Created
May 25, 2011 20:57
-
-
Save lance/991956 to your computer and use it in GitHub Desktop.
JAAS Auth Test
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| private void addTorqueBoxSecurityDomainService(DeploymentPhaseContext context) { | |
| String domain = AuthSubsystemAdd.TORQUEBOX_DOMAIN + "-" + this.getApplicationName(); | |
| log.info( "Adding torquebox security domain: " + domain); | |
| final ApplicationPolicy applicationPolicy = new ApplicationPolicy(domain); | |
| AuthenticationInfo authenticationInfo = new AuthenticationInfo(domain); | |
| // TODO: Can we feed usernames/passwords into the options hash? | |
| Map<String, Object> options = new HashMap<String, Object>(); | |
| Map<String, String> credentials = new HashMap<String, String>(); | |
| credentials.put("foo", "bar"); | |
| options.put("credentials", credentials); | |
| AppConfigurationEntry entry = new AppConfigurationEntry(TorqueBoxLoginModule.class.getName(), LoginModuleControlFlag.REQUIRED, options); | |
| authenticationInfo.addAppConfigurationEntry(entry); | |
| applicationPolicy.setAuthenticationInfo(authenticationInfo); | |
| // TODO: Do we need to bother with a JSSESecurityDomain? Null in this case may be OK | |
| // TODO: Null cache type? | |
| final SecurityDomainService securityDomainService = new SecurityDomainService(domain, applicationPolicy, null, null); | |
| final ServiceTarget target = context.getServiceTarget(); | |
| ServiceBuilder<SecurityDomainContext> builder = target | |
| .addService(SecurityDomainService.SERVICE_NAME.append(domain), securityDomainService) | |
| .addDependency(SecurityManagementService.SERVICE_NAME, ISecurityManagement.class, | |
| securityDomainService.getSecurityManagementInjector()) | |
| .addDependency(JaasConfigurationService.SERVICE_NAME, Configuration.class, | |
| securityDomainService.getConfigurationInjector()); | |
| builder.setInitialMode(Mode.ON_DEMAND).install(); | |
| log.info( "Finished adding torquebox security domain: " + domain); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class TorqueBoxLoginModule extends UsernamePasswordLoginModule { | |
| private Map<String, String> users = new HashMap<String, String>(); | |
| private Group[] roleSets = new Group[0]; | |
| @Override | |
| public void initialize(Subject subject, CallbackHandler callbackHandler, | |
| Map<String, ?> sharedState, Map<String, ?> options) { | |
| super.initialize(subject, callbackHandler, sharedState, options); | |
| log.warn("INITIALIZING TorqueBoxLoginModule"); | |
| @SuppressWarnings("unchecked") | |
| Map<String, String> users = (Map<String, String>) options.get("credentials"); | |
| if (users != null) { | |
| this.users.putAll(users); | |
| log.warn(">>>>> Added users"); | |
| } else { | |
| log.warn(">>>>> No usernames/passwords found"); | |
| } | |
| } | |
| @Override | |
| protected String getUsersPassword() throws LoginException { | |
| String username = getUsername(); | |
| String password = null; | |
| if (username != null) { password = users.get(username); } | |
| return password; | |
| } | |
| @Override | |
| protected Group[] getRoleSets() throws LoginException { | |
| return roleSets; | |
| } | |
| static final Logger log = Logger.getLogger( "org.torquebox.auth" ); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17:05 lanceball: asaldhan: hey anil - I have a question about standing up a SecurityDomainService with a custom LoginModule during app deployment on AS7
17:05 lanceball: if you have a sec, can you take a look at this gist? https://gist.github.com/991956
17:06 lanceball: I've pored over it a few times and it looks like it should do what I want, but when I try to authenticate against it, I get errors about no users.properties files
17:06 lanceball: as though it doesn't load my custom login module and instead defaults to UsersRolesLoginModule
17:07 asaldhan: lanceball: not sure we have actually figured it out on AS7
17:07 asaldhan: lanceball: is this as7 or as6
17:07 lanceball: as7
17:08 lanceball: asaldhan: I've tried to walk the jaas code but had a hard time figuring out where you load up login modules
17:09 asaldhan: lanceball: doubt it works yet. We still figuring out stuff. https://issues.jboss.org/browse/AS7-838
17:09 jbossbot: �jira�� [�3AS7-838�] Allow individual security domains to be deployed [�10Open (Unresolved) Feature Request�,�7 Major�,�6 Marcus Moyses�] https://issues.jboss.org/browse/AS7-838
17:09 asaldhan: lanceball: marcus and I were just broaching this topic. Plan is to work on it either tomorrow (Marcus) or Monday(I) depending on who finishes the current item
17:09 lanceball: asaldhan: thanks - I'll add my gist and comments to the Jira!
17:10 asaldhan: lanceball: there is a method to create security domains tho
17:10 asaldhan: lanceball: let me get it for u
17:10 lanceball: asaldhan: I'm successfully creating security domains on the fly with existing jboss LoginModules
17:11 lanceball: it's just a problem when I want to use a custom login module
17:11 asaldhan: lanceball: not sure if we have tested against custom LM yet. I will defer it to Marcus tomorrow morn. I will ask him once he is online