Toto jsem zkousel, zvlastni je, ze mi pote cela aplikace vytuhne :(
Na serveru mam realm (z domain.xml):
<auth-realm
classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"
name="dostal">
<property name="datasource-jndi" value="mysql/dostal"/>
<property name="user-table" value="uzivatele"/>
<property name="user-name-column" value="login"/>
<property name="password-column" value="heslo"/>
<property name="digest-algorithm" value="SHA-1"/>
<property name="jaas-context" value="jdbcRealm"/>
<property name="group-table" value="uzivatele_skupiny"/>
<property name="group-name-column" value="skupina"/>
</auth-realm>
================================================
Toto funguje v poradku. Ve chvili kdy neco zmenim, tak mi prestane
fungovat vlastni LoginModule.
U cele vetve security mam zapnuto: Default Principal To Role Mapping
V sun-ejb-jar.xml mam nasledujici:
<sun-ejb-jar>
<realm>dostal</realm>
<security-role-mapping>
<role-name>alesak</role-name>
<group-name>admin</group-name>
<principal-name>ales</principal-name>
</security-role-mapping>
</sun-ejb-jar>
================================================
Testovaci beana vypada nasledovne:
@Stateless
public class TestBean implements TestRemote {
@Resource
private SessionContext ctx;
/** Creates a new instance of TestBean */
public TestBean() {
}
public String getPozdrav() {
System.out.println(ctx.getCallerPrincipal().getName());
return "ahooooj";
}
}
================================================
v login.conf pro clienta mam nasledujici:
default {
irminsul.app.auth.LoginModuleIrminsul required;
};
================================================
nyni ta nejzajimavejsi cast :)
swing client:
ProgrammaticLogin login = new ProgrammaticLogin();
Context c = new InitialContext();
login.login("ales","pass");
TestRemote rem = (TestRemote) c.lookup("TestRemote");
pri volani mi to proste vytuhne :(
Samotny login module je nasledujici:
public class LoginModuleIrminsul implements LoginModule {
// initial state
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
// configurable option
private boolean debug = false;
// the authentication status
private boolean succeeded = false;
private boolean commitSucceeded = false;
// username and password
private String username;
private char[] password;
private IrminsulPrincipal principal;
/** Creates a new instance of LoginModuleIrminsul */
public LoginModuleIrminsul() {
}
public void initialize(Subject subject, CallbackHandler
callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
// initialize any configured options
debug = "true".equalsIgnoreCase((String)options.get("debug"));
}
public boolean login() throws LoginException {
if (callbackHandler == null) {
throw new LoginException("Error: no CallbackHandler
available " +
"to garner authentication information from the user");
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("user name: ");
callbacks[1] = new PasswordCallback("password: ", false);
// print debugging information
if (debug) {
System.out.println("\t\t[LoginModuleIrminsul] " +
"user entered user name: " +
username);
System.out.print("\t\t[LoginModuleIrminsul] " +
"user entered password: ");
for (int i = 0; i < password.length; i++) {
System.out.print(password[i]);
}
System.out.println();
}
try {
callbackHandler.handle(callbacks);
username = ((NameCallback)callbacks[0]).getName();
char[] tmpPassword =
((PasswordCallback)callbacks[1]).getPassword();
if (tmpPassword == null) {
// treat a NULL password as an empty password
tmpPassword = new char[0];
}
password = new char[tmpPassword.length];
System.arraycopy(tmpPassword, 0,
password, 0, tmpPassword.length);
((PasswordCallback)callbacks[1]).clearPassword();
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException("Error: " +
uce.getCallback().toString() +
" not available to garner authentication information " +
"from the user");
}
try {
UzivatelePrihlaseniRemote remote =
(UzivatelePrihlaseniRemote)
RemoteCallEJB.getEJB("UzivatelePrihlaseniRemote");
remote.prihlaseni(username, HashUtil.SHA1AsString(password));
succeeded = true;
} catch (RemoteCallEJBException ex) {
succeeded = false;
throw new LoginException(ex.getMessage());
} catch (UzivatelePrihlaseniException ex) {
succeeded = false;
throw new LoginException(ex.getMessage());
}
return true;
}
public boolean commit() throws LoginException {
if (succeeded == false) {
return false;
}
principal = new IrminsulPrincipal(username);
if (!subject.getPrincipals().contains(principal)) {
subject.getPrincipals().add(principal);
}
if (debug) {
System.out.println("\t\t[IrminsulLoginModule] " +
"added IrminsulPrincipal to Subject");
}
// in any case, clean out state
username = null;
for (int i = 0; i < password.length; i++) {
password[i] = ' ';
}
password = null;
commitSucceeded = true;
return true;
}
public boolean abort() throws LoginException {
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
// login succeeded but overall authentication failed
succeeded = false;
username = null;
if (password != null) {
for (int i = 0; i < password.length; i++)
password[i] = ' ';
password = null;
}
principal = null;
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}
return true;
}
public boolean logout() throws LoginException {
subject.getPrincipals().remove(principal);
succeeded = false;
succeeded = commitSucceeded;
username = null;
if (password != null) {
for (int i = 0; i < password.length; i++)
password[i] = ' ';
password = null;
}
principal = null;
return true;
}
}
public class IrminsulPrincipal implements Principal, Serializable {
private String name = null;
/** Creates a new instance of IrminsulPrincipal */
public IrminsulPrincipal(String name) {
if (name == null) {
throw new NullPointerException("illegal null input");
}
this.name = name;
}
public String getName() {
return name;
}
public String toString() {
return("IrminsulPrincipal: " + name);
}
public boolean equals(Object o) {
if (o == null)
return false;
if (this == o)
return true;
if (!(o instanceof IrminsulPrincipal))
return false;
IrminsulPrincipal that = (IrminsulPrincipal)o;
if (this.getName().equals(that.getName()))
return true;
return false;
}
public int hashCode() {
return name.hashCode();
}
}
Presto vsechno i kdyz pouziji ne programmatic login (ktery mi ani
nejde), ale:
LoginContext lc = new LoginContext("default", new MyCallBackHand("ales",
"pass"));
lc.login(); // zde uspech, prihlasen
Context c = new InitialContext();
TestRemote rem = (TestRemote) c.lookup("TestRemote");
// Tak mi app server konsole vypise: ANONYMOUS
Uprimne uz nevim co jineho mam kde nastavit. V podstate vse ostatni je
ve vychozim nastaveni. Koukal jsem se jeste do server.policy a tam je:
// Permissions to invoke CORBA objects in server
grant {
permission com.sun.enterprise.security.CORBAObjectPermission "*", "*";
};
+ ostatni
________ Information from NOD32 ________
This message was checked by NOD32 Antivirus System for Linux Mail Servers.
http://www.eset.com
