3 Replies Latest reply: Oct 29, 2008 9:23 PM by Ragav Gomatam RSS

Retreiving user roles using a ClientLogin

Vinicius Carvalho Apprentice

Hello there! I know that is possible to use ClientLoginModule inside a swing app to authenticate on a remote jboss server and call secured ejbs. But is it possible to retreive the user's roles after he has been authenticated? I need this info to show/hide some gui functionalities.

Regards

  • 1. Re: Retreiving user roles using a ClientLogin
    Ragav Gomatam Novice

    I presume you will be doing a

    LoginContext.login()
    from your Swing client

    You can get your Roles (which are stored as Groups which is a subinterface of Principal ) as follows :-

    Subject subj = LoginContext.getSubject();
    Set<Principal> set = subj.getPrincipals()


    Hope this helps


  • 2. Re: Retreiving user roles using a ClientLogin
    Vinicius Carvalho Apprentice

    Thanks, just a question tough!
    From what I've read so far, the ClientLoginModule only stores the credentials passed to it right? So when I perform a LoginContext.login(), it won't actually validate my user, since the correct module (ldap) is stored on the server side right? But, on my first EJB invocation the authentication really happens (its what I've understood). So I should do something like this:

    LoginContext.login();
    myEJB = (EJB)ctx.lookup(JNDI);
    myEJB.somemethod();
    
    //now I can
    LoginContext.getSubject()
    


    Is this correct?

  • 3. Re: Retreiving user roles using a ClientLogin
    Ragav Gomatam Novice

    When you run your client programme the jaas config (policy) file will probably have the client login module and the server side module . If I understand right, the job of the client login module is to pass the credentials to the server side. If you check your policy file it could be having these login modules cascaded. Which means when the LoginContext.login() is called, the modules are called one after another, in succession. The client login module id called, which passes the credentials to Server side Login module , which authenticates & authorizes. So yeahyou could do something like this :-

    LoginContext ctx = null;
     try {
     ctx = new LoginContext("client-login", new CustomHandler(args[0],
     args[1]));
     ctx.login();
     Subject.doAs(ctx.getSubject(), new CustomAction());
     } catch (LoginException le) {
     System.err.println("LoginContext cannot be created. "
     + le.getMessage());
     System.exit(-1);
     } catch (SecurityException se) {
     System.err.println("LoginContext cannot be created. "
     + se.getMessage());
     }
    

    Here CustomHandler and your CustomAction would look like this :-

    public class CustomHandler implements CallbackHandler {
    
     private String name;
     private String password;
    
     public void handle(Callback[] callbacks)
     throws UnsupportedCallbackException {
     for (int i = 0; i < callbacks.length; i++) {
     if (callbacks instanceof NameCallback) {
     NameCallback nc = (NameCallback) callbacks;
     nc.setName(this.name);
     } else if (callbacks instanceof PasswordCallback) {
     PasswordCallback pc = (PasswordCallback) callbacks;
     pc.setPassword(this.password.toCharArray());
     } else {
     throw (new UnsupportedCallbackException(callbacks,
     "Callback handler not support"));
     }
     }
     }
    
     public CustomHandler(String name, String password) {
     this.name = name;
     this.password = password;
     }
    
    
    




    public class CustomAction implements PrivilegedAction {
    
     public Object run() {
     //call your ejb here
     return someResult;
     }