tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Blevins <david.blev...@visi.com>
Subject Re: Set up a custom LoginModule
Date Tue, 15 Jun 2010 22:31:51 GMT

On Jun 15, 2010, at 6:58 AM, J.M. Villagr√° wrote:

> I have found a solution....
> 
> I can login successfully against my LoginModule only if i set up login and
> password in context initialization:
> 
> props.put("openejb.authentication.realmName", "test");
> props.put(Context.SECURITY_PRINCIPAL, "username");
> props.put(Context.SECURITY_CREDENTIALS, "password");

Ah. Somehow I had a brain hiccup and thought you were already doing that.  I looked back and
see I was wrong :)

> Otherwise, if i try to use the LoginContext to init session it does not work
> and i always get "guest"
> 
>     CallbackHandler handler = new CallbackHandler() {
> 
>     @Override
>     public void handle(Callback[] callbacks) throws IOException,
>     UnsupportedCallbackException {
> 
>     Callback[] mcallbacks = callbacks;
> 
>     NameCallback nameCallback = (NameCallback) mcallbacks[0];
>     nameCallback.setName("jm.villagra");
>     }
>     };
> 
>     LoginContext lc = new LoginContext("test", handler);
>     lc.login();
> 
>     Subject sub =  lc.getSubject();

Trick with that is creating a subject doesn't do much but build an instance of subject.  Doesn't
automatically make it so everyone who is interested can see it.

This sort of shows us basically doing the same as you've done above:

  http://svn.apache.org/repos/asf/openejb/trunk/openejb3/container/openejb-core/src/main/java/org/apache/openejb/core/security/SecurityServiceImpl.java

The LocalInitialContextFactory will basically grab your user/pass and call securityService.login
followed by securityService.associate (the magical part that puts the subject on the thread
where openejb can see it) and finally will call securityService.disassociate when someone
calls initialContext.close();


Open to any improvements if you're interested in hacking.  We could easily have several implementations
of SecurityService available for use.  Maybe one that exposes the registerSubject/unregisterSubject
methods.  We just need to have a definition for it in our service-jar.xml file (calling it
'AlternativeSecurityService' for example) and then someone can use it in a test like so:

 Properties props = new Properties();
 props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.apache.openejb.client.LocalInitialContextFactory");
 props.put("mySecurityService", "new://SecurityService?provider=AlternativeSecurityService");
 props.put("mySecurityService.callbackHandler", MyHandler.class.getName());

As well they could set any config properties for it using the standard properties overrides.


-David








Mime
View raw message