On Jun 15, 2010, at 6:58 AM, J.M. Villagrá wrote:
> I have found a solution....
>
> I can login successfully against my LoginModule only if i set up login and
> password in context initialization:
>
> props.put("openejb.authentication.realmName", "test");
> props.put(Context.SECURITY_PRINCIPAL, "username");
> props.put(Context.SECURITY_CREDENTIALS, "password");
Ah. Somehow I had a brain hiccup and thought you were already doing that. I
looked back and see I was wrong :)
> Otherwise, if i try to use the LoginContext to init session it does not work
> and i always get "guest"
>
> CallbackHandler handler = new CallbackHandler() {
>
> @Override
> public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
>
> Callback[] mcallbacks = callbacks;
>
> NameCallback nameCallback = (NameCallback) mcallbacks[0];
> nameCallback.setName("jm.villagra");
> }
> };
>
> LoginContext lc = new LoginContext("test", handler);
> lc.login();
>
> Subject sub = lc.getSubject();
Trick with that is creating a subject doesn't do much but build an instance of
subject. Doesn't automatically make it so everyone who is interested can see
it.
This sort of shows us basically doing the same as you've done above:
http://svn.apache.org/repos/asf/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java
The LocalInitialContextFactory will basically grab your user/pass and call
securityService.login followed by securityService.associate (the magical part
that puts the subject on the thread where openejb can see it) and finally will
call securityService.disassociate when someone calls initialContext.close();
Open to any improvements if you're interested in hacking. We could easily have
several implementations of SecurityService available for use. Maybe one that
exposes the registerSubject/unregisterSubject methods. We just need to have a
definition for it in our service-jar.xml file (calling it
'AlternativeSecurityService' for example) and then someone can use it in a test
like so:
Properties props = new Properties();
props.setProperty(Context.INITIAL_CONTEXT_FACTORY,
"org.apache.openejb.client.LocalInitialContextFactory");
props.put("mySecurityService",
"new://SecurityService?provider=AlternativeSecurityService");
props.put("mySecurityService.callbackHandler", MyHandler.class.getName());
As well they could set any config properties for it using the standard
properties overrides.
-David
