8 Replies Latest reply: Jun 11, 2012 4:17 AM by Andy Peer RSS

Problem in custom login module

Andy Peer Newbie

I'm trying to write a custom login module to implement some logic during the login phase.

I have added my module in JBOSS_HOME\server\default\deploy\gatein.ear\META-INF\gatein-jboss-beans.xml

 

<application-policy xmlns="urn:jboss:security-beans:1.0" name="gatein-domain">
    <authentication>
    <!-- My custom login module -->
      <login-module code="com.test.extension.util.MyLoginModule" flag="required">
        <module-option name="portalContainerName">portal</module-option>
        <module-option name="realmName">gatein-domain</module-option>
      </login-module>
    
      <login-module code="org.exoplatform.web.security.PortalLoginModule" flag="required">
        <module-option name="portalContainerName">portal</module-option>
        <module-option name="realmName">gatein-domain</module-option>
      </login-module>
      <login-module code="org.exoplatform.services.security.jaas.SharedStateLoginModule" flag="required">
        <module-option name="portalContainerName">portal</module-option>
        <module-option name="realmName">gatein-domain</module-option>
      </login-module>
  
      <login-module code="org.exoplatform.services.security.j2ee.JbossLoginModule" flag="required">
        <module-option name="portalContainerName">portal</module-option>
        <module-option name="realmName">gatein-domain</module-option>
      </login-module>
    </authentication>
...
...

 

 

This is MyLoginModule (it is in a utilities jar):

package com.test.extension.util;


import javax.security.auth.login.LoginException;

import org.exoplatform.container.ExoContainer;
import org.exoplatform.web.security.Credentials;
import org.exoplatform.web.security.PortalLoginModule;
import org.jboss.logging.Logger;

public class MyLoginModule extends PortalLoginModule
{

   /** Logger. */
   private static final Logger log = Logger.getLogger(MyLoginModule.class);

   
   public boolean login() throws LoginException {
       return super.login();
   }
   
   /**
    * @see javax.security.auth.spi.LoginModule#commit()
    */
   public boolean commit() throws LoginException
   {
       boolean res = super.commit();
       
       if (sharedState.containsKey("javax.security.auth.login.name") && sharedState.containsKey("javax.security.auth.login.password")) {
           log.info("User authenticated with Username:" + (String)sharedState.get("javax.security.auth.login.name") + 
                   " and Password:" + (String)sharedState.get("javax.security.auth.login.password"));
       }
       else
           log.info("login failed");
       
       return res;
   }

   /**
    * @see javax.security.auth.spi.LoginModule#abort()
    */
   public boolean abort() throws LoginException
   {
      return super.abort();
   }

   /**
    * @see javax.security.auth.spi.LoginModule#logout()
    */
   public boolean logout() throws LoginException
   {
      return super.logout();
   }


   protected static boolean isClusteredSSO()
   {
      return ExoContainer.getProfiles().contains("cluster");
   }
}

 

The problem is that now I can't enter the portal, all the logins fail!

Am I missing any configurations/implementations?

  • 1. Re: Problem in custom login module
    Minh Hoang TO Novice

    Why did you make your login module extend PortalLoginModule, if your login module need to acquire the PortalContainer, make it a subclass of AbstractLoginModule

     

    I see that your login module calls super.login()/super.commit() . That somehow duplicates business code of PortalLoginModule and results in authentication failure.

     

    Just put a return true at the end of your login/commit.

  • 2. Re: Problem in custom login module
    Marek Posolda Apprentice

    Hi,

     

    It seems to me that you want to extend PortalLoginModule with MyLoginModule and provide some additional functions, is it correct? But in this case, you need to replace PortalLoginModule with your "MyLoginModule". It looks that you replaced WCILoginModule with your LM instead, which is causing login failures, because WCILoginModule is needed. So your LM stack should have: WCILoginModule, MyLoginModule, SharedStateLoginModule, JbossLoginModule

    instead of: MyLoginModule, PortalLoginModule, SharedStateLoginModule, JbossLoginModule.

  • 3. Re: Problem in custom login module
    Andy Peer Newbie

    I did not replace the WCILoginModule, that modul isn't either present in gatein-jboss-beans.xml. Actually, I don't need to extend PortalLoginModule and I tried to extend AbstractLoginLogin with the modifications reported by Mihn, but without success.

    It seems to me it was sufficient to insert my custom module in the modules queue. Other modules put in the sharedState map username and password values if login is correct, so I tought I just need my module to check the presence of that values in the map.

     

    I will try to completely rewrite the PortalLoginModule, adding my own logic.

  • 4. Re: Problem in custom login module
    Andy Peer Newbie

    Finally I solved the issue! I replaced, in gatein-jboss-beans.xml, the PortalLoginModule with MyLoginModule, filling it with the content of the first one.

    In the commit() method I added my logic for successful login, then I added also the login() method of DefaultLoginModule (which is the super class of PortalLoginModule) to implement my logic for failed login.

  • 5. Re: Problem in custom login module
    Minh Hoang TO Novice

    Andy Peer wrote:

     

    I did not replace the WCILoginModule, that modul isn't either present in gatein-jboss-beans.xml.

     

    I guess you are using GateIn 3.0, let's try the latest release 3.3

  • 6. Re: Problem in custom login module
    Rafael Neves Newbie

    why use a custom login? why don't use a kerberos solution, for example?

  • 7. Re: Problem in custom login module
    Minh Hoang TO Novice

    Rafael Neves wrote:

     

    why use a custom login? why don't use a kerberos solution, for example?

    For what Andy attempted to do, which solution is simpler?

  • 8. Re: Problem in custom login module
    Andy Peer Newbie

    I'm using GateIn 3.0 and I can't change, it's the production version.