Example: custom AuthorizationToken login module
This file shows how to determine if the login is an initial login or a propagation login.
For information on what to do during initialization, login and commit, see Custom login module development for a system login configuration.
public customLoginModule() { public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { _sharedState = sharedState; } public boolean login() throws LoginException { // Handles the WSTokenHolderCallback to see if this is an initial or // propagation login. Callback callbacks[] = new Callback[1]; callbacks[0] = new WSTokenHolderCallback("Authz Token List: "); try { callbackHandler.handle(callbacks); } catch (Exception e) { // Handles exception } // Receives the ArrayList of TokenHolder objects (the serialized tokens) List authzTokenList = ((WSTokenHolderCallback) callbacks[0]).getTokenHolderList(); if (authzTokenList != null) { // Iterates through the list looking for your custom token for (int i=0; i for (int i=0; i<authzTokenList.size(); i++) { TokenHolder tokenHolder = (TokenHolder)authzTokenList.get(i); // Looks for the name and version of your custom AuthorizationToken // implementation if (tokenHolder.getName().equals("com.ibm.websphere.security.token. CustomAuthorizationTokenImpl") && tokenHolder.getVersion() == 1) { // Passes the bytes into your custom AuthorizationToken constructor // to deserialize customAuthzToken = new com.ibm.websphere.security.token.CustomAuthorizationTokenImpl( tokenHolder.getBytes()); } } } else // This is not a propagation login. Create a new instance of your // AuthorizationToken implementation { // Gets the prinicpal from the default AuthenticationToken. This must match // all tokens. defaultAuthToken = (com.ibm.wsspi.security.token.AuthenticationToken) sharedState.get(com.ibm.wsspi.security.auth.callback.Constants.WSAUTHTOKEN_KEY); String principal = defaultAuthToken.getPrincipal(); // Adds a new custom authorization token. This is an initial login. Pass the // principal into the constructor customAuthzToken = new com.ibm.websphere.security.token. CustomAuthorizationTokenImpl(principal); // Adds any initial attributes if (customAuthzToken != null) { customAuthzToken.addAttribute("key1", "value1"); customAuthzToken.addAttribute("key1", "value2"); customAuthzToken.addAttribute("key2", "value1"); customAuthzToken.addAttribute("key3", "something different"); } } //You can add the token to the Subject during commit in case something // happens during the login. } public boolean commit() throws LoginException { if (customAut // (hzToken != null) { // sSets the customAuthzToken token into the Subject try { public final AuthorizationToken customAuthzTokenPriv = customAuthzToken; // Do this in a doPrivileged code block so that application code does not // need to add additional permissions java.security.AccessController.doPrivileged(new java.security.PrivilegedAction() { public Object run() { try { // Adds the custom authorization token if it is not null // and not already in the Subject if ((customAuthzTokenPriv != null) && (!subject.getPrivateCredentials().contains(customAuthzTokenPriv))) { subject.getPrivateCredentials().add(customAuthzTokenPriv); } } catch (Exception e) { throw new WSLoginFailedException (e.getMessage(), e); } return null; } }); } catch (Exception e) { throw new WSLoginFailedException (e.getMessage(), e); } } } // Defines your login module variables com.ibm.wsspi.security.token.AuthorizationToken customAuthzToken = null; com.ibm.wsspi.security.token.AuthenticationToken defaultAuthToken = null; java.util.Map _sharedState = null; }
Related tasks
Implementing a custom authentication token
Related Reference
Custom login module development for a system login configuration
Reference topic