my loginmodule code is:
/*
* Test OSSO LoginModule
*/
package my.sso;
import java.security.Principal;
import java.util.Map;
import java.security.Principal;
import java.security.acl.Group;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.Util;
import org.jboss.security.auth.spi.AbstractServerLoginModule;
/** An implementation of AbstractServerLoginModule that imposes
* an identity == HeaderVar REMOTE_USER on
* the login process.
*/
public class OSSOLoginModule extends AbstractServerLoginModule
{
/** The login identity */
private Principal identity;
public OSSOLoginModule()
{
System.out.println("Inside OSSOLoginModule Constructor ");
}
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options)
{
super.initialize(subject, callbackHandler, sharedState, options);
System.out.println("Inside OSSOLoginModule Initialize ");
}
/* Retrieve the Header value and set it as identity.
*/
public boolean login() throws LoginException
{
System.out.println("Inside OSSOLoginModule Login ");
super.loginOk = false;
String username = getUsernameFromCallback();
if( username == null )
{
System.out.println("No username retrieved");
}
if( identity == null )
{
try
{
identity = createIdentity(username);
System.out.println("Identity created in login");
}
catch(Exception e)
{
System.out.println("Failed to create principal");
throw new LoginException("Failed to create principal: "+
e.getMessage());
}
}
if( getUseFirstPass() == true )
{ // Add the username and password to the shared state map
sharedState.put("javax.security.auth.login.name", username);
}
super.loginOk = true;
System.out.println("User '" + identity + "' authenticated,
loginOk="+loginOk);
return true;
}
/* Set dummy roles.Called during commit */
protected Principal getIdentity()
{
System.out.println("Inside getIdentity, returned is" + identity);
return identity;
}
protected String getUsername()
{
String username = null;
if( getIdentity() != null )
username = getIdentity().getName();
System.out.println("User in getUsername is '" + username);
return username;
}
/** Called by login() to acquire the username
authentication. This method does no validation of either.
@return String, username
@exception LoginException thrown if CallbackHandler is not set or fails.
*/
protected String getUsernameFromCallback() throws LoginException
{
String username = null;
// Get username
if( callbackHandler == null )
{
throw new LoginException("Error: no CallbackHandler available " +
"to collect authentication information");
}
NameCallback nc = new NameCallback("User name:");
Callback[] callbacks = {nc};
try
{
callbackHandler.handle(callbacks);
username = nc.getName();
System.out.println("Username set from callback is " +
username);
}
catch(java.io.IOException ioe)
{
throw new LoginException(ioe.toString());
}
catch(UnsupportedCallbackException uce)
{
throw new LoginException("CallbackHandler does not support: " +
uce.getCallback());
}
return username;
}
/* Set dummy roles.Called during commit */
protected Group[] getRoleSets()
{
SimpleGroup roles = new SimpleGroup("Roles");
Group[] roleSets = {roles};
roles.addMember(new SimplePrincipal("JBossAdmin"));
roles.addMember(new SimplePrincipal("HttpInvoker"));
roles.addMember(new SimplePrincipal("Role2"));
System.out.println("Inside getRoleSets");
return roleSets;
}
}
And my Valve code is:
package my.sso;
import java.io.IOException;
import java.util.Enumeration;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpServletRequest;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.Subject;
import java.security.Principal;
import org.jboss.security.SimplePrincipal;
import java.security.acl.Group;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.valves.ValveBase;
public class MyValve
extends ValveBase
{
private boolean isPresent;
public void invoke(Request request, Response response)
throws IOException, ServletException
{
boolean flag;
String username1 = request.getRemoteUser();
//Using getAttribute
String remoteAttr =
(String)request.getAttribute("REMOTE_USER");
System.out.println("Enter, REMOTE_USER="+ username1);
System.out.println("REMOTE_USER as attribute is"+ remoteAttr);
System.out.println("jmx-consoletest");
try {
OSSOUsernameHandler handler = new
OSSOUsernameHandler(remoteAttr);
if (handler == null)
{
System.out.println("handler is null");
}
System.out.println("handler is not null");
LoginContext lc = new LoginContext("jmx-consoletest",
handler);
if (lc == null)
{
System.out.println("lc is null");
}
System.out.println("lc is not null");
lc.login();
Subject subject = lc.getSubject();
if (subject == null)
{
System.out.println("subject is null");
}
System.out.println("subject is not null");
Set groups = subject.getPrincipals(Group.class);
Group roles = (Group) groups.iterator().next();
flag = roles.isMember(new SimplePrincipal("JBossAdmin"));
System.out.println("flag is" + flag);
flag = roles.isMember(new SimplePrincipal("JBossAdmin1"));
System.out.println("flag 1s" + flag);
request.setUserPrincipal(new SimplePrincipal(remoteAttr));
String name = request.getUserPrincipal().getName();
System.out.println("name is" + name);
} catch(LoginException e) {
;
}
getNext().invoke(request, response);
}
}
I have spent couple of days on this, your help is highly appreciated.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3891040#3891040
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3891040
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
