Example: A custom single sign-on token login module

This file shows how to determine if the login is an initial login or a propagation login.

For information on initialization and on what to do during login and commit, see Desenvolvendo Módulos de Login Customizado para uma Configuração de Login do Sistema para JAAS.

public customLoginModule() 
{
	public void initialize(Subject subject, CallbackHandler callbackHandler, 
     Map sharedState, Map options) 
	{
		_sharedState = sharedState;
	}

	public boolean login() throws LoginException 
	{
     // Handles the WSTokenHolderCallback to see if this is an initial or 
     // propagation login.
		Callback callbacks[] = new Callback[1];
		callbacks[0] = new WSTokenHolderCallback("Authz Token List: ");
	        
		try
		{
			callbackHandler.handle(callbacks);
		} 
		catch (Exception e)
		{
			// handle exception
		} 
            
		// Receives the ArrayList of TokenHolder objects (the serialized tokens)
		List authzTokenList = ((WSTokenHolderCallback) callbacks[0]).getTokenHolderList();
        
		if (authzTokenList != null)
		{
			// iterate through the list looking for your custom token
			for (int i=0; i
			for (int i=0; i<authzTokenList.size(); i++)
			{
				TokenHolder tokenHolder = (TokenHolder)authzTokenList.get(i);

				// Looks for the name and version of your custom SingleSignonToken 
          // implementation
				if (tokenHolder.getName().equals("myCookieName") 
              && tokenHolder.getVersion() == 1)
				{
					// Passes the bytes into your custom SingleSignonToken constructor 
            // to deserialize
					customSSOToken = new 									
						com.ibm.websphere.security.token.CustomSingleSignonTokenImpl
                   (tokenHolder.getBytes());

				}
			}
		}
		else 
          // This is not a propagation login. Create a new instance of your 
          // SingleSignonToken implementation
		{
       // Gets the principal from the default SingleSignonToken. This principal
       //  must match all tokens.
			defaultAuthToken = (com.ibm.wsspi.security.token.AuthenticationToken) 
				sharedState.get(com.ibm.wsspi.security.auth.callback.Constants.WSAUTHTOKEN_KEY);
			String principal = defaultAuthToken.getPrincipal();

			// Adds a new custom single sign-on (SSO) token. This is an initial login. 
       //  Pass the principal into the constructor 
			customSSOToken = new com.ibm.websphere.security.token.
           CustomSingleSignonTokenImpl(principal);

			// add any initial attributes
			if (customSSOToken != null)
			{
				customSSOToken.addAttribute("key1", "value1");
				customSSOToken.addAttribute("key1", "value2");
				customSSOToken.addAttribute("key2", "value1");
				customSSOToken.addAttribute("key3", "something different");
			}
		}

     // Note: You can add the token to the Subject during commit in case something
     // happens during the login.
	}

	public boolean commit() throws LoginException 
	{
		if (customSSOToken != null)
		{
			// Sets the customSSOToken token into the Subject
			try
			{
				public final SingleSignonToken customSSOTokenPriv = customSSOToken;
          // Do this in a doPrivileged code block so that application code does not
          // need to add additional permissions
				java.security.AccessController.doPrivileged(new java.security.PrivilegedAction() 
				{
					public Object run() 
					{
						try
						{
							// Adds the custom SSO token if it is not null and 
                 //  not already in the Subject
                          						if ((customSSOTokenPriv != null) &&
									(!subject.getPrivateCredentials().
                          contains(customSSOTokenPriv)))
							{
								subject.getPrivateCredentials().
                      add(customSSOTokenPriv);
							}
						} 
						catch (Exception e)
						{
							throw new WSLoginFailedException (e.getMessage(), e);
						}

						return null;
					}
				});
			}
			catch (Exception e)
			{
				throw new WSLoginFailedException (e.getMessage(), e);
			}
		}
	}

	// Defines your login module variables
	com.ibm.wsspi.security.token.SingleSignonToken customSSOToken = null;
	com.ibm.wsspi.security.token.AuthenticationToken defaultAuthToken = null;
	java.util.Map _sharedState = null;
}

Ícone que indica o tipo de tópico Tópico de Referência



Ícone de registro de data e hora Última atualização: July 9, 2016 8:00
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=xsec_custssotokenlmodule
Nome do arquivo: xsec_custssotokenlmodule.html