-
15. Re: JAAS + EJB3.0 + Jboss unable to propaogate
gauravag Jul 15, 2010 5:57 AM (in response to wolfgangknauf)Thanks for ur help.Finaaly i made my application complete.
The code is as folows..
Servlet where EJB is called and our authentication is done
try{ //here u need to get the logincontext called so that u get authenticated subject LoginContext loginContext = new LoginContext("login-config file name",new PasswordCallbackHandler()); loginContext.login(); //calling ur EJB module Properties properties = new Properties(); properties.setProperty("INITIAL_CONTEXT_FACTORY","org.jnp.interfaces.NamingContextFactory"); properties.setProperty("URL_PKG_PREFIXES","org.jboss.naming:org.jnp.interfaces"); properties.setProperty("PROVIDER_URL","jnp://localhost:1099"); Context context = new InitialContext(properties); Object object = context.lookup("java/AttributeBI/remote"); //rest u now loginContext.logout(); }catch(Exception exception) { exception.printStackTrace();}
Here i have my custom login module which requires (NOTE:user defined) PricipalClass,GroupClass(for roles) ,CallbackHandlers for username and passwords and last CulomLoginModule that implements LoginModule
PasswordCallbackHandler
public class PasswordCallbackHandler implements CallbackHandler { public PasswordCallbackHandler() { } public void handle(Callback[] callbacks)throws java.io.IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof NameCallback) { System.out.print("*"+((NameCallback)callbacks[i]).getPrompt()); ((NameCallback)callbacks[i]).setName("username"); } else if (callbacks[i] instanceof PasswordCallback) { System.out.print("*"+((PasswordCallback)callbacks[i]).getPrompt()); String pass=new String("password"); ((PasswordCallback)callbacks[i]).setPassword(pass.toCharArray()); }}}}
PrincipalClass
public class UserPrincipal implements Principal, Serializable{ private String name; /*** Description : UserPrincipal constructor*/ public UserPrincipal(){ name=""; }//UserPrincipal() /** * Description : Parameterize constructor * @param name */ public UserPrincipal(String name){ this.name=name; }//UserPrincipal() /** * Description : This method is to get Name * @return */ public String getName() { return this.name; }//getName() public String toString() { return("UserPrincipal: " + this.name); } public boolean equals(Object o) { if (o == null) { return false; } if (this == o) { return true; } if (!(o instanceof UserPrincipal)) { return false; } UserPrincipal that = (UserPrincipal) o; if (this.getName().equals(that.getName())) { return true; } return false; } public int hashCode() { return this.name.hashCode(); } }//UserPrinciple
Pricicpal Group
public class PrincipalGroup implements Group, Serializable{ private final String name; private final Set<Principal> users = new HashSet<Principal>(); public PrincipalGroup(String name) { this.name = name; } public boolean addMember(Principal user) { return users.add(user); } public boolean removeMember(Principal user) { return users.remove(user); } public boolean isMember(Principal member) { return users.contains(member); } public Enumeration<? extends Principal> members() { return Collections.enumeration(users); } public String getName() { return name; } public boolean equals(Object o) { if (o == null) { return false; } if (this == o) { return true; } if (!(o instanceof PrincipalGroup)) { return false; } PrincipalGroup that = (PrincipalGroup) o; if (this.getName().equals(that.getName())) { return true; } return false; } public int hashCode() { return this.name.hashCode(); } }
PasswordLoginModule
public class PasswordLoginModule implements LoginModule{ public Subject subject; public CallbackHandler callbackHandler; public UserPrincipal user_principal; private UserPrincipal[] roles; public UserCredential user_credential; Map sharedState; Map option; String url; String driver; private String username; private String password; boolean debug, result; Vector<UserCredential> vector_credentials; Vector<UserPrincipal> vector_principal; /** * Description : Initialization method for PasswordLoginModule * @param subject * @param callbackHandler * @param sharedState * @param options */ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { System.out.println("----------Initialization In Login Module----------"); this.subject=subject; this.callbackHandler=callbackHandler; this.sharedState=sharedState; this.option=options; vector_principal = new Vector(); vector_credentials = new Vector(); if(option.containsKey("debug")) { debug = "true".equals(option.get("debug")); }//if }//Initialization /** * Description : login method of module * @return * @throws LoginException */ public boolean login() throws LoginException { if( debug ) { Callback[] callbacks = new Callback[2]; callbacks[0] = new NameCallback("UserName :"); callbacks[1] = new PasswordCallback("Password :", true); try { callbackHandler.handle(callbacks); }catch(Exception ex) { ex.printStackTrace(); } username = ((NameCallback) callbacks[0]).getName(); System.out.println("user name = "+username); password = new String(((PasswordCallback) callbacks[1]).getPassword()); System.out.println("pass = "+password); user_principal = new UserPrincipal(username); vector_principal.add(user_principal); roles = new UserPrincipal[] { new UserPrincipal("done") // for example }; UserCredential userCredential = new UserCredential(); userCredential.setProperty("Roles","done"); vector_credentials.add(userCredential); return true; }//login() /** * Description : Commit method to set subject over logincontext * after successful login * @return * @throws LoginException */ public boolean commit() throws LoginException { if( debug ) { System.out.println("------------Commit Event----------"); if ( subject.isReadOnly() ) { throw new LoginException("Subject is Readonly"); }//if try{ this.subject.getPrincipals().addAll(vector_principal); PrincipalGroup group = new PrincipalGroup("Roles"); for (UserPrincipal role : roles) { group.addMember(role); } subject.getPrincipals().add(group); subject.getPublicCredentials().addAll(vector_credentials); return true; }catch(Exception ex){ ex.printStackTrace(System.out); throw new LoginException(ex.getMessage()); }//catch } else { return false; } }//commit() /** * Description : This method get called when login is get aborted * @return * @throws LoginException */ public boolean abort() throws LoginException { System.out.println("-----------Abort Event--------------"); return true; }//abort() /** * Decription : This method is to get logout from logincontext * @return * @throws LoginException */ public boolean logout() throws LoginException { vector_principal.clear(); vector_credentials.clear(); return true; }//logout() }// PasswordLoginModule
@Stateless(name=mapped.JNDI_NAME) @RolesAllowed("done") public class AttributeBO implements AttributeBI { private SessionContext sctx; public void setMessageContext(MessageContext messageContext) { this.messageContext = messageContext; } @Resource private void setSctx(SessionContext sctx){ this.sctx = sctx; } @Resource private void seteJBContext(EJBContext eJBContext) { this.eJBContext = eJBContext; } private AttributeEAO attributeEAO; @EJB public void setAttributeEAO(AttributeEAO attributeEAO) { this.attributeEAO = attributeEAO; } /** * Description : This method is to create Attribute * @param attribute */ public void createAttribute(Attribute attribute) { Principal user_principle=sctx.getCallerPrincipal(); System.out.println("Ejb Side Principal "+user_principle.getName()); System.out.println("Ejb Side isCallerInRole "+sctx.isCallerInRole("done")); }//createAttribute()
Now in this i want to get my credentials but there is no existing metood to receive the credentials.. Credentails may contain some propertiesas our own variable values...
my jboss-xml is as
<jboss> <security-domain>java:/jaas/PassAuth</security-domain> </jboss>
my config file ia as
PassAuth{ com.mqa.iam.module.PasswordLoginModule required debug="true" };
Also my login config is like this :
<application-policy name="PassAuth"> <authentication> <login-module code="ur own cutomloginmodule" flag="required"> <module-option name="debug">true</module-option> </login-module> <!--this is used to propagate the values from web to ejb this is must --> <login-module code="org.jboss.security.ClientLoginModule" flag="required"> </login-module> </authentication> </application-policy>
-
16. Re: JAAS + EJB3.0 + Jboss unable to propaogate
gauravag Jul 15, 2010 6:05 AM (in response to wolfgangknauf)I have posted my complete code for others help as well.
But my problem is that i'm not able to receive full credentials at EJB side (these credentials can be user defined values added to subject as public credentials).
So kindly tell me way to receive that at EJB side.
Or any way to progate bunch of parameters(or a property file) from servlet To EJB.
Thanks & Regards,
Gaurav
-
17. Re: JAAS + EJB3.0 + Jboss unable to propaogate
wolfgangknauf Jul 15, 2010 9:42 AM (in response to gauravag)Hi,
others had this problem, too, and maybe it is a JBoss bug. See e.g. this: http://community.jboss.org/message/531986#531986
Maybe it is this JIRA issue: https://jira.jboss.org/browse/EJBTHREE-1756
Best regards
Wolfgang
-
18. Re: JAAS + EJB3.0 + Jboss unable to propaogate
gauravag Jul 28, 2010 12:17 AM (in response to wolfgangknauf)First thanks a lot for all this help.
I have near by completed my work.But i have faced another problem.
Do we have to call LoginContext("loginconfig",Handler) each time before calling an EJB or to get the same values in other request.?
I want that if the same user makes the request next time so this time he may need not reauthenticate himsel again and again.
How can i do that..?
Regards,
Gaurav
-
19. Re: JAAS + EJB3.0 + Jboss unable to propaogate
gauravag Aug 2, 2010 2:08 AM (in response to wolfgangknauf)hi ,
As such i have completed with JAAS Authentication & autherization in enterprise application.
but now the issue is ,
I have my web applicatin where i am accepting user name & password and validationg that user through login module in one action means calling login method over login context. the user is authenticated and after calling ejb method in same method (action method ) i am able to propogate principal and roles in ejb side. but the issue is the login context wont be over web application, mean to say if i want to call ejb in other action the previous login context information will not get propogate to ejb side. In that case i again need to call login method of login context then only the information can be pass.
My question is whether in web we need to create login context or need to call login context login() method once or with every request of web we need to call login() method.
plz solve this issue ...
Thanx