Example: Sample login configuration for RMI

WAS v8.5 > Reference > Administrator examples
Example: Sample login configuration for RMI_OUTBOUND

This example shows a sample login configuration for RMI_OUTBOUND that determines whether the realm names match between two servers.
public customLoginModule() 
{
 public void initialize(Subject subject, CallbackHandler callbackHandler, 
     Map sharedState, Map options) 
 {
     // (For more information on what to do during initialization, see 
     //  Develop custom login modules for a system login configuration for JAAS.)
 }

 public boolean login() throws LoginException 
 {
     // (For more information on what to do during login, see      //  Develop custom login modules for a system login configuration for JAAS.)

  // Gets the WSProtocolPolicyCallback object   Callback callbacks[] = new Callback[1];
   callbacks[0] = new com.ibm.wsspi.security.auth.callback.
          WSProtocolPolicyCallback("Protocol Policy Callback: ");
         
  try   {
   callbackHandler.handle(callbacks);
  } 
  catch (Exception e)
  {
   // Handles the exception   } 
            
     // Receives the RMI (CSIv2) policy object for checking the target realm 
     // based upon information from the IOR.
     // Note: This object can be used to perform additional security checks. 
     // See the API documentation for 
     // more information.
  csiv2PerformPolicy = (CSIv2PerformPolicy) ((WSProtocolPolicyCallback)callbacks[0]).
        getProtocolPolicy();
        
  // Checks if the realms do not match. If they do not match, then log in to 
     // perform a mapping   if (!csiv2PerformPolicy.getTargetSecurityName().equalsIgnoreCase(csiv2PerformPolicy.
         getCurrentSecurityName()))
  {
   try    {
    // Do some custom realm -> user ID and password mapping     MyBasicAuthDataObject myBasicAuthData = MyMappingLogin.lookup     
          (csiv2PerformPolicy.getTargetSecurityName());

          // Creates the login context with basic authentication data gathered from 
          // custom mapping      javax.security.auth.login.LoginContext ctx = new LoginContext("WSLogin",
      new WSCallbackHandlerImpl(myBasicAuthData.userid, 
        csiv2PerformPolicy.getTargetSecurityName(), 
                    myBasicAuthData.password));

     // Starts the login 
     ctx.login();

             // Gets the Subject from the context. This subject is used to replace 
             // the passed-in Subject during the commit phase.
     basic_auth_subject = ctx.getSubject();
    } 
    catch (javax.security.auth.login.LoginException e)
    {
     throw new com.ibm.websphere.security.auth.
               WSLoginFailedException (e.getMessage(), e);
    }
  }
 }

 public boolean commit() throws LoginException 
 {
     // (For more information on what to do during commit, see      //  Develop custom login modules for a system login configuration for JAAS.)

  if (basic_auth_subject != null)
  {
       // Removes everything from the current Subject and adds everything from the 
       // basic_auth_subject
   try    {
    public final Subject basic_auth_subject_priv = basic_auth_subject;
          // Do this in a doPrivileged code block so that application code 
          // does not need to add additional permissions     java.security.AccessController.doPrivileged(new java.security.
             PrivilegedExceptionAction() 
    {
     public Object run() throws WSLoginFailedException
     {
               // Removes everything user-specific from the current outbound                // Subject. This a temporary Subject for this specific invocation 
               // so you are not affecting the Subject set on the thread. You may 
               // keep any custom objects to propagate in the Subject. 
               // This example removes everything and adds just the new information 
               // back in.
      try       {
       subject.getPublicCredentials().clear();
       subject.getPrivateCredentials().clear();
       subject.getPrincipals().clear();
      } 
      catch (Exception e)
      {
       throw new WSLoginFailedException (e.getMessage(), e);
      }

               // Adds everything from basic_auth_subject into the login subject.
               // This completes the mapping to the new user.
      try       {
       subject.getPublicCredentials().addAll(basic_auth_subject.
                   getPublicCredentials());
       subject.getPrivateCredentials().addAll(basic_auth_subject.
                   getPrivateCredentials());
       subject.getPrincipals().addAll(basic_auth_subject.
                   getPrincipals());
      } 
      catch (Exception e)
      {
       throw new WSLoginFailedException (e.getMessage(), e);
      }

      return null;
     }
    });
   }
   catch (PrivilegedActionException e)
   {
    throw new WSLoginFailedException (e.getException().getMessage(), 
             e.getException());
   }
  }
 }

 // Defines the login module variables  com.ibm.wsspi.security.csiv2.CSIv2PerformPolicy csiv2PerformPolicy = null;
 javax.security.auth.Subject basic_auth_subject = null;}
Configure outbound identity mapping to a different target realm
Develop custom login modules for a system login configuration for JAAS
Example: Sample login configuration for RMI_OUTBOUND

Related
