Example: Sample login configuration for RMI_OUTBOUND
This example shows a sample login configuration for RMI_OUTBOUND that determines whether the realm names match between two servers.
public customLoginModule()
{
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options)
{
// (For more information on what to do during initialization, see
// Custom login module development for a system login configuration.)
}
public boolean login() throws LoginException
{
// (For more information on what to do during login, see
// Custom login module development for a system login configuration.)
// Gets the WSProtocolPolicyCallback object
Callback callbacks[] = new Callback[1];
callbacks[0] = new com.ibm.wsspi.security.auth.callback.
WSProtocolPolicyCallback("Protocol Policy Callback: ");
try
{
callbackHandler.handle(callbacks);
}
catch (Exception e)
{
// Handles the exception
}
// Receives the RMI (CSIv2) policy object for checking the target realm
// based upon information from the IOR.
//Note: This object can be used to perform additional security checks.
// See the Javadoc for more information.
csiv2PerformPolicy = (CSIv2PerformPolicy) ((WSProtocolPolicyCallback)callbacks[0]).
getProtocolPolicy();
// Checks if the realms do not match. If they do not match, then login to
// perform a mapping
if (!csiv2PerformPolicy.getTargetSecurityName().equalsIgnoreCase(csiv2PerformPolicy.
getCurrentSecurityName()))
{
try
{
// Do some custom realm -> user ID and password mapping
MyBasicAuthDataObject myBasicAuthData = MyMappingLogin.lookup
(csiv2PerformPolicy.getTargetSecurityName());
// Creates the login context with basic authentication data gathered from
// custom mapping
javax.security.auth.login.LoginContext ctx = new LoginContext("WSLogin",
new WSCallbackHandlerImpl(myBasicAuthData.userid,
csiv2PerformPolicy.getTargetSecurityName(),
myBasicAuthData.password));
// Starts the login
ctx.login();
// Gets the Subject from the context. This subject is used to replace
// the passed-in Subject during the commit phase.
basic_auth_subject = ctx.getSubject();
}
catch (javax.security.auth.login.LoginException e)
{
throw new com.ibm.websphere.security.auth.
WSLoginFailedException (e.getMessage(), e);
}
}
}
public boolean commit() throws LoginException
{
// (For more information on what to do during commit, see
// Custom login module development for a system login configuration.)
if (basic_auth_subject != null)
{
// Removes everything from the current Subject and adds everything from the
// basic_auth_subject
try
{
public final Subject basic_auth_subject_priv = basic_auth_subject;
// Do this in a doPrivileged code block so that application code
// does not need to add additional permissions
java.security.AccessController.doPrivileged(new java.security.
PrivilegedExceptionAction()
{
public Object run() throws WSLoginFailedException
{
// Removes everything user-specific from the current outbound
// Subject. This a temporary Subject for this specific invocation
// so you are not affecting the Subject set on the thread. You may
// keep any custom objects that you want to propagate in the Subject.
// This example removes everything and adds just the new information
// back in.
try
{
subject.getPublicCredentials().clear();
subject.getPrivateCredentials().clear();
subject.getPrincipals().clear();
}
catch (Exception e)
{
throw new WSLoginFailedException (e.getMessage(), e);
}
// Adds everything from basic_auth_subject into the login subject.
// This completes the mapping to the new user.
try
{
subject.getPublicCredentials().addAll(basic_auth_subject.
getPublicCredentials());
subject.getPrivateCredentials().addAll(basic_auth_subject.
getPrivateCredentials());
subject.getPrincipals().addAll(basic_auth_subject.
getPrincipals());
}
catch (Exception e)
{
throw new WSLoginFailedException (e.getMessage(), e);
}
return null;
}
});
}
catch (PrivilegedActionException e)
{
throw new WSLoginFailedException (e.getException().getMessage(),
e.getException());
}
}
}
// Defines your login module variables
com.ibm.wsspi.security.csiv2.CSIv2PerformPolicy csiv2PerformPolicy = null;
javax.security.auth.Subject basic_auth_subject = null;
}
See Also
Custom login module development for a system login configuration