8 Replies Latest reply on Jun 11, 2012 4:17 AM by andy00

    Problem in custom login module

    andy00

      I'm trying to write a custom login module to implement some logic during the login phase.

      I have added my module in JBOSS_HOME\server\default\deploy\gatein.ear\META-INF\gatein-jboss-beans.xml

       

      <application-policy xmlns="urn:jboss:security-beans:1.0" name="gatein-domain">
          <authentication>
          <!-- My custom login module -->
            <login-module code="com.test.extension.util.MyLoginModule" flag="required">
              <module-option name="portalContainerName">portal</module-option>
              <module-option name="realmName">gatein-domain</module-option>
            </login-module>
          
            <login-module code="org.exoplatform.web.security.PortalLoginModule" flag="required">
              <module-option name="portalContainerName">portal</module-option>
              <module-option name="realmName">gatein-domain</module-option>
            </login-module>
            <login-module code="org.exoplatform.services.security.jaas.SharedStateLoginModule" flag="required">
              <module-option name="portalContainerName">portal</module-option>
              <module-option name="realmName">gatein-domain</module-option>
            </login-module>
        
            <login-module code="org.exoplatform.services.security.j2ee.JbossLoginModule" flag="required">
              <module-option name="portalContainerName">portal</module-option>
              <module-option name="realmName">gatein-domain</module-option>
            </login-module>
          </authentication>
      ...
      ...
      

       

       

      This is MyLoginModule (it is in a utilities jar):

      package com.test.extension.util;
      
      
      import javax.security.auth.login.LoginException;
      
      import org.exoplatform.container.ExoContainer;
      import org.exoplatform.web.security.Credentials;
      import org.exoplatform.web.security.PortalLoginModule;
      import org.jboss.logging.Logger;
      
      public class MyLoginModule extends PortalLoginModule
      {
      
         /** Logger. */
         private static final Logger log = Logger.getLogger(MyLoginModule.class);
      
         
         public boolean login() throws LoginException {
             return super.login();
         }
         
         /**
          * @see javax.security.auth.spi.LoginModule#commit()
          */
         public boolean commit() throws LoginException
         {
             boolean res = super.commit();
             
             if (sharedState.containsKey("javax.security.auth.login.name") && sharedState.containsKey("javax.security.auth.login.password")) {
                 log.info("User authenticated with Username:" + (String)sharedState.get("javax.security.auth.login.name") + 
                         " and Password:" + (String)sharedState.get("javax.security.auth.login.password"));
             }
             else
                 log.info("login failed");
             
             return res;
         }
      
         /**
          * @see javax.security.auth.spi.LoginModule#abort()
          */
         public boolean abort() throws LoginException
         {
            return super.abort();
         }
      
         /**
          * @see javax.security.auth.spi.LoginModule#logout()
          */
         public boolean logout() throws LoginException
         {
            return super.logout();
         }
      
      
         protected static boolean isClusteredSSO()
         {
            return ExoContainer.getProfiles().contains("cluster");
         }
      }
      

       

      The problem is that now I can't enter the portal, all the logins fail!

      Am I missing any configurations/implementations?

        • 1. Re: Problem in custom login module
          hoang_to

          Why did you make your login module extend PortalLoginModule, if your login module need to acquire the PortalContainer, make it a subclass of AbstractLoginModule

           

          I see that your login module calls super.login()/super.commit() . That somehow duplicates business code of PortalLoginModule and results in authentication failure.

           

          Just put a return true at the end of your login/commit.

          • 2. Re: Problem in custom login module
            mposolda

            Hi,

             

            It seems to me that you want to extend PortalLoginModule with MyLoginModule and provide some additional functions, is it correct? But in this case, you need to replace PortalLoginModule with your "MyLoginModule". It looks that you replaced WCILoginModule with your LM instead, which is causing login failures, because WCILoginModule is needed. So your LM stack should have: WCILoginModule, MyLoginModule, SharedStateLoginModule, JbossLoginModule

            instead of: MyLoginModule, PortalLoginModule, SharedStateLoginModule, JbossLoginModule.

            • 3. Re: Problem in custom login module
              andy00

              I did not replace the WCILoginModule, that modul isn't either present in gatein-jboss-beans.xml. Actually, I don't need to extend PortalLoginModule and I tried to extend AbstractLoginLogin with the modifications reported by Mihn, but without success.

              It seems to me it was sufficient to insert my custom module in the modules queue. Other modules put in the sharedState map username and password values if login is correct, so I tought I just need my module to check the presence of that values in the map.

               

              I will try to completely rewrite the PortalLoginModule, adding my own logic.

              • 4. Re: Problem in custom login module
                andy00

                Finally I solved the issue! I replaced, in gatein-jboss-beans.xml, the PortalLoginModule with MyLoginModule, filling it with the content of the first one.

                In the commit() method I added my logic for successful login, then I added also the login() method of DefaultLoginModule (which is the super class of PortalLoginModule) to implement my logic for failed login.

                • 5. Re: Problem in custom login module
                  hoang_to

                  Andy Peer wrote:

                   

                  I did not replace the WCILoginModule, that modul isn't either present in gatein-jboss-beans.xml.

                   

                  I guess you are using GateIn 3.0, let's try the latest release 3.3

                  • 6. Re: Problem in custom login module
                    raneves

                    why use a custom login? why don't use a kerberos solution, for example?

                    • 7. Re: Problem in custom login module
                      hoang_to

                      Rafael Neves wrote:

                       

                      why use a custom login? why don't use a kerberos solution, for example?

                      For what Andy attempted to do, which solution is simpler?

                      • 8. Re: Problem in custom login module
                        andy00

                        I'm using GateIn 3.0 and I can't change, it's the production version.