Create a custom JAAS module

The following steps will give you an idea of the basic steps involved in creating a custom login module. The following example extends the UsernamePasswordLoginModule out-of-the-box module:

  1. Create a security domain in standalone.xml, as follows:
<security-domain name="customSecurity" cache-type="default">  
   <authentication>
       <login-module code="com.CustomModule" flag="required"/>  
   </authentication>
   <authorization>
       <policy-module code="PermitAll" flag="required"/>   
   </authorization>
</security-domain>
  1. Create a custom login module, as shown:
public class CustomModule extends UsernamePasswordLoginModule{
   @Override
   protected Group[] getRoleSets() throws LoginException {
       SimpleGroup group = new SimpleGroup("Roles");
       try {
          group.addMember(new SimplePrincipal("noGroup"));
       } catch (Exception e) {
          throw new LoginException("Failed to create group member for " + group);
       }
       return new Group[] { group };
   }
   @Override
   protected boolean validatePassword(String inputPassword, String expectedPassword) {
       return true;
   }
   @Override
   protected String getUsersPassword() throws LoginException {
      return "sri";
   }
}
  1. Ways to deploy Custom Login Module:
    • Adding a new module in WildFly
    • If the WAR artifact uses this Login Module, we have to package this as a JAR within the artifact
  2. If the WAR artifact uses this Login Module, make it aware of this security domain through jboss-web.xml, and place this xml inside the WEB-INF directory of the application. Consider the following example:
      <jboss-web>
         <security-domain>java:/jaas/customSecurity</security-domain>
      </jboss-web>
  1. Invoke the custom login module from filter or servlet to perform authentication after clicking on the login button of any custom UI login screen, for example, httpRequest.login("wildfly", "mypassfly");.

  2. Once validated by login module using the validatePassword() and getRoleSets() methods, it matches the roles declared in standalone.xml. The principal object would automatically be available to EJBs and interceptors. Consider this example:

      @Resource
      private javax.ejb.SessionContext sessionContext;
      ...
      String caller = sessionContext.getCallerPrincipal().getName();

These steps can help override other out-of-the-box JAAS login modules.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.133.109.30