JaasAuthenticator

From Resin 3.0

(Difference between revisions)
Jump to: navigation, search
Line 37: Line 37:
 
     ...
 
     ...
 
   }
 
   }
 +
 +
= Custom LoginModule =
 +
 +
public class TestLoginModule implements javax.security.auth.spi.LoginModule {
 +
    private Subject _subject;
 +
    private CallbackHandler _handler;
 +
    private Map _state;
 +
 +
    private String _userName;
 +
    private String _password;
 +
 +
    public void initialize(Subject subject,
 +
                                CallbackHandler handler,
 +
                                Map sharedState,
 +
                                Map options)
 +
    {
 +
        _subject = subject;
 +
        _handler = handler;
 +
        _state = sharedState;
 +
 +
        _userName = (String) _options.get("user");
 +
        _password = (String) _options.get("password");
 +
    }
 +
 +
    public boolean login()
 +
        throws LoginException
 +
    {
 +
        NameCallback name = new NameCallback("");
 +
        PasswordCallback password = new PasswordCallback("", false);
 +
 +
        _handler.handle(new Callback[] { name, password });
 +
 +
        if (_userName.equals(name.getName()) &&
 +
            _password.equals(password.getPassword()) {
 +
            _subject.getPrincipals().add(new TestPrincipal(_userName));
 +
            return true;
 +
        }
 +
        else
 +
            return false;
 +
    }
 +
 +
    public boolean abort()
 +
    {
 +
        return true;
 +
    }
 +
 +
    public boolean commit()
 +
    {
 +
        return _subject.getPrincipals().size() > 0);
 +
    }
 +
 +
    public boolean logout()
 +
    {
 +
        return true;
 +
    }
 +
}

Revision as of 19:28, 3 April 2006


Resin provides a JaasAuthenticator for the usage of any JAAS LoginModule. A number of JAAS LoginModule implementations are included with the JDK, and it is fairly easy to create your own,

Contents

Example

resin-web.xml

<web-app xmlns="http://caucho.com/ns/resin">

 <authenticator type="com.caucho.server.security.JaasAuthenticator">
     <init>
         <login-module>com.sun.security.auth.module.Krb5LoginModule</login-module>
         <init-param>
              <debug>true</debug>
        </init-param>
     </init>
 </authenticator>

</web-app>

<init-param> directives

<init-param> directives are used to configure the properties of the LoginModule. Existing LoginModules provide documentation of the init-param that are accepted. Custom LoginModule implementations retrieve the init-param values in the initialize method:

LoginModule implementation retrieves init-param

 public void initialize(Subject subject, 
                        CallbackHandler callbackHandler,
                        Map<String,?> sharedState,
                        Map<String,?> options) 
 {
 
   // initialize any configured options
   _isDebug = "true".equalsIgnoreCase((String) options.get("debug"));
   ...
 }

Custom LoginModule

public class TestLoginModule implements javax.security.auth.spi.LoginModule {
    private Subject _subject;
    private CallbackHandler _handler;
    private Map _state;

    private String _userName;
    private String _password;

    public void initialize(Subject subject,
                               CallbackHandler handler,
                               Map sharedState,
                               Map options)
   {
       _subject = subject;
       _handler = handler;
       _state = sharedState;
       _userName = (String) _options.get("user");
       _password = (String) _options.get("password");
   }

   public boolean login()
       throws LoginException
   {
       NameCallback name = new NameCallback("");
       PasswordCallback password = new PasswordCallback("", false);

       _handler.handle(new Callback[] { name, password });
       if (_userName.equals(name.getName()) && 
           _password.equals(password.getPassword()) {
           _subject.getPrincipals().add(new TestPrincipal(_userName));
           return true;
       }
       else
            return false;
   }

   public boolean abort()
   {
       return true;
   }

   public boolean commit()
   {
       return _subject.getPrincipals().size() > 0);
   }

   public boolean logout()
   {
        return true;
   }
}
Personal tools