JaasAuthenticator

From Resin 3.0

Jump to: navigation, search
40px-Edit-clear.png This article requires cleanup and may refer to a legacy version of Resin.

Please visit http://www.caucho.com/documentation/ for the most up-to-date documentation.

Resin provides a JaasAuthenticator for the usage of any JAAS LoginModule. A number of JAAS LoginModule implementations are included with the JDK, and it is fairly easy to create your own,

Contents

Example

resin-web.xml

<web-app xmlns="http://caucho.com/ns/resin">

 <authenticator type="com.caucho.server.security.JaasAuthenticator">
     <init>
         <login-module>com.sun.security.auth.module.Krb5LoginModule</login-module>
         <init-param>
              <debug>true</debug>
        </init-param>
     </init>
 </authenticator>

</web-app>

<init-param> directives

<init-param> directives are used to configure the properties of the LoginModule. Existing LoginModules provide documentation of the init-param that are accepted. Custom LoginModule implementations retrieve the init-param values in the initialize method:

LoginModule implementation retrieves init-param

 public void initialize(Subject subject, 
                        CallbackHandler callbackHandler,
                        Map<String,?> sharedState,
                        Map<String,?> options) 
 {
 
   // initialize any configured options
   _isDebug = "true".equalsIgnoreCase((String) options.get("debug"));
   ...
 }

Custom LoginModule

import java.util.*;

import javax.security.auth.*;
import javax.security.auth.spi.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;

public class TestLoginModule implements javax.security.auth.spi.LoginModule {
    private Subject _subject;
    private CallbackHandler _handler;
    private Map _state;
 
    private String _userName;
    private String _password;

    public void initialize(Subject subject,
                               CallbackHandler handler,
                               Map sharedState,
                               Map options)
   {
       _subject = subject;
       _handler = handler;
       _state = sharedState;

       _userName = (String) _options.get("user");
       _password = (String) _options.get("password");
   }

   public boolean login()
       throws LoginException
   {
       NameCallback name = new NameCallback("");
       PasswordCallback password = new PasswordCallback("", false);
 
       _handler.handle(new Callback[] { name, password });

       if (_userName.equals(name.getName()) && 
           _password.equals(password.getPassword()) {
           _subject.getPrincipals().add(new TestPrincipal(_userName));
           return true;
       }
       else
            return false;
   }

   public boolean abort()
   {
       return true;
   }

   public boolean commit()
   {
       return _subject.getPrincipals().size() > 0;
   }

   public boolean logout()
   {
        return true;
   }
}


resin-web.xml

<web-app xmlns="http://caucho.com/ns/resin">

 <authenticator type="com.caucho.server.security.JaasAuthenticator">
     <init>
         <login-module>example.TestModule</login-module>
         <init-param>
              <user>Harry</user>
              <password>quidditch</password>
        </init-param>
     </init>
 </authenticator>

</web-app>

isUserInRole

The isUserInRole method can be supported by providing either an isUserInRole method in the Principal returned by the LoginModule, or a getRoles() method returning a java.util.Set. (requires 3.0.19)

Personal tools