-
1. Re: Retreiving user roles using a ClientLogin
ragavgomatam Oct 28, 2008 9:12 PM (in response to viniciuscarvalho)I presume you will be doing a
LoginContext.login()
from your Swing client
You can get your Roles (which are stored as Groups which is a subinterface of Principal ) as follows :-Subject subj = LoginContext.getSubject(); Set<Principal> set = subj.getPrincipals()
Hope this helps -
2. Re: Retreiving user roles using a ClientLogin
viniciuscarvalho Oct 29, 2008 4:19 PM (in response to viniciuscarvalho)Thanks, just a question tough!
From what I've read so far, the ClientLoginModule only stores the credentials passed to it right? So when I perform a LoginContext.login(), it won't actually validate my user, since the correct module (ldap) is stored on the server side right? But, on my first EJB invocation the authentication really happens (its what I've understood). So I should do something like this:LoginContext.login(); myEJB = (EJB)ctx.lookup(JNDI); myEJB.somemethod(); //now I can LoginContext.getSubject()
Is this correct? -
3. Re: Retreiving user roles using a ClientLogin
ragavgomatam Oct 29, 2008 9:23 PM (in response to viniciuscarvalho)When you run your client programme the jaas config (policy) file will probably have the client login module and the server side module . If I understand right, the job of the client login module is to pass the credentials to the server side. If you check your policy file it could be having these login modules cascaded. Which means when the LoginContext.login() is called, the modules are called one after another, in succession. The client login module id called, which passes the credentials to Server side Login module , which authenticates & authorizes. So yeahyou could do something like this :-
LoginContext ctx = null; try { ctx = new LoginContext("client-login", new CustomHandler(args[0], args[1])); ctx.login(); Subject.doAs(ctx.getSubject(), new CustomAction()); } catch (LoginException le) { System.err.println("LoginContext cannot be created. " + le.getMessage()); System.exit(-1); } catch (SecurityException se) { System.err.println("LoginContext cannot be created. " + se.getMessage()); }
Here CustomHandler and your CustomAction would look like this :-public class CustomHandler implements CallbackHandler { private String name; private String password; public void handle(Callback[] callbacks) throws UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks instanceof NameCallback) { NameCallback nc = (NameCallback) callbacks; nc.setName(this.name); } else if (callbacks instanceof PasswordCallback) { PasswordCallback pc = (PasswordCallback) callbacks; pc.setPassword(this.password.toCharArray()); } else { throw (new UnsupportedCallbackException(callbacks, "Callback handler not support")); } } } public CustomHandler(String name, String password) { this.name = name; this.password = password; }
public class CustomAction implements PrivilegedAction { public Object run() { //call your ejb here return someResult; }