Zdravim, netreba sa vzdavat, posielam Vam vycuc z kodu, ako sa
prihlasuje a posiela subject do kontainera v jbosse:
public class MBeanServiceIdentity {
private static final Log log =
LogFactory.getLog(MBeanServiceIdentity.class);
private Subject subj;
private LoginContext lctx;
private static final String SECURITY_DOMAIN_LC_ID = "icoreadmin";
public MBeanServiceIdentity()
{
subj = null;
lctx = null;
}
/**
* Authenticate user to security subject. This function uses nearly
same login mechanism as standard login.
* @param userName
* @param password
* @throws MBeanServiceIdentitySecurityException Thrown when
userName,password is null
*/
public void authenticateUser(String userName,
String password) throws
MBeanServiceIdentitySecurityException
{
log.debug("entering authenticateUser");
subj = new Subject();
try {
lctx = new LoginContext(SECURITY_DOMAIN_LC_ID,
subj,
new
MBeanServiceIndentityCallbackHandler(userName,password)
);
lctx.login();
IshopPrincipal p = getCurrentUserForMBean();
log.debug("Authenticated user (Ishop principal id:
"+p.getId()+")");
log.debug("Adding principal to SecurityAssociation");
org.jboss.security.SecurityAssociation.pushSubjectContext(subj,p,password);
} catch (LoginException e)
{
log.error(e.getLocalizedMessage(),e);
throw new
MBeanServiceIdentitySecurityException(e.getLocalizedMessage());
}
}
/**
* Returns current authenticated user in security subject of this class.
* @return current authenticated user in security subject of this class.
* @throws MBeanServiceIdentitySecurityException Thrown when
authenticateUser function was not called or no principals found.
*/
public IshopPrincipal getCurrentUserForMBean() throws
MBeanServiceIdentitySecurityException
{
log.debug("entering getCurrentUserForMBean");
assertVars();
Set sPrincipals = subj.getPrincipals(IshopPrincipal.class);
if ((sPrincipals == null)
|| ((sPrincipals != null)&&(sPrincipals.size() == 0))
)
{
throw new MBeanServiceIdentitySecurityException("no
principals in security subject in MBean service after successfull login
???");
}
Object o = sPrincipals.iterator().next();
if (!(o instanceof IshopPrincipal))
{
throw new MBeanServiceIdentitySecurityException("returned
principal is not instance of IshopPrincipal !!!");
}
log.info("Obtained IshopPrincipal id:
"+((IshopPrincipal)o).getId());
return (IshopPrincipal)o;
}
/**
* Unbinds user from security subject of this class.
* @throws MBeanServiceIdentitySecurityException Thrown when logout
failed or authenticateUser method was not called.
*/
public void logoutUser() throws MBeanServiceIdentitySecurityException
{
log.debug("entering logoutUser");
assertVars();
try {
log.debug("Trying to perform user logout");
lctx.logout();
log.debug("User logout successfull");
log.debug("Security association clear");
org.jboss.security.SecurityAssociation.clear();
} catch (Exception e) {
log.error(e.getLocalizedMessage(),e);
throw new
MBeanServiceIdentitySecurityException(e.getLocalizedMessage());
}
subj = null;
lctx = null;
}
private void assertVars() throws MBeanServiceIdentitySecurityException
{
if ((subj == null) || (lctx == null))
{
throw new MBeanServiceIdentitySecurityException("Empty
subject or loginContext, propably authenticateUser method not called!");
}
}
}
dolezite su na tom tieto riadky:
org.jboss.security.SecurityAssociation.pushSubjectContext(subj,p,password);
// povieme, ze tento subject z principalom je autentifikovany
a
org.jboss.security.SecurityAssociation.clear(); // zrusime daneho usera
staci, ak vo vasom AS (ak pouzivate iny ako jboss) najdete sposob, ako
toto spravit.
Odporucam si pozriet API k danemu aplikacu, urcite to tam je.
Ales Dostal wrote:
Diky,
po pravde je to dalsi vec, na kterou jsem se koukal a jako loginModule
je treba extendovat "AppservPasswordLoginModule".
Uprimne, stravil jsem tim asi 5 dni a stale bez vysledku.
Sice je to asi spatny postup, ale pouziji Statefull beanu a budu ji
pouzivat jako authentifikaci.
Prijde mi to naprosto silene. Nikde na netu jsem nenasel nejaky vhodny
tutorial na tuto problematiku.
Implementace se hodne lisi od pouziteho AS.
Vsem zucastnenym dekuji za pomoc, i kdyz jsem asi tele, ze jsem na to
neprisel, jak to udelat :(
Takze cilem cviceni bylo: Mam swing aplikaci, ktera vzdalene vola EJB3
z glassfishe.
Chtel jsem nejak naimplementovat Authentifikaci pres swingovy
prihlasovaci formular, ktery by se mi prihlasil
pres JAAS. Jako realm jsem zvolil JDBCRealm, kde mam namapovany
tabulky pro uzivatele, skupiny, atd.
Tak, potud je mi vse jasne.
Ted ty zpusoby:
System.setProperty("java.security.auth.login.config",
"C:\\dev\\login.conf");
kde v souboru je:
jdbcRealm {
com.sun.enterprise.security.auth.login.JDBCLoginModule required;
};
popripade vlastni login module
Pomoci LoginContext... se pripojim, super, ale na serveru jsem stale
jako anonymous.
Pak jsem zkousel programmatic login, pak pres
context.security_credentials, pak pres vlastni realm, stale nic.
Kdyz jsem zkousel pouzit obycejny fileRealm z klienta, tak pri
prihlasovani jsem obdrzel:
SEVERE: SEC1105: A PasswordCredential was required but not provided.
Opet bez uspechu.
Abych to tak nejak shrnul, nasel jsem nekolik moznosti, z nichz ani
jeden nefunguje.
Docela me to stve, protoze jsem jaas-context chtel vyuzit k dalsim
moznostem.
Asi jsem vazne lama, ale prijde mi to naprosto priserne slozite, jak
vyresit takto obycejny problem.
Pokud by nekdo vedel, jak "presne" vyresit authentifikaci ze swing
klienta do glassfishe, aby ejb byly schopne inicializovat prihlaseneho
usera s danou roli, grupou, atd.
Diky vsem za pomoc.
P.S. Zacnu JAAS asi nenavidet :(
________ Information from NOD32 ________
This message was checked by NOD32 Antivirus System for Linux Mail
Servers.
http://www.eset.com
__________ Informacia od NOD32 2368 (20070701) __________
Tato sprava bola preverena antivirusovym systemom NOD32.
http://www.eset.sk
