Nerad bych se mylil, ale prenos credentials z klienta na server neni
postihnut J2EE specifikaci. Proto musis pouzit podpurnou jaas klient
knihovnu z daneho aplikacniho serveru.
Mej se,
fil
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Roman Heinrich
Sent: Monday, July 02, 2007 3:18 PM
To: Java
Subject: Re: JDBCRealm
Zdravim,
posielam Vam login modul z jednej aplikacie, skuste ho upravit pre Vase
potreby:
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public class MyLoginModule implements LoginModule {
private Log log = LogFactory.getLog(MyLoginModule .class);
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
// configurable option
private boolean debug = false;
// the authentication status
private boolean succeeded = false;
private boolean commitSucceeded = false;
/** User login
*/
private String userLogin;
/** User password
*/
private char[] userPassword;
/** My principal, ktory budem vytvarat
*/
private MyPrincipal userPrincipal;
/** Role pre daneho principala
*/
private MyRolesPrincipal[] groupRoles;
/** Inicializator login modulu, tomcatovsky LoginContext podsuva
parametre
*/
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
// initialize any configured options
debug = "true".equalsIgnoreCase((String)options.get("debug"));
}
/** Vola sa, ked vo formulari uzivatel zada login, password a submitne.
* @throws LoginException - Ak zlyhala napr. databaza pri loginovani.
* @throws FailedLoginException - Ak uzivatel zadal zle meno/heslo
*/
public boolean login() throws LoginException {
if (debug)
{
log.info("["+this.getClass().getName()+"] entering login");
}
// prompt for a user name and password
if (callbackHandler == null)
throw new LoginException("Error: no CallbackHandler available " +
"to garner authentication information from the user");
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("user name: ");
callbacks[1] = new PasswordCallback("password: ", false);
try {
if (debug) log.info("Executing callbackHandler.handle");
callbackHandler.handle(callbacks);
if (debug) log.info("Getting userLogin from callbacks");
userLogin = ((NameCallback)callbacks[0]).getName();
if (debug) log.info("userLogin: "+userLogin);
if (debug) log.info("Getting tmpPassword from callbacks");
char[] tmpPassword = ((PasswordCallback)callbacks[1]).getPassword();
if (tmpPassword == null) {
// treat a NULL password as an empty password
if (debug) log.info("tmpPassword is null");
tmpPassword = new char[0];
if (debug) log.info("setting tmpPassword to empty
string");
}
userPassword = new char[tmpPassword.length];
System.arraycopy(tmpPassword, 0,
userPassword, 0, tmpPassword.length);
if (debug) log.info("calling callbacks[1].clearPassword");
((PasswordCallback)callbacks[1]).clearPassword();
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException("Error: " + uce.getCallback().toString() +
" not available to garner authentication information " +
"from the user");
}
// print debugging information
if (debug) {
log.info("\t\t[GeneraliLoginModule] " +
"user entered user name: " +
userLogin);
log.info("\t\t[GeneraliLoginModule] " +
"user entered password: ");
String s = "";
for (int i = 0; i < userPassword.length; i++)
s += userPassword[i];
log.info(s);
}
// verify the username/password
if (debug) log.info("Calling MyLoginOperations.isUserAvailable");
boolean usernameCorrect =
MyLoginOperations.isUserAvailable(userLogin,new String(userPassword));
if (usernameCorrect)
{
succeeded = true;
if (debug) log.info("User authenticated successfully");
}
else
{
if (debug) log.info("User authentication failed, incorrect
username or password");
succeeded = false;
userLogin = null;
for (int i = 0; i < userPassword.length; i++)
userPassword[i] = ' ';
userPassword = null;
throw new FailedLoginException("User Name or Password Incorrect");
}
if (debug)
{
log.info("["+this.getClass().getName()+"] leaving login");
}
return true;
}
/** Tato funkcia sa vola, ked login() prebehol v poriadku.
* Nastavuje sa security subject a uzivatelove security role
* @throws LoginException, ak zlyhalo natahovanie security roli,
alebo ziskavanie user id
* @return true - ak vsetko prebehlo v poriadku, false ak nie
*/
public boolean commit() throws LoginException {
if (debug)
{
log.info("["+this.getClass().getName()+"] entering commit");
}
if (succeeded == false) {
if (debug) log.info("Autenthication of user failed, leaving
commit");
return false;
} else {
if (debug) log.info("Calling
MyLoginOperations.getUserId");
int userId = MyLoginOperations.getUserId(userLogin);
if (debug) log.info("Calling
MyLoginOperations.getUserFullName");
String fullName = MyLoginOperations.getUserFullName(userId);
if (debug) log.info("Calling
MyLoginOperations.getUserSecurityRoles");
List userRoles =
MyLoginOperations.getUserSecurityRoles(userId);
userPrincipal = new
MyPrincipal(userLogin,fullName,userId,UserSettingsDataBean.getInstance().get
UserLocale());
if (debug) log.info("Setting MyPrincipal and
MyRolesPrincipal to security subject");
if (!subject.getPrincipals().contains(userPrincipal))
{
subject.getPrincipals().add(userPrincipal);
groupRoles = new MyRolesPrincipal[userRoles.size()];
for (int i = 0; i < userRoles.size(); i++)
{
groupRoles[i] = new
MyRolesPrincipal((String)userRoles.get(i));
subject.getPrincipals().add(groupRoles[i]);
}
}
if (debug) {
if (debug) log.info("Setting MyPrincipal and
MyRolesPrincipal to security subject succeded");
}
// in any case, clean out state
userLogin = null;
for (int i = 0; i < userPassword.length; i++)
userPassword[i] = ' ';
userPassword = null;
commitSucceeded = true;
if (debug)
{
log.info("["+this.getClass().getName()+"] leaving commit");
}
return true;
}
}
/** Funkcia je volana, ked celkova autentifikacia LoginContextu zlyhala.
* @throws LoginException, ked zlyha nieco vo funkcii abort, zatial
nevyuzite
* @return false, ak login alebo commit zlyhal, true inak.
*/
public boolean abort() throws LoginException {
if (debug)
{
log.info("["+this.getClass().getName()+"] entering abort");
}
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
// login succeeded but overall authentication failed
succeeded = false;
userLogin = null;
if (userPassword != null) {
for (int i = 0; i < userPassword.length; i++)
userPassword[i] = ' ';
userPassword = null;
}
userPrincipal = null;
groupRoles = null;
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}
if (debug)
{
log.info("["+this.getClass().getName()+"] leaving abort");
}
return true;
}
/** Odhlasi uzivatela, vymaze user a roles principalov zo security
subjektu.
* @throws LoginException ak zlyha logout.
* @return true, vzdy
*/
public boolean logout() throws LoginException {
if (debug)
{
log.info("["+this.getClass().getName()+"] entering logout");
}
if (debug) log.info("Removing MyPrincipal [name:
"+userPrincipal.getName()+"] ");
subject.getPrincipals().remove(userPrincipal);
for (int i = 0, n = groupRoles.length; i < n; i++)
{
if (debug) log.info("Removing MyRolesPrincipal [name:
"+groupRoles[i].getName()+"] ");
subject.getPrincipals().remove(groupRoles[i]);
}
succeeded = false;
succeeded = commitSucceeded;
userLogin = null;
if (userPassword != null) {
for (int i = 0; i < userPassword.length; i++)
userPassword[i] = ' ';
userPassword = null;
}
userPrincipal = null;
groupRoles = null;
if (debug)
{
log.info("["+this.getClass().getName()+"] leaving logout");
}
return true;
}
}
Ales Dostal wrote:
Zkousel jsem to jak pisete, dokonce jsem nasel i nejake materialy + tu
knihu, co mi poslal kolega pod Vami.
Problem je, ze se mi to stale nedari, pri login() mi vyhazuje vyjimku:
2.7.2007 14:52:56 com.sun.appserv.security.AppservPasswordLoginModule
login
SEVERE: SEC1105: A PasswordCredential was required but not provided.
javax.security.auth.login.LoginException: No credentials.
Zkousel jsem nastavit i PasswordCredentials:
Subject sub = new Subject();
sub.getPrivateCredentials().add(new PasswordCredential("ales",
"heslo".toCharArray()));
LoginContext lc = new LoginContext("fileRealm", sub);
lc.login();
a stejne mi vyhodi chybu. Ten conf soubor nastaven mam jako:
System.setProperty("java.security.auth.login.config",
"C:\\dev\\login.conf");
Tak jsem sem se dostal, ale nechapu, proc porad hlasi, ze neposkytuje
PasswordCredentials :/
Zkousel jsem samozrejme i callbackhandler, ale take bez uspechu:
public MyCallBackHand(String name, String pass) {
this.name = name;
this.pass = pass;
}
public void handle(Callback[] callbacks) throws
java.io.IOException, UnsupportedCallbackException {
for(int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
((NameCallback)callbacks[i]).setName(this.name);
} else if(callbacks[i] instanceof PasswordCallback) {
((PasswordCallback)callbacks[i]).setPassword(this.pass.toCharArray());
} else {
System.out.println(callbacks[i].getClass().getName());
} }
}
Myslim, ze uz to bude nejakou kravinou, ale asi dost zasadni.
Zkousim se pripojit klasicky jen na fileRealm. V conf souboru mam toto:
fileRealm {
com.sun.enterprise.security.auth.login.FileLoginModule required;
};
v java class:
Subject sub = new Subject();
sub.getPrivateCredentials().add(new PasswordCredential("ales",
"heslo".toCharArray()));
LoginContext lc = new LoginContext("fileRealm", sub);
a
lc.login();
Vyhodi vyjimku:
2.7.2007 14:52:56 com.sun.appserv.security.AppservPasswordLoginModule
login
SEVERE: SEC1105: A PasswordCredential was required but not provided.
javax.security.auth.login.LoginException: No credentials
Uz jsem zoufalej, asi se na JAAS vykaslu :(
________ Information from NOD32 ________
This message was checked by NOD32 Antivirus System for Linux Mail
Servers.
http://www.eset.com
__________ Informacia od NOD32 2368 (20070701) __________
Tato sprava bola preverena antivirusovym systemom NOD32.
http://www.eset.sk
__________ Informacia od NOD32 2368 (20070701) __________
Tato sprava bola preverena antivirusovym systemom NOD32.
http://www.eset.sk
