Right now in my SAM's validateRequest method, I have this code (from
http://epicjava.blogspot.com/2012/03/using-jaasjacc-on-glassfish-312-for_07.html)
LoginContext context = new LoginContext("yourRealmname", clientSubject, new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback c : callbacks) {
if (c instanceof PasswordCallback) {
PasswordCallback pc = (PasswordCallback) c;
pc.setPassword(password.toCharArray());
} else if (c instanceof NameCallback) {
NameCallback pc = (NameCallback) c;
pc.setName(username);
} else {
throw new UnsupportedCallbackException(c);
}
}
}
});
context.login();
Then in the LoginModule is simply the SampleLoginModule from oracle,
http://docs.oracle.com/javase/6/docs/technotes/guides/security/jaas/tutorials/SampleLoginModule.java
Derek
On Sep 19, 2012, at 3:15 AM, KumarJayanti <v.b.kumar.jayanti_at_oracle.com> wrote:
>
> On Sep 19, 2012, at 3:34 PM, Derek Knapp wrote:
>
>> Thanks for the reply! It's good to know I'm on the right path :)
>>
>> I am a curious about how / why Glassfish automatically determines the Principal (the one in request.getUserPrincipal()).
>>
>> Since a subject is capable of having multiple principals, how does Glassfish determine which one to return?
>>
>> It seems strange to me that the Principal is automatically set, but the groups are not.. I assume this is more of JSR 196 question than Glassgish specific?
>
> Glassfish does not set the principal, you need to use the CallerPrincipalCallback to set it. Can you explain what you are observing.
>
>
>
>
>>
>>
>> Thanks,
>>
>> Derek
>>
>>
>> On Sep 19, 2012, at 2:59 AM, KumarJayanti <v.b.kumar.jayanti_at_oracle.com> wrote:
>>
>>>
>>> On Sep 19, 2012, at 3:19 PM, Derek Knapp wrote:
>>>
>>>> I am having a hard time understanding how Groups are set in the LoginModule.
>>>>
>>>> I have a class that implements the java.security.acl.Group, and I add it to the subject in my LoginModule.. but that doesn't seem to do anything.
>>>>
>>>> Do I need to do something in my SAM to handle the Group myself? I know if I add the following code to my validateRequest method in my SAM, it works as expected...
>>>>
>>>>
>>>> String[] group = {"users"};
>>>> handler.handle(new Callback[] { new GroupPrincipalCallback(clientSubject, group) });
>>>>
>>>>
>>>> So I am starting to think that I need to call the subject.getPrincipals(Group.class) and return a list of the groups in the GroupPrincipalCallback myself.. but I am not sure this is the "right" way to do this...
>>>
>>> Yes that is the right way. The SAM is responsible for setting the groups into the subject via the GroupPrincipalCallback.
>>>
>>
>