Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Other Security APIs, Tools, and Issues

JAAS Authentication & Struts

I have custom LoginModule and some action with role="catalogManager". When I authenticate a user and trying to access this restricted acrion I always have 403 forbidden, but CustomPrincipal with name "catalogManager" already in Subject. What wrong here?

There some code:

public class ServiceLoginModule implements LoginModule {

private ServiceLocator serviceLocator;

private Subject subject;

private CallbackHandler handler;

private Map sharedState;

private Map options;

private boolean succeeded = false;

private String login;

/** Creates a new instance of ServiceAuthModule */

public ServiceLoginModule() {

}

public void initialize(Subject subject, CallbackHandler handler,

Map sharedState, Map options) {

this.subject = subject;

this.handler = handler;

this.sharedState = sharedState;

this.options = options;

}

public boolean login() throws LoginException {

try {

Callback[] callbacks = new Callback[] {

new NameCallback("Login:"), new PasswordCallback("Password:", false)

};

handler.handle(callbacks);

NameCallback nc = (NameCallback) callbacks[0];

PasswordCallback pc = (PasswordCallback) callbacks[1];

login = nc.getName();

succeeded = validate(nc.getName(), pc.getPassword());

return succeeded;

} catch (Exception e) {

throw new LoginException(e.getMessage());

}

}

public boolean logout() throws LoginException {

subject.getPrincipals().clear();

return true;

}

public boolean commit() throws LoginException {

if (!succeeded) {

return false;

}

subject.getPrincipals().add(new ServicePrincipal("catalogManager"));

return true;

}

public boolean abort() throws LoginException {

//logout();

return true;

}

private boolean validate(String login, char[] password) throws Exception {

return lookupAccountServiceBean().authenticate(login, password.toString());

}

}

ACTION

public class LoginAction extends Action {

/** Creates a new instance of LoginAction */

public LoginAction() {

}

public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request,

// ...

HttpServletResponse response) throws Exception {

LoginContext lc = new LoginContext("myRealm", new AuthHandler(login, password.toCharArray()));

lc.login();

return mapping.findForward("loginSuccess");

}

}

[2592 byte] By [ZveNa] at [2007-10-1 20:52:41]
«« primitive data type casting
»» Can someone help me!!!
# 1
Hi,does your J2EE container support principal to role mapping ? If not you still can create a custom RequestProcessor implementation for Struts that uses JAAS instead of J2EE roles for authorization.Frank
fnimphiua at 2007-7-13 2:50:13 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
Security
Other Security APIs, Tools, and Issues

Security New Topic

Security Hot Topic

Security

All Classified