subject subject; private CallbackHandler callbackHandler; private Map sharedState; private Map options; // configurable option private boolean debug = false; // the authentication status private boolean succeeded = false; private boolean commitSucceeded = false; /** User login */ private String userLogin; /** User password */ private char[] userPassword; /** My principal, ktory budem vytvarat */ private MyPrincipal userPrincipal; /** Role pre daneho principala */ private MyRolesPrincipal[] groupRoles; /** Inicializator login modulu, tomcatovsky LoginContext podsuva parametre */ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { this.subject = subject; this.callbackHandler = callbackHandler; this.sharedState = sharedState; this.options = options; // initialize any configured options debug = "true".equalsIgnoreCase((String)options.get("debug")); } /** Vola sa, ked vo formulari uzivatel zada login, password a submitne. * @throws LoginException - Ak zlyhala napr. databaza pri loginovani. * @throws FailedLoginException - Ak uzivatel zadal zle meno/heslo */ public boolean login() throws LoginException { if (debug) { log.info("["+this.getClass().getName()+"] entering login"); } // prompt for a user name and password if (callbackHandler == null) throw new LoginException("Error: no CallbackHandler available " + "to garner authentication information from the user"); Callback[] callbacks = new Callback[2]; callbacks[0] = new NameCallback("user name: "); callbacks[1] = new PasswordCallback("password: ", false); try { if (debug) log.info("Executing callbackHandler.handle"); callbackHandler.handle(callbacks); if (debug) log.info("Getting userLogin from callbacks"); userLogin = ((NameCallback)callbacks[0]).getName(); if (debug) log.info("userLogin: "+userLogin); if (debug) log.info("Getting tmpPassword from callbacks"); char[] tmpPassword = ((PasswordCallback)callbacks[1]).getPassword(); if (tmpPassword == null) { // treat a NULL password as an empty password if (debug) log.info("tmpPassword is null"); tmpPassword = new char[0]; if (debug) log.info("setting tmpPassword to empty string"); } userPassword = new char[tmpPassword.length]; System.arraycopy(tmpPassword, 0, userPassword, 0, tmpPassword.length); if (debug) log.info("calling callbacks[1].clearPassword"); ((PasswordCallback)callbacks[1]).clearPassword(); } catch (java.io.IOException ioe) { throw new LoginException(ioe.toString()); } catch (UnsupportedCallbackException uce) { throw new LoginException("Error: " + uce.getCallback().toString() + " not available to garner authentication information " + "from the user"); } // print debugging information if (debug) { log.info("\t\t[GeneraliLoginModule] " + "user entered user name: " + userLogin); log.info("\t\t[GeneraliLoginModule] " + "user entered password: "); String s = ""; for (int i = 0; i < userPassword.length; i++) s += userPassword[i]; log.info(s); } // verify the username/password if (debug) log.info("Calling MyLoginOperations.isUserAvailable"); boolean usernameCorrect = MyLoginOperations.isUserAvailable(userLogin,new String(userPassword)); if (usernameCorrect) { succeeded = true; if (debug) log.info("User authenticated successfully"); } else { if (debug) log.info("User authentication failed, incorrect username or password"); succeeded = false; userLogin = null; for (int i = 0; i < userPassword.length; i++) userPassword[i] = ' '; userPassword = null; throw new FailedLoginException("User Name or Password Incorrect"); } if (debug) { log.info("["+this.getClass().getName()+"] leaving login"); } return true; } /** Tato funkcia sa vola, ked login() prebehol v poriadku. * Nastavuje sa security subject a uzivatelove security role * @throws LoginException, ak zlyhalo natahovanie security roli, alebo ziskavanie user id * @return true - ak vsetko prebehlo v poriadku, false ak nie */ public boolean commit() throws LoginException { if (debug) { log.info("["+this.getClass().getName()+"] entering commit"); } if (succeeded == false) { if (debug) log.info("Autenthication of user failed, leaving commit"); return false; } else { if (debug) log.info("Calling MyLoginOperations.getUserId"); int userId = MyLoginOperations.getUserId(userLogin); if (debug) log.info("Calling MyLoginOperations.getUserFullName"); String fullName = MyLoginOperations.getUserFullName(userId); if (debug) log.info("Calling MyLoginOperations.getUserSecurityRoles"); List userRoles = MyLoginOperations.getUserSecurityRoles(userId); userPrincipal = new MyPrincipal(userLogin,fullName,userId,UserSettingsDataBean.getInstance().get UserLocale()); if (debug) log.info("Setting MyPrincipal and MyRolesPrincipal to security subject"); if (!subject.getPrincipals().contains(userPrincipal)) { subject.getPrincipals().add(userPrincipal); groupRoles = new MyRolesPrincipal[userRoles.size()]; for (int i = 0; i < userRoles.size(); i++) { groupRoles[i] = new MyRolesPrincipal((String)userRoles.get(i)); subject.getPrincipals().add(groupRoles[i]); } } if (debug) { if (debug) log.info("Setting MyPrincipal and MyRolesPrincipal to security subject succeded"); } // in any case, clean out state userLogin = null; for (int i = 0; i < userPassword.length; i++) userPassword[i] = ' '; userPassword = null; commitSucceeded = true; if (debug) { log.info("["+this.getClass().getName()+"] leaving commit"); } return true; } } /** Funkcia je volana, ked celkova autentifikacia LoginContextu zlyhala. * @throws LoginException, ked zlyha nieco vo funkcii abort, zatial nevyuzite * @return false, ak login alebo commit zlyhal, true inak. */ public boolean abort() throws LoginException { if (debug) { log.info("["+this.getClass().getName()+"] entering abort"); } if (succeeded == false) { return false; } else if (succeeded == true && commitSucceeded == false) { // login succeeded but overall authentication failed succeeded = false; userLogin = null; if (userPassword != null) { for (int i = 0; i < userPassword.length; i++) userPassword[i] = ' '; userPassword = null; } userPrincipal = null; groupRoles = null; } else { // overall authentication succeeded and commit succeeded, // but someone else's commit failed logout(); } if (debug) { log.info("["+this.getClass().getName()+"] leaving abort"); } return true; } /** Odhlasi uzivatela, vymaze user a roles principalov zo security subjektu. * @throws LoginException ak zlyha logout. * @return true, vzdy */ public boolean logout() throws LoginException { if (debug) { log.info("["+this.getClass().getName()+"] entering logout"); } if (debug) log.info("Removing MyPrincipal [name: "+userPrincipal.getName()+"] "); subject.getPrincipals().remove(userPrincipal); for (int i = 0, n = groupRoles.length; i < n; i++) { if (debug) log.info("Removing MyRolesPrincipal [name: "+groupRoles[i].getName()+"] "); subject.getPrincipals().remove(groupRoles[i]); } succeeded = false; succeeded = commitSucceeded; userLogin = null; if (userPassword != null) { for (int i = 0; i < userPassword.length; i++) userPassword[i] = ' '; userPassword = null; } userPrincipal = null; groupRoles = null; if (debug) { log.info("["+this.getClass().getName()+"] leaving logout"); } return true; } } Ales Dostal wrote: > Zkousel jsem to jak pisete, dokonce jsem nasel i nejake materialy + tu > knihu, co mi poslal kolega pod Vami. > Problem je, ze se mi to stale nedari, pri login() mi vyhazuje vyjimku: > 2.7.2007 14:52:56 com.sun.appserv.security.AppservPasswordLoginModule > login > SEVERE: SEC1105: A PasswordCredential was required but not provided. > javax.security.auth.login.LoginException: No credentials. > > Zkousel jsem nastavit i PasswordCredentials: > Subject sub = new Subject(); > sub.getPrivateCredentials().add(new PasswordCredential("ales", > "heslo".toCharArray())); > LoginContext lc = new LoginContext("fileRealm", sub); > > lc.login(); > a stejne mi vyhodi chybu. Ten conf soubor nastaven mam jako: > System.setProperty("java.security.auth.login.config", > "C:\\dev\\login.conf"); > > Tak jsem sem se dostal, ale nechapu, proc porad hlasi, ze neposkytuje > PasswordCredentials :/ > Zkousel jsem samozrejme i callbackhandler, ale take bez uspechu: > > public MyCallBackHand(String name, String pass) { > this.name = name; > this.pass = pass; > } > > public void handle(Callback[] callbacks) throws > java.io.IOException, UnsupportedCallbackException { > for(int i = 0; i < callbacks.length; i++) { > if (callbacks[i] instanceof NameCallback) { > > ((NameCallback)callbacks[i]).setName(this.name); > } else if(callbacks[i] instanceof PasswordCallback) { > > ((PasswordCallback)callbacks[i]).setPassword(this.pass.toCharArray()); > } else { > System.out.println(callbacks[i].getClass().getName()); > } } > } > > Myslim, ze uz to bude nejakou kravinou, ale asi dost zasadni. > Zkousim se pripojit klasicky jen na fileRealm. V conf souboru mam toto: > fileRealm { > com.sun.enterprise.security.auth.login.FileLoginModule required; > }; > > v java class: > Subject sub = new Subject(); > sub.getPrivateCredentials().add(new PasswordCredential("ales", > "heslo".toCharArray())); > LoginContext lc = new LoginContext("fileRealm", sub); > > a > lc.login(); > > Vyhodi vyjimku: > 2.7.2007 14:52:56 com.sun.appserv.security.AppservPasswordLoginModule > login > SEVERE: SEC1105: A PasswordCredential was required but not provided. > javax.security.auth.login.LoginException: No credentials > > Uz jsem zoufalej, asi se na JAAS vykaslu :( > > > > ________ Information from NOD32 ________ > This message was checked by NOD32 Antivirus System for Linux Mail > Servers. > http://www.eset.com > > > __________ Informacia od NOD32 2368 (20070701) __________ > > Tato sprava bola preverena antivirusovym systemom NOD32. > http://www.eset.sk > > >
