JaasAuthenticator

From Resin 3.0

(Difference between revisions)
Jump to: navigation, search
 
(5 intermediate revisions by one user not shown)
Line 1: Line 1:
[[Category:Configuration]] [[Category:Security]]
+
{{Cleanup}} [[Category:Configuration]] [[Category:Security]]
  
 
Resin provides a JaasAuthenticator for the usage of any JAAS LoginModule.  A number of JAAS LoginModule implementations are included with the JDK,  
 
Resin provides a JaasAuthenticator for the usage of any JAAS LoginModule.  A number of JAAS LoginModule implementations are included with the JDK,  
Line 37: Line 37:
 
     ...
 
     ...
 
   }
 
   }
 +
 +
= Custom LoginModule =
 +
 +
import java.util.*;
 +
 +
import javax.security.auth.*;
 +
import javax.security.auth.spi.*;
 +
import javax.security.auth.callback.*;
 +
import javax.security.auth.login.*;
 +
 +
public class TestLoginModule implements javax.security.auth.spi.LoginModule {
 +
    private Subject _subject;
 +
    private CallbackHandler _handler;
 +
    private Map _state;
 +
 
 +
    private String _userName;
 +
    private String _password;
 +
 +
    public void initialize(Subject subject,
 +
                                CallbackHandler handler,
 +
                                Map sharedState,
 +
                                Map options)
 +
    {
 +
        _subject = subject;
 +
        _handler = handler;
 +
        _state = sharedState;
 +
 +
        _userName = (String) _options.get("user");
 +
        _password = (String) _options.get("password");
 +
    }
 +
 +
    public boolean login()
 +
        throws LoginException
 +
    {
 +
        NameCallback name = new NameCallback("");
 +
        PasswordCallback password = new PasswordCallback("", false);
 +
 
 +
        _handler.handle(new Callback[] { name, password });
 +
 +
        if (_userName.equals(name.getName()) &&
 +
            _password.equals(password.getPassword()) {
 +
            _subject.getPrincipals().add(new TestPrincipal(_userName));
 +
            return true;
 +
        }
 +
        else
 +
            return false;
 +
    }
 +
 +
    public boolean abort()
 +
    {
 +
        return true;
 +
    }
 +
 +
    public boolean commit()
 +
    {
 +
        return _subject.getPrincipals().size() > 0;
 +
    }
 +
 +
    public boolean logout()
 +
    {
 +
        return true;
 +
    }
 +
}
 +
 +
 +
==== resin-web.xml ====
 +
<web-app xmlns="http://caucho.com/ns/resin">
 +
 +
  <authenticator type="com.caucho.server.security.JaasAuthenticator">
 +
      <init>
 +
          <login-module>example.TestModule</login-module>
 +
          <init-param>
 +
              <user>Harry</user>
 +
              <password>quidditch</password>
 +
        </init-param>
 +
      </init>
 +
  </authenticator>
 +
 +
</web-app>
 +
 +
== isUserInRole ==
 +
 +
The <code>isUserInRole</code> method can be supported by providing either an <code>isUserInRole</code> method in the <code>Principal</code> returned by the LoginModule, or a <code>getRoles()</code> method returning a java.util.Set.  (requires 3.0.19)

Latest revision as of 21:18, 1 December 2011

40px-Edit-clear.png This article requires cleanup and may refer to a legacy version of Resin.

Please visit http://www.caucho.com/documentation/ for the most up-to-date documentation.

Resin provides a JaasAuthenticator for the usage of any JAAS LoginModule. A number of JAAS LoginModule implementations are included with the JDK, and it is fairly easy to create your own,

Contents

Example

resin-web.xml

<web-app xmlns="http://caucho.com/ns/resin">

 <authenticator type="com.caucho.server.security.JaasAuthenticator">
     <init>
         <login-module>com.sun.security.auth.module.Krb5LoginModule</login-module>
         <init-param>
              <debug>true</debug>
        </init-param>
     </init>
 </authenticator>

</web-app>

<init-param> directives

<init-param> directives are used to configure the properties of the LoginModule. Existing LoginModules provide documentation of the init-param that are accepted. Custom LoginModule implementations retrieve the init-param values in the initialize method:

LoginModule implementation retrieves init-param

 public void initialize(Subject subject, 
                        CallbackHandler callbackHandler,
                        Map<String,?> sharedState,
                        Map<String,?> options) 
 {
 
   // initialize any configured options
   _isDebug = "true".equalsIgnoreCase((String) options.get("debug"));
   ...
 }

Custom LoginModule

import java.util.*;

import javax.security.auth.*;
import javax.security.auth.spi.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;

public class TestLoginModule implements javax.security.auth.spi.LoginModule {
    private Subject _subject;
    private CallbackHandler _handler;
    private Map _state;
 
    private String _userName;
    private String _password;

    public void initialize(Subject subject,
                               CallbackHandler handler,
                               Map sharedState,
                               Map options)
   {
       _subject = subject;
       _handler = handler;
       _state = sharedState;

       _userName = (String) _options.get("user");
       _password = (String) _options.get("password");
   }

   public boolean login()
       throws LoginException
   {
       NameCallback name = new NameCallback("");
       PasswordCallback password = new PasswordCallback("", false);
 
       _handler.handle(new Callback[] { name, password });

       if (_userName.equals(name.getName()) && 
           _password.equals(password.getPassword()) {
           _subject.getPrincipals().add(new TestPrincipal(_userName));
           return true;
       }
       else
            return false;
   }

   public boolean abort()
   {
       return true;
   }

   public boolean commit()
   {
       return _subject.getPrincipals().size() > 0;
   }

   public boolean logout()
   {
        return true;
   }
}


resin-web.xml

<web-app xmlns="http://caucho.com/ns/resin">

 <authenticator type="com.caucho.server.security.JaasAuthenticator">
     <init>
         <login-module>example.TestModule</login-module>
         <init-param>
              <user>Harry</user>
              <password>quidditch</password>
        </init-param>
     </init>
 </authenticator>

</web-app>

isUserInRole

The isUserInRole method can be supported by providing either an isUserInRole method in the Principal returned by the LoginModule, or a getRoles() method returning a java.util.Set. (requires 3.0.19)

Personal tools