JaasAuthenticator
From CauchoWiki
Resin provides a JaasAuthenticator for the usage of any JAAS LoginModule. A number of JAAS LoginModule implementations are included with the JDK,
and it is fairly easy to create your own,
Contents |
[edit] Example
[edit] resin-web.xml
<web-app xmlns="http://caucho.com/ns/resin"> <authenticator type="com.caucho.server.security.JaasAuthenticator"> <init> <login-module>com.sun.security.auth.module.Krb5LoginModule</login-module> <init-param> <debug>true</debug> </init-param> </init> </authenticator> </web-app>
[edit] <init-param> directives
<init-param> directives are used to configure the properties of the LoginModule. Existing LoginModules provide documentation of the init-param that are accepted. Custom LoginModule implementations retrieve the init-param values in the initialize method:
[edit] LoginModule implementation retrieves init-param
public void initialize(Subject subject,
CallbackHandler callbackHandler,
Map<String,?> sharedState,
Map<String,?> options)
{
// initialize any configured options
_isDebug = "true".equalsIgnoreCase((String) options.get("debug"));
...
}
[edit] Custom LoginModule
import java.util.*;
import javax.security.auth.*;
import javax.security.auth.spi.*;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;
public class TestLoginModule implements javax.security.auth.spi.LoginModule {
private Subject _subject;
private CallbackHandler _handler;
private Map _state;
private String _userName;
private String _password;
public void initialize(Subject subject,
CallbackHandler handler,
Map sharedState,
Map options)
{
_subject = subject;
_handler = handler;
_state = sharedState;
_userName = (String) _options.get("user");
_password = (String) _options.get("password");
}
public boolean login()
throws LoginException
{
NameCallback name = new NameCallback("");
PasswordCallback password = new PasswordCallback("", false);
_handler.handle(new Callback[] { name, password });
if (_userName.equals(name.getName()) &&
_password.equals(password.getPassword()) {
_subject.getPrincipals().add(new TestPrincipal(_userName));
return true;
}
else
return false;
}
public boolean abort()
{
return true;
}
public boolean commit()
{
return _subject.getPrincipals().size() > 0;
}
public boolean logout()
{
return true;
}
}
[edit] resin-web.xml
<web-app xmlns="http://caucho.com/ns/resin"> <authenticator type="com.caucho.server.security.JaasAuthenticator"> <init> <login-module>example.TestModule</login-module> <init-param> <user>Harry</user> <password>quidditch</password> </init-param> </init> </authenticator> </web-app>
[edit] isUserInRole
The isUserInRole method can be supported by providing either an isUserInRole method in the Principal returned by the LoginModule, or a getRoles() method returning a java.util.Set. (requires 3.0.19)
