+

Search Tips   |   Advanced Search

 

Example: Sample login configuration for RMI_OUTBOUND

 

This example shows a sample login configuration for RMI_OUTBOUND that determines whether the realm names match between two servers.

public customLoginModule() 
{
  public void initialize(Subject subject, CallbackHandler callbackHandler, 
     Map sharedState, Map options) 
  {
     // (For more information on what to do during initialization, see 
     // Custom login module development for a system login configuration.)
  }

  public boolean login() throws LoginException 
  {
     // (For more information on what to do during login, see
     // Custom login module development for a system login configuration.)

    // Gets the WSProtocolPolicyCallback object
    Callback callbacks[] = new Callback[1];
      callbacks[0] = new com.ibm.wsspi.security.auth.callback.
          WSProtocolPolicyCallback("Protocol Policy Callback: ");
          
    try
    {
      callbackHandler.handle(callbacks);
    } 
    catch (Exception e)
    {
      // Handles the exception
    } 
            
     // Receives the RMI (CSIv2) policy object for checking the target realm 
     // based upon information from the IOR.
     //

This object can be used to perform additional security checks. // See the API documentation for // more information. csiv2PerformPolicy = (CSIv2PerformPolicy) ((WSProtocolPolicyCallback)callbacks[0]). getProtocolPolicy(); // Checks if the realms do not match. If they do not match, then log in to // perform a mapping if (!csiv2PerformPolicy.getTargetSecurityName().equalsIgnoreCase(csiv2PerformPolicy. getCurrentSecurityName())) { try { // Do some custom realm -> user ID and password mapping MyBasicAuthDataObject myBasicAuthData = MyMappingLogin.lookup (csiv2PerformPolicy.getTargetSecurityName()); // Creates the login context with basic authentication data gathered from // custom mapping javax.security.auth.login.LoginContext ctx = new LoginContext("WSLogin", new WSCallbackHandlerImpl(myBasicAuthData.userid, csiv2PerformPolicy.getTargetSecurityName(), myBasicAuthData.password)); // Starts the login ctx.login(); // Gets the Subject from the context. This subject is used to replace // the passed-in Subject during the commit phase. basic_auth_subject = ctx.getSubject(); } catch (javax.security.auth.login.LoginException e) { throw new com.ibm.websphere.security.auth. WSLoginFailedException (e.getMessage(), e); } } } public boolean commit() throws LoginException { // (For more information on what to do during commit, see // Custom login module development for a system login configuration.) if (basic_auth_subject != null) { // Removes everything from the current Subject and adds everything from the // basic_auth_subject try { public final Subject basic_auth_subject_priv = basic_auth_subject; // Do this in a doPrivileged code block so that application code // does not need to add additional permissions java.security.AccessController.doPrivileged(new java.security. PrivilegedExceptionAction() { public Object run() throws WSLoginFailedException { // Removes everything user-specific from the current outbound // Subject. This a temporary Subject for this specific invocation // so you are not affecting the Subject set on the thread. You may // keep any custom objects to propagate in the Subject. // This example removes everything and adds just the new information // back in. try { subject.getPublicCredentials().clear(); subject.getPrivateCredentials().clear(); subject.getPrincipals().clear(); } catch (Exception e) { throw new WSLoginFailedException (e.getMessage(), e); } // Adds everything from basic_auth_subject into the login subject. // This completes the mapping to the new user. try { subject.getPublicCredentials().addAll(basic_auth_subject. getPublicCredentials()); subject.getPrivateCredentials().addAll(basic_auth_subject. getPrivateCredentials()); subject.getPrincipals().addAll(basic_auth_subject. getPrincipals()); } catch (Exception e) { throw new WSLoginFailedException (e.getMessage(), e); } return null; } }); } catch (PrivilegedActionException e) { throw new WSLoginFailedException (e.getException().getMessage(), e.getException()); } } } // Defines your login module variables com.ibm.wsspi.security.csiv2.CSIv2PerformPolicy csiv2PerformPolicy = null; javax.security.auth.Subject basic_auth_subject = null; }




 

Related tasks


Configure outbound mapping to a different target realm

 

Related Reference


Custom login module development for a system login configuration

 

Reference topic