I've been gone through the same problem. But I can't find what I've been doing wrong!
Some months ago I developed a LoginModule to a WebApplication and now I had to do the same, but it is not working. Have I forgotten something?
I am using Glasshfish 2.1.
This is my Realm class:
public class MyRealm extends AppservRealm {
private String jaasCtxName;
private String startsWith;
public MyRealm() {
}
@Override
protected void init(Properties props) throws BadRealmException, NoSuchRealmException {
jaasCtxName = props.getProperty(AppservRealm.JAAS_CONTEXT_PARAM, "myRealm");
startsWith = props.getProperty("startsWith", "123");
}
@Override
public String getAuthType() {
return "My Realm";
}
@Override
public Enumeration getGroupNames(String arg0) throws InvalidOperationException, NoSuchUserException {
List groupNames = new LinkedList();
return (Enumeration) groupNames;
}
public String getStartsWith() {
return startsWith;
}
}
I have created a realm called “myRealm” through the admin console and mapped to the class above and set the two properties. I've also added this to login.conf file:
myRealm {
myapp.security.MyLoginModule required;
};
Here is the code for my Login Module:
public class MyLoginModule extends AppservPasswordLoginModule {
public MyLoginModule() {
System.out.println(">>>>>>>>>> I could never see this line in my log file! :(");
}
@Override
protected void authenticateUser() throws LoginException {
try {
MyRealm realm = (MyRealm) _currentRealm;
if (!_password.startsWith(realm.getStartsWith()) {
throw new LoginException("Invalid credentials.");
}
Principal principal = new PrincipalImpl(_username);
Set<Principal> principals = _subject.getPrincipals();
principals.add(principal);
String grpList[] = new String[1];
grpList[0] = "User";
this.commitUserAuthentication(grpList);
} catch (Exception e) {
e.printStackTrace();
}
}
}
I set my web.xml to this:
<security-constraint>
<display-name>All users.</display-name>
<web-resource-collection>
<web-resource-name>Authenticated users area</web-resource-name>
<description />
<url-pattern>/users/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Only authenticated users.</description>
<role-name>User</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>myRealm</realm-name>
<form-login-config>
<form-login-page>/index.jsp</form-login-page>
<form-error-page>/index.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description />
<role-name>User</role-name>
</security-role>
In order to call do the authentication, I grand permission on server.policy:
grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-apps/myApp/-" {
permission com.sun.appserv.security.ProgrammaticLoginPermission
"login";
};
Both classes (MyRealm and MyLoginModule) are in a jar file in ${com.sun.aas.instanceRoot}/lib/.
And that's how I call the login (Java Server Faces used):
ProgrammaticLogin pl = new ProgrammaticLogin();
HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
HttpServletResponse response = (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse();
if (pl.login((String) username.getValue(), (String) password.getValue(), "myRealm", request, response, true).booleanValue()) {
...
}
[Message sent by forum member 'mzugaib1982' ]
http://forums.java.net/jive/thread.jspa?messageID=374961