This example shows how to determine if the login is an initial login or a propagation login.
public customLoginModule()
{
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options)
{
// (For more information on what to do during initialization, see
// Custom login module development for a system login configuration.)
_sharedState = sharedState;
}
public boolean login() throws LoginException
{
// (For information on what to do during login, see
// Custom login module development for a system login configuration.)
// Handles the WSTokenHolderCallback to see if this is an initial or
// propagation login.
Callback callbacks[] = new Callback[1];
callbacks[0] = new WSTokenHolderCallback("Authz Token List: ");
try
{
callbackHandler.handle(callbacks);
}
catch (Exception e)
{
// Handles exception
}
// Receives the ArrayList of TokenHolder objects (the serialized tokens)
List authzTokenList = ((WSTokenHolderCallback) callbacks[0]).getTokenHolderList();
if (authzTokenList != null)
{
// Iterates through the list looking for your custom token
for (int i=0; i<authzTokenList.size(); i++)
{
TokenHolder tokenHolder = (TokenHolder)authzTokenList.get(i);
// Looks for the name and version of your custom AuthenticationToken
// implementation
if (tokenHolder.getName().equals("your_oid_name") && tokenHolder.getVersion() == 1)
{
// Passes the bytes into your custom AuthenticationToken constructor
// to deserialize
customAuthzToken = new
com.ibm.websphere.security.token.
CustomAuthenticationTokenImpl(tokenHolder.getBytes());
}
}
}
else
// This is not a propagation login. Create a new instance of your
// AuthenticationToken implementation
{
// Gets the principal from the default AuthenticationToken. This principal
// should match all default tokens.
// Note: WebSphere Application Server run time only enforces this for
// default tokens. Thus, you can choose
// to do this for custom tokens, but it is not required.
defaultAuthToken = (com.ibm.wsspi.security.token.AuthenticationToken)
sharedState.get(com.ibm.wsspi.security.auth.callback.Constants.WSAUTHTOKEN_KEY);
String principal = defaultAuthToken.getPrincipal();
// Adds a new custom authentication token. This is an initial login. Pass
// the principal into the constructor
customAuthToken = new com.ibm.websphere.security.token.
CustomAuthenticationTokenImpl(principal);
// Adds any initial attributes
if (customAuthToken != null)
{
customAuthToken.addAttribute("key1", "value1");
customAuthToken.addAttribute("key1", "value2");
customAuthToken.addAttribute("key2", "value1");
customAuthToken.addAttribute("key3", "something different");
}
}
// Note: You can add the token to the Subject during commit in case
// something happens during the login.
}
public boolean commit() throws LoginException
{
// (For more information on what to do during commit, see
// Custom login module development for a system login configuration.)
if (customAuthToken != null)
{
// Sets the customAuthToken token into the Subject
try
{
private final AuthenticationToken customAuthTokenPriv = customAuthToken;
// Do this in a doPrivileged code block so that application code does
// not need to add additional permissions
java.security.AccessController.doPrivileged(new java.security.PrivilegedAction()
{
public Object run()
{
try
{
// Adds the custom Authentication token if it is not
// null and not already in the Subject
if ((customAuthTokenPriv != null) &&
(!subject.getPrivateCredentials().
contains(customAuthTokenPriv)))
{
subject.getPrivateCredentials().add(customAuthTokenPriv);
}
}
catch (Exception e)
{
throw new WSLoginFailedException (e.getMessage(), e);
}
return null;
}
});
}
catch (Exception e)
{
throw new WSLoginFailedException (e.getMessage(), e);
}
}
}
// Defines your login module variables
com.ibm.wsspi.security.token.AuthenticationToken customAuthToken = null;
com.ibm.wsspi.security.token.AuthenticationToken defaultAuthToken = null;
java.util.Map _sharedState = null;
}
Related tasks
Implementing a custom authentication token
Related reference
Custom login module development for a system login configuration