Skip to Content
0
Former Member
Nov 08, 2006 at 08:01 PM

Problem Custom LoginModule

43 Views

Hello,

I have created a custom loginmodule per the example is help.sap.com and service.sap.com/security. I successfully deployed it and put in in the login stack. I set up logging to verify that the loginmodule is getting hit and working correctly. It appears that it is.

The problem is that whne I login, it does not goto the main portal screen, it just referes the login screen and returns no login error message. And if I try to login as another portal user, it says that I am already logged in as someone else.

I attached my code below. I think the problem is maybe where I put my loginmodule in the TICKET login stack or the principal object is not getting set right. Appreciate any advice from someone who has done this before. My custom LoginModule is set with a Suffiecent flag at the top of the Ticket login module stack.

Here is the code. Note, everything accodding to the logs appears to be working ok. It logs into an LDAP as Administrator and then looks up the user id. Then it takes the "sapid" attribute and attempts to log the users into the portal with that identity by setting the _sharedState Name and Principal objects:

package testBeacon.LoginModules;

import java.io.IOException;

import java.util.Map;

import javax.security.auth.Subject;

import javax.security.auth.callback.Callback;

import javax.security.auth.callback.CallbackHandler;

import javax.security.auth.callback.NameCallback;

import javax.security.auth.callback.PasswordCallback;

import javax.security.auth.callback.UnsupportedCallbackException;

import javax.security.auth.login.LoginException;

import netscape.ldap.LDAPAttribute;

import netscape.ldap.LDAPConnection;

import netscape.ldap.LDAPEntry;

import netscape.ldap.LDAPException;

import netscape.ldap.LDAPSearchResults;

import netscape.ldap.LDAPv2;

import com.sap.engine.interfaces.security.auth.AbstractLoginModule;

import com.sap.engine.interfaces.security.userstore.context.UserInfo;

import com.sap.engine.lib.security.Principal;

public class NCIDLoginModule extends AbstractLoginModule {

//Exceptions

public final static String MISSING_UID = "MISSING_UID";

public final static String MISSING_PASSWORD = "MISSING_PASSWORD";

public final static String USER_AUTH_FAILED = "USER_AUTH_FAILED";

public final static String USERID_NOT_FOUND = "USERID_NOT_FOUND";

public final static String ACCOUNT_LOCKED_ADMIN = "ACCOUNT_LOCKED_ADMIN";

public final static String ACCOUNT_LOCKED_LOGON = "ACCOUNT_LOCKED_LOGON";

public final static String NCID_NOT_FOUND = "NCID_ACCOUNT_NOT_FOUND";

public final static String MULTIPLE_NCIDs = "MULTIPLE NCIDs FOUND";

//Member variables

private Subject _subject = null;

private CallbackHandler _callbackHandler = null;

private Map _sharedState = null;

private Map _options = null;

private String _userId = null;

private String _workforceID = null;

boolean _bSucceeded = false;

public void initialize(

Subject subject,

CallbackHandler callbackHandler,

Map sharedState,

Map options) {

//Log1

System.out.println("Log1: About to initalize super");

super.initialize(subject, callbackHandler, sharedState, options);

//Log2

System.out.println("Log2: super initialized ok.");

_callbackHandler = callbackHandler;

_subject = subject;

_sharedState = sharedState;

_options = options;

System.out.println("Log2.1: Initialized_subject object: " + _subject.toString());

System.out.println("Log2.2: Initialized _sharedState object: " + _sharedState.toString() );

System.out.println("Log2.3: Initialized _options: " + _options.toString() );

}

public boolean login() throws LoginException {

Exception exception_on_the_way = null;

PasswordCallback pwdCallback = new PasswordCallback("Password:", false);

NameCallback userIdCallback = new NameCallback("User:");

Callback[] mycallbacks = new Callback[] { userIdCallback, pwdCallback };

//Log3

System.out.println("Log3: About to get callbacks.");

try {

_callbackHandler.handle(mycallbacks);

//Log4

System.out.println("Log4: Callbacks recieved ok.");

} catch (IOException e) {

exception_on_the_way = e;

} catch (UnsupportedCallbackException e) {

exception_on_the_way = e;

}

String uid = userIdCallback.getName();

char[] pwd = pwdCallback.getPassword();

//Log5

System.out.println("Log5: uid: " + uid + "; pwd: " + pwd.toString());

if (uid.length() == 0){

//Log6

System.out.println("Log6: Exception Missing UID.");

throw new LoginException(MISSING_UID);

}

if (pwd.length == 0)

{

//Log7

System.out.println("Log7: Execption Missing Password.");

throw new LoginException(MISSING_PASSWORD);

}

if (exception_on_the_way != null) {

// A productive application should write an entry

// into the trace here

//Log8

System.out.println("Log8: Exception, could not handle callbacks.");

exception_on_the_way.printStackTrace();

throw new LoginException("Could not handle callbacks");

}

pwdCallback.clearPassword();

//Log9

System.out.println("Log9: About to declare LDAP Connection obj");

LDAPConnection ld = new LDAPConnection();

boolean blnWFIDFound = false;

try {

// Connect to an LDAP server. */

//Log10

System.out.println("Log10: About to connect to LDAP");

ld.connect( "myldapserver.com", LDAPv2.DEFAULT_PORT );

//Log11

System.out.println("Log11: Connected to LDAP OK.");

// Authenticate to the server.

//Log12

System.out.println("Log12: About to Authenticate as Admin in LDAP");

ld.authenticate( "cn=admin,o=myorganization",

"mypassword" );

//Log13

System.out.println("Log13: Authenticated as Admin OK.");

// Search for all entries with uid = NCID value entered */

//Log14

System.out.println("Log14: About to Search for user: " + uid);

LDAPSearchResults results = ld.search( "ou=Users,o=Beacon",

LDAPv2.SCOPE_SUB, "(uid=" + uid.trim() + ")", null, false );

if (results.getCount() == 0) {

//Log15

System.out.println("Log15: Exception NCID not found!");

throw new LoginException(NCID_NOT_FOUND);

}

// Get the Workforce ID if tthe uid is unique*/

if (results.getCount() == 1) {

//Log16

System.out.println("Log16: uid: " + uid + " found.");

LDAPEntry entry = results.next();

//Log17

System.out.println("Log17: About to get WorkforceID.");

LDAPAttribute attWorkforceID = entry.getAttribute("workforceID");

String strWorkforceIDs[] = attWorkforceID.getStringValueArray();

_workforceID = strWorkforceIDs[0];

//Log20

System.out.println("Log20: Workforceid=" + _workforceID);

//Log20.1

System.out.println("Log20.1: About to clear user cache");

refreshUserInfo(_workforceID);

blnWFIDFound = true;

}

if (results.getCount() > 1) {

//Log21

System.out.println("Log21: Multiple NCIDs Found.");

throw new LoginException(MULTIPLE_NCIDs);

}

} catch( LDAPException e ) {

//Log22

System.out.println("Log22: LDAP Exception");

throw new LoginException("Error: " + e.toString());

}

// Disconnect from the server when done. */

try {

ld.disconnect();

} catch( LDAPException e ) {

//Log23

System.out.println("Log23: Error disconnecting from LDAP.");

throw new LoginException("Error: " + e.toString()) ;

}

if (blnWFIDFound) {

_sharedState.put(AbstractLoginModule.NAME, _workforceID);

_bSucceeded = true;

//Log24

System.out.println("Log24: _sharedState NAME set to: " + _workforceID);

} else {

//Log25

System.out.println("Log25: User Auth Failed.");

throw new LoginException(USER_AUTH_FAILED);

}

return true;

}

public boolean commit() {

if (_bSucceeded == false) {

//Log26

System.out.println("Log26: _bSucceeded = false");

return false;

} else {

// add a Principal (authenticated identity) to the Subject

Principal principal = new Principal(_workforceID);

_subject.getPrincipals().add(principal);

_sharedState.put(AbstractLoginModule.PRINCIPAL, principal);

UserInfo objUser

_sharedState.put("com.sap.engine.security.UserInfo","test" );

//Log27

System.out.println("Log27: Principal and _sharedState Principle set");

//Log27.1

System.out.println("Log27.1:commit: Principal object printout: " + principal.toString());

System.out.println("Log27.2:commit: _sharedState object printout: " + _sharedState.toString());

System.out.println("Log27.3:commit: _subject object printout: " + _subject.toString() );

return true;

}

}

public boolean abort() throws LoginException {

if (_bSucceeded) {

_userId = null;

_bSucceeded = false;

}

//Log28

System.out.println("Log28: Abort Hit.");

return true;

}

public boolean logout() throws LoginException {

// Remove principals and credentials from subject

if (_bSucceeded) {

_subject.getPrincipals(com.sap.engine.lib.security.Principal.class).clear();

_bSucceeded = false;

}

//Log29

System.out.println("Log29: Logout method hit.");

return true;

}

}