Example: custom AuthorizationToken login module


This file shows how to determine if the login is an initial login or a propagation login.

For information on what to do during initialization, login and commit, see Develop custom login modules for a system login configuration for JAAS.

public customLoginModule() 
{
  public void initialize(Subject subject, CallbackHandler callbackHandler, 
     Map sharedState, Map options) 
  {
    _sharedState = sharedState;
  }

  public boolean login() throws LoginException 
  {
    
// Handles the WSTokenHolderCallback to see if this is an initial or 
     
// propagation login.
    Callback callbacks[] = new Callback[1];
    callbacks[0] = new WSTokenHolderCallback("Authz Token List: ");
          
    try
    {
      callbackHandler.handle(callbacks);
    } 
    catch (Exception e)
    {
      
// Handles exception
    } 
            
    
// Receives the ArrayList of TokenHolder objects (the serialized tokens)
    List authzTokenList = ((WSTokenHolderCallback) callbacks[0]).getTokenHolderList();
        
    if (authzTokenList != null)
    {
      
// Iterates through the list looking for the custom token
      for (int i=0; i
      for (int i=0; i<authzTokenList.size(); i++)
      {
        TokenHolder tokenHolder = (TokenHolder)authzTokenList.get(i);

          
// Looks for the name and version of the custom AuthorizationToken
          
// implementation
        if (tokenHolder.getName().equals("com.ibm.websphere.security.token.
             CustomAuthorizationTokenImpl") &&
            tokenHolder.getVersion() == 1)
        {
            
// Passes the bytes into the custom AuthorizationToken constructor
            
// to deserialize
          customAuthzToken = new                   
            com.ibm.websphere.security.token.CustomAuthorizationTokenImpl(
                   tokenHolder.getBytes());

        }
      }
    }
    else 
     
// This is not a propagation login. Create a new instance of the      
     
// AuthorizationToken implementation
    {
       
// Gets the prinicpal from the default AuthenticationToken. This must match 
       
// all tokens.
      defaultAuthToken = (com.ibm.wsspi.security.token.AuthenticationToken) 
        sharedState.get(com.ibm.wsspi.security.auth.callback.Constants.WSAUTHTOKEN_KEY);
      String principal = defaultAuthToken.getPrincipal();

      
// Adds a new custom authorization token. This is an initial login. Pass the        
      
// principal into the constructor 
      customAuthzToken = new com.ibm.websphere.security.token.
           CustomAuthorizationTokenImpl(principal);

      
// Adds any initial attributes
      if (customAuthzToken != null)
      {
        customAuthzToken.addAttribute("key1", "value1");
        customAuthzToken.addAttribute("key1", "value2");
        customAuthzToken.addAttribute("key2", "value1");
        customAuthzToken.addAttribute("key3", "something different");
      }
    }

     
// 

We can add the token to the Subject during commit in case something // happens during the login. } public boolean commit() throws LoginException { if (customAut // (hzToken != null) { // sSets the customAuthzToken token into the Subject try { public final AuthorizationToken customAuthzTokenPriv = customAuthzToken; // Do this in a doPrivileged code block so that application code does not // need to add additional permissions java.security.AccessController.doPrivileged(new java.security.PrivilegedAction() { public Object run() { try { // Adds the custom authorization token if it is not null // and not already in the Subject if ((customAuthzTokenPriv != null) && (!subject.getPrivateCredentials().contains(customAuthzTokenPriv))) { subject.getPrivateCredentials().add(customAuthzTokenPriv); } } catch (Exception e) { throw new WSLoginFailedException (e.getMessage(), e); } return null; } }); } catch (Exception e) { throw new WSLoginFailedException (e.getMessage(), e); } } } // Defines the login module variables com.ibm.wsspi.security.token.AuthorizationToken customAuthzToken = null; com.ibm.wsspi.security.token.AuthenticationToken defaultAuthToken = null; java.util.Map _sharedState = null; }





 

Related tasks


Develop custom login modules for a system login configuration for JAAS
Implement a custom authentication token for security attribute propagation