Example: A custom authentication token login module

This examples shows how to determine if the login is an initial login or a propagation login.

For information on what to do during initialization, login and commit, see Develop custom login modules for a system login configuration for JAAS.

public customLoginModule() 
  public void initialize(Subject subject, CallbackHandler callbackHandler, 
    Map sharedState, Map options) 
    _sharedState = sharedState;

  public boolean login() throws LoginException 
// Handles the WSTokenHolderCallback to see if this is an initial or 
// propagation login.
    Callback callbacks[] = new Callback[1];
    callbacks[0] = new WSTokenHolderCallback("Authz Token List: ");
    catch (Exception e)
// Handles exception
// Receives the ArrayList of TokenHolder objects (the serialized tokens)
    List authzTokenList = ((WSTokenHolderCallback) callbacks[0]).getTokenHolderList();
    if (authzTokenList != null)
// Iterates through the list looking for the custom token
      for (int i=0; i<authzTokenList.size(); i++)
        TokenHolder tokenHolder = (TokenHolder)authzTokenList.get(i);

// Looks for the name and version of the custom AuthenticationToken
// implementation
        if (tokenHolder.getName().equals("my_oid_name") && tokenHolder.getVersion() == 1)
// Passes the bytes into the custom AuthenticationToken constructor
// to deserialize
          customAuthzToken = new                   

// This is not a propagation login. Create a new instance of the 
// AuthenticationToken implementation
//  Gets the principal from the default AuthenticationToken. This principal
//  should match all default tokens.

WAS runtime only enforces this for // default tokens. Thus, we can choose // to do this for custom tokens, but it is not required. defaultAuthToken = (com.ibm.wsspi.security.token.AuthenticationToken) sharedState.get(com.ibm.wsspi.security.auth.callback.Constants.WSAUTHTOKEN_KEY); String principal = defaultAuthToken.getPrincipal(); // Adds a new custom authentication token. This is an initial login. Pass // the principal into the constructor customAuthToken = new com.ibm.websphere.security.token. CustomAuthenticationTokenImpl(principal); // Adds any initial attributes if (customAuthToken != null) { customAuthToken.addAttribute("key1", "value1"); customAuthToken.addAttribute("key1", "value2"); customAuthToken.addAttribute("key2", "value1"); customAuthToken.addAttribute("key3", "something different"); } } //

We can add the token to the Subject during commit in case // something happens during the login. } public boolean commit() throws LoginException { if (customAuthToken != null) { // Sets the customAuthToken token into the Subject try { private final AuthenticationToken customAuthTokenPriv = customAuthToken; // Do this in a doPrivileged code block so that application code does // not need to add additional permissions java.security.AccessController.doPrivileged(new java.security.PrivilegedAction() { public Object run() { try { // Adds the custom Authentication token if it is not // null and not already in the Subject if ((customAuthTokenPriv != null) && (!subject.getPrivateCredentials(). contains(customAuthTokenPriv))) { subject.getPrivateCredentials().add(customAuthTokenPriv); } } catch (Exception e) { throw new WSLoginFailedException (e.getMessage(), e); } return null; } }); } catch (Exception e) { throw new WSLoginFailedException (e.getMessage(), e); } } } // Defines the login module variables com.ibm.wsspi.security.token.AuthenticationToken customAuthToken = null; com.ibm.wsspi.security.token.AuthenticationToken defaultAuthToken = null; java.util.Map _sharedState = null; }


Related tasks

Develop custom login modules for a system login configuration for JAAS
Implement a custom authentication token for security attribute propagation