I want to encrypt (PKI) the username and password before sending to the JBoss
Portal for authenticaion. In the login form, i encrypt the ID/Pwd by an applet
then pass to the j_security_check. In my custom login module, i decrypt it..
The user can be authenticated (i.e. the custom login module is passed). BUT,
JBoss Portal shows error just after login... Because some codes in JBossPortal
(the UserInterceptor) use HttpServletRequest.getRemoteUser() to find user from
the UserModule. But the HttpServletRequest.getRemoteUser() will return the
encrypted user name submitted to j_security_check... So it fails to find the
user.....
How can i work around it??? Or any other means to provide the end-to-end
encryption i intended??
Please help!
To illustrate the scenario, below is a simple testing login module attempt to
"decrypt" the username/pwd to become "admin/admin"
package test.auth;
|
| import javax.security.auth.login.LoginException;
|
| import org.jboss.portal.core.security.jaas.ModelLoginModule;
|
| public class MyLoginModule extends ModelLoginModule {
|
| protected String[] getUsernameAndPassword() throws LoginException
| {
| String[] encryptedInfo = super.getUsernameAndPassword();
|
| System.out.println("--> Encrypted username = " +
encryptedInfo[0]);
| System.out.println("--> Encrypted password = " +
encryptedInfo[1]);
|
| String[] decryptedInfo = new String[2];
| decryptedInfo[0] = "admin";
| decryptedInfo[1] = "admin";
|
| System.out.println("--> Decrypted username = " +
decryptedInfo[0]);
| System.out.println("--> Decrypted password = " +
decryptedInfo[1]);
|
| return decryptedInfo;
| }
|
| protected String getUsersPassword() throws LoginException
| {
| return "";
| }
|
| protected boolean validatePassword(String inputPassword, String
expectedPassword)
| {
| return true;
| }
|
| }
|
The error i got:
| exception
|
| javax.servlet.ServletException: No such user No such user aaaa
|
org.jboss.portal.server.servlet.PortalServlet.doGet(PortalServlet.java:227)
| javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
| javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
|
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
|
|
| root cause
|
| org.jboss.portal.core.model.NoSuchUserException: No such user No such user
aaaa
|
org.jboss.portal.core.impl.user.UserModuleImpl.findUserByUserName(UserModuleImpl.java:123)
|
org.jboss.portal.core.aspects.server.UserInterceptor.invoke(UserInterceptor.java:100)
|
org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
|
|
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3955609#3955609
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3955609
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
