JAAS Context erstellen - Login auf Client-Seite
Um auf per JAAS geschützte Methoden zugreifen zu können muss der Aufrufer sich entsprechend eingeloggt haben. Dabei wird unter JAAS ein sogenannter LoginContext erstellt.
import javax.security.auth.login.LoginContext; public class MyClass { … public void login() throws UnsupportedEncodingException, LoginException { ClassLoader cl = Thread.currentThread().getContextClassLoader(); URL authconf = cl.getResource(“jaas.conf”); String p = URLDecoder.decode(authconf.toExternalForm(), “UTF-8″); System.setProperty(“java.security.auth.login.config”, p); auth = new LoginContext(“mycontext”, new SimpleLoginCallbackHandler(“user”, “password” .toCharArray())); auth.login(); } … }
Wichtig hierbei ist der LoginCallbackHandler, wobei hier ein eigener SimpleLoginCallbackHandler verwendet wird, und die jaas.conf, welche die JAAS-Konfiguration enthält.
Da wir uns in den JBoss einloggen möchten, sieht die jaas.conf wie folgt aus:
mycontext {
org.jboss.security.ClientLoginModule required;
};
Der verwendete CallbackHandler gibt lediglich die per Constructor übergebenen Parameter zurück:
import java.io.IOException; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; public class SimpleLoginCallbackHandler implements CallbackHandler { private String userName; private char[] password; public SimpleLoginCallbackHandler(String userName, char[] password) { this.userName = userName; this.password = password; } public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback callback : callbacks) { if (callback instanceof NameCallback) { ((NameCallback) callback).setName(userName); } else if (callback instanceof PasswordCallback) { ((PasswordCallback) callback).setPassword(password); } } } }
Ein Logout kann entsprechend über den LoginContext wieder erfolgen:
public class MyClass { … public void logout() throws LoginException { auth.logout(); } … }
Wenn der Client direkt im JBoss läuft, also z.B. als Servlet im Tomcat oder als MBean, so wird keine jaas.conf benötigt. In diesem Fall wird einfach ein LoginContext erstellt mit dem Namen “client-login”.
on Juli 15th, 2006 at 2:45 pm
hi,
i am belaamoud, studies computer science in Germany. I have a probleme in JAAS (with login module Tagish).
I have written an web-application. The users are from two groups (A, B) and they login
under their own NTDomaine (NTDomaine_A, NTDomaine_B). The two groups are together in an Intranet and
everyone should access the application after his authentification (login and Password).
so that i realize this, i use config files. users from group A use the config file named config-File-A, users
from group B use the config file named config-File-B.
here are the config files:
Config-File_A:
NTLogin_A
{com.tagish.auth.win32. NTSystemLogin required returnNames=true returnSIDs=false defaultDomain = “NTDomaine_A”;};
Config-File_B:
NTLogin_B
{com.tagish.auth.win32. NTSystemLogin required returnNames=true returnSIDs=false defaultDomain = “NTDomaine_B”;};
The problem is:
if users from group A (NTDomaine_A) log in in the web Application first, the users from group B couldnt log in,
although the user / password are right.
if i restart tomcat, and this time beginn the login with user from group B, than works (the authentification) for
all of users from group B but not for all users from group A.
I looked in Internet and found only examples with one domain. And want to ask you if you can help me, to solve this
for more than one domain (or group).
Thank you in advance
on Juli 24th, 2006 at 9:15 pm
Hi Belaamoud,
I’m sorry, but I have no experiences with NTDomains, because I only use unix systems. I assume the NTDomain LoginContext uses a Singleton or something like that, so that in one VM only one NTDomain-Login-Context is possible.
I hope you will find the solution for your problem.
Greets