Logging in using UsernamePasswordHandler with no password option
satish.kinikiri Jan 10, 2012 1:22 AMHi
I am trying to introduce single-sign-on (SSO) for our application.
Currently our application has a custom login module. I want to retain it the same authenication process when user is logging in directly with username/password (through non-SSO).
And want to add authenication system to when the user tried to login into my app using application through some API.
(Through SSO user name is availalble but not password I will make use of the username to create roles)
Current authenication process :
LoginClient loginClient = new LoginClient(loginName, loginPassword, true /* server login */);
AppIQUserData user = loginClient.login();
......
......
and Login client is
public LoginClient(String username, String password, boolean serverLogin)
throws LoginException
{
this(new UsernamePasswordHandler(username, password), serverLogin);
}
public LoginClient (CallbackHandler handler, boolean serverLogin) throws LoginException
{
this(handler, serverLogin ? SecurityConstants.SECURITY_DOMAIN : SecurityConstants.CLIENT_DOMAIN, serverLogin);
}
public LoginClient (CallbackHandler handler, String securityDomain, boolean serverLogin) throws LoginException
{
log.trace2("login security domain: " + securityDomain);
this.serverLogin = serverLogin;
context = new LoginContext(securityDomain, handler);
}
/**
* Perform a login to the AppIQ system.
* @return The AppIQUserData that has been authenticated
* @throws LoginException if the login fails
*/
public synchronized AppIQUserData login() throws LoginException
{
log.trace2("login - " + (serverLogin ? "SERVER" : "CLIENT"));
context.login();
if (!serverLogin)
return null;
Subject subject = context.getSubject();
if (subject == null)
throw new LoginException(LocalizationUtilities.localize("Exceptions", "LoginFailedNoSubject"));
log.trace2("login SERVER returns subject: " + subject.toString());
AppIQUserData user = SecurityMethods.getCallerPrincipal(subject);
if (user == null)
throw new LoginException(LocalizationUtilities.localize("Exceptions", "UnableToExtractAppIQUserData"));
/* Stash the context in a cache so that we can re-authenticate when we
* need to in order to force updates to login credentials when
* necessary.
*/
SecurityMethods.add(context);
return user;
}
Any idea how we can have the option of avoiding authenication when we are using UsernamePasswordHandler.
Thanks