LoginModule ignored Credentials with Custom LoginModule

Mon, 02 Apr 2012 09:36:05 -0700 

Hello,

I've run into some trouble developing a custom LoginModule for a database
based authentication (for testing h2).
As a base I've used the SimpleLoginModule and adapted the Authentication
object
returned by getAuthentication();
This results in the following code:

    @Override
    protected Authentication getAuthentication(Principal principal,
Credentials creds) throws RepositoryException {
        if (principal instanceof Group) {
            return null;
        }
        return new Authentication() {
            public boolean canHandle(Credentials credentials) {
                return true;
            }
            public boolean authenticate(Credentials credentials) throws
RepositoryException {
                boolean authenticated = false;

                try {
                    SimpleCredentials creds = (SimpleCredentials)
credentials;

                    if(creds.getUserID().equals("admin")) return true;
                    if(creds.getUserID().equals("anonymous")) return true;

                    byte[] password = null;
                    int salt = 0;

                    Class.forName("org.h2.Driver");
                    Connection  db =
DriverManager.getConnection("jdbc:h2:~/h2", "sa", "sa");

                    PreparedStatement query;
                    query = db.prepareStatement("SELECT * FROM Users WHERE
username = ?");
                    query.setString(1, creds.getUserID());
                    ResultSet result = query.executeQuery();

                    boolean found = result.next();
                    if(found) {
                        password = result.getBytes("password");
                        salt = result.getInt("salt");

                        MessageDigest md =
MessageDigest.getInstance("SHA-256");
                        String saltedPassword = (new
String(creds.getPassword())) + salt;
                        System.out.println(saltedPassword);
                        md.update(saltedPassword.getBytes());
                        byte[] digest = md.digest();


                        if(Arrays.equals(password, digest)) {

                            authenticated = true;
                        }
                    }
                } catch (SQLException e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                } catch (ClassNotFoundException e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                } catch (NoSuchAlgorithmException e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                }

                return authenticated;
            }
        };
    }

The authentication works (authenticated is set to true). Nevertheless I get
the following exception:

javax.jcr.LoginException: LoginModule ignored Credentials
    at
org.apache.jackrabbit.rmi.server.ServerObject.getRepositoryException(ServerObject.java:123)
    at
org.apache.jackrabbit.rmi.server.ServerRepository.login(ServerRepository.java:107)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
    at sun.rmi.transport.Transport$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.rmi.transport.Transport.serviceCall(Unknown Source)
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown
Source)
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown
Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown
Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    at
sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:255)
    at
sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:233)
    at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:142)
    at org.apache.jackrabbit.rmi.server.ServerRepository_Stub.login(Unknown
Source)
    at
org.apache.jackrabbit.rmi.client.ClientRepository.login(ClientRepository.java:165)
    at
org.apache.jackrabbit.rmi.repository.ProxyRepository.login(ProxyRepository.java:199)
    at
org.apache.jackrabbit.rmi.repository.ProxyRepository.login(ProxyRepository.java:233)
    at archiver.backend.data.DocumentStore.<init>(DocumentStore.java:24)
    at archiver.backend.data.DocumentStore.main(DocumentStore.java:165)
Exception in thread "main" java.lang.NullPointerException
    at
archiver.backend.data.DocumentStore.getRootNode(DocumentStore.java:155)
    at archiver.backend.data.DocumentStore.main(DocumentStore.java:167)

I've read some threads on this topic but there was no real fit.I would
appreciate every little bit of help.

Thank you
Sebastian

Reply via email to