JaasAuthenticator
From Resin 3.0
(Difference between revisions)
(5 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
− | [[Category:Configuration]] [[Category:Security]] | + | {{Cleanup}} [[Category:Configuration]] [[Category:Security]] |
Resin provides a JaasAuthenticator for the usage of any JAAS LoginModule. A number of JAAS LoginModule implementations are included with the JDK, | Resin provides a JaasAuthenticator for the usage of any JAAS LoginModule. A number of JAAS LoginModule implementations are included with the JDK, | ||
Line 37: | Line 37: | ||
... | ... | ||
} | } | ||
+ | |||
+ | = Custom LoginModule = | ||
+ | |||
+ | import java.util.*; | ||
+ | |||
+ | import javax.security.auth.*; | ||
+ | import javax.security.auth.spi.*; | ||
+ | import javax.security.auth.callback.*; | ||
+ | import javax.security.auth.login.*; | ||
+ | |||
+ | public class TestLoginModule implements javax.security.auth.spi.LoginModule { | ||
+ | private Subject _subject; | ||
+ | private CallbackHandler _handler; | ||
+ | private Map _state; | ||
+ | |||
+ | private String _userName; | ||
+ | private String _password; | ||
+ | |||
+ | public void initialize(Subject subject, | ||
+ | CallbackHandler handler, | ||
+ | Map sharedState, | ||
+ | Map options) | ||
+ | { | ||
+ | _subject = subject; | ||
+ | _handler = handler; | ||
+ | _state = sharedState; | ||
+ | |||
+ | _userName = (String) _options.get("user"); | ||
+ | _password = (String) _options.get("password"); | ||
+ | } | ||
+ | |||
+ | public boolean login() | ||
+ | throws LoginException | ||
+ | { | ||
+ | NameCallback name = new NameCallback(""); | ||
+ | PasswordCallback password = new PasswordCallback("", false); | ||
+ | |||
+ | _handler.handle(new Callback[] { name, password }); | ||
+ | |||
+ | if (_userName.equals(name.getName()) && | ||
+ | _password.equals(password.getPassword()) { | ||
+ | _subject.getPrincipals().add(new TestPrincipal(_userName)); | ||
+ | return true; | ||
+ | } | ||
+ | else | ||
+ | return false; | ||
+ | } | ||
+ | |||
+ | public boolean abort() | ||
+ | { | ||
+ | return true; | ||
+ | } | ||
+ | |||
+ | public boolean commit() | ||
+ | { | ||
+ | return _subject.getPrincipals().size() > 0; | ||
+ | } | ||
+ | |||
+ | public boolean logout() | ||
+ | { | ||
+ | return true; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | |||
+ | ==== resin-web.xml ==== | ||
+ | <web-app xmlns="http://caucho.com/ns/resin"> | ||
+ | |||
+ | <authenticator type="com.caucho.server.security.JaasAuthenticator"> | ||
+ | <init> | ||
+ | <login-module>example.TestModule</login-module> | ||
+ | <init-param> | ||
+ | <user>Harry</user> | ||
+ | <password>quidditch</password> | ||
+ | </init-param> | ||
+ | </init> | ||
+ | </authenticator> | ||
+ | |||
+ | </web-app> | ||
+ | |||
+ | == isUserInRole == | ||
+ | |||
+ | The <code>isUserInRole</code> method can be supported by providing either an <code>isUserInRole</code> method in the <code>Principal</code> returned by the LoginModule, or a <code>getRoles()</code> method returning a java.util.Set. (requires 3.0.19) |
Latest revision as of 21:18, 1 December 2011
This article requires cleanup and may refer to a legacy version of Resin.
Please visit http://www.caucho.com/documentation/ for the most up-to-date documentation. |
Resin provides a JaasAuthenticator for the usage of any JAAS LoginModule. A number of JAAS LoginModule implementations are included with the JDK, and it is fairly easy to create your own,
Contents |
Example
resin-web.xml
<web-app xmlns="http://caucho.com/ns/resin"> <authenticator type="com.caucho.server.security.JaasAuthenticator"> <init> <login-module>com.sun.security.auth.module.Krb5LoginModule</login-module> <init-param> <debug>true</debug> </init-param> </init> </authenticator> </web-app>
<init-param> directives
<init-param> directives are used to configure the properties of the LoginModule. Existing LoginModules provide documentation of the init-param that are accepted. Custom LoginModule implementations retrieve the init-param values in the initialize method:
LoginModule implementation retrieves init-param
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options) { // initialize any configured options _isDebug = "true".equalsIgnoreCase((String) options.get("debug")); ... }
Custom LoginModule
import java.util.*; import javax.security.auth.*; import javax.security.auth.spi.*; import javax.security.auth.callback.*; import javax.security.auth.login.*; public class TestLoginModule implements javax.security.auth.spi.LoginModule { private Subject _subject; private CallbackHandler _handler; private Map _state; private String _userName; private String _password; public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options) { _subject = subject; _handler = handler; _state = sharedState; _userName = (String) _options.get("user"); _password = (String) _options.get("password"); } public boolean login() throws LoginException { NameCallback name = new NameCallback(""); PasswordCallback password = new PasswordCallback("", false); _handler.handle(new Callback[] { name, password }); if (_userName.equals(name.getName()) && _password.equals(password.getPassword()) { _subject.getPrincipals().add(new TestPrincipal(_userName)); return true; } else return false; } public boolean abort() { return true; } public boolean commit() { return _subject.getPrincipals().size() > 0; } public boolean logout() { return true; } }
resin-web.xml
<web-app xmlns="http://caucho.com/ns/resin"> <authenticator type="com.caucho.server.security.JaasAuthenticator"> <init> <login-module>example.TestModule</login-module> <init-param> <user>Harry</user> <password>quidditch</password> </init-param> </init> </authenticator> </web-app>
isUserInRole
The isUserInRole
method can be supported by providing either an isUserInRole
method in the Principal
returned by the LoginModule, or a getRoles()
method returning a java.util.Set. (requires 3.0.19)