Skip to Content
Former Member
Nov 08, 2006 at 08:01 PM

Problem Custom LoginModule



I have created a custom loginmodule per the example is and I successfully deployed it and put in in the login stack. I set up logging to verify that the loginmodule is getting hit and working correctly. It appears that it is.

The problem is that whne I login, it does not goto the main portal screen, it just referes the login screen and returns no login error message. And if I try to login as another portal user, it says that I am already logged in as someone else.

I attached my code below. I think the problem is maybe where I put my loginmodule in the TICKET login stack or the principal object is not getting set right. Appreciate any advice from someone who has done this before. My custom LoginModule is set with a Suffiecent flag at the top of the Ticket login module stack.

Here is the code. Note, everything accodding to the logs appears to be working ok. It logs into an LDAP as Administrator and then looks up the user id. Then it takes the "sapid" attribute and attempts to log the users into the portal with that identity by setting the _sharedState Name and Principal objects:

package testBeacon.LoginModules;


import java.util.Map;








import netscape.ldap.LDAPAttribute;

import netscape.ldap.LDAPConnection;

import netscape.ldap.LDAPEntry;

import netscape.ldap.LDAPException;

import netscape.ldap.LDAPSearchResults;

import netscape.ldap.LDAPv2;




public class NCIDLoginModule extends AbstractLoginModule {


public final static String MISSING_UID = "MISSING_UID";

public final static String MISSING_PASSWORD = "MISSING_PASSWORD";

public final static String USER_AUTH_FAILED = "USER_AUTH_FAILED";

public final static String USERID_NOT_FOUND = "USERID_NOT_FOUND";



public final static String NCID_NOT_FOUND = "NCID_ACCOUNT_NOT_FOUND";

public final static String MULTIPLE_NCIDs = "MULTIPLE NCIDs FOUND";

//Member variables

private Subject _subject = null;

private CallbackHandler _callbackHandler = null;

private Map _sharedState = null;

private Map _options = null;

private String _userId = null;

private String _workforceID = null;

boolean _bSucceeded = false;

public void initialize(

Subject subject,

CallbackHandler callbackHandler,

Map sharedState,

Map options) {


System.out.println("Log1: About to initalize super");

super.initialize(subject, callbackHandler, sharedState, options);


System.out.println("Log2: super initialized ok.");

_callbackHandler = callbackHandler;

_subject = subject;

_sharedState = sharedState;

_options = options;

System.out.println("Log2.1: Initialized_subject object: " + _subject.toString());

System.out.println("Log2.2: Initialized _sharedState object: " + _sharedState.toString() );

System.out.println("Log2.3: Initialized _options: " + _options.toString() );


public boolean login() throws LoginException {

Exception exception_on_the_way = null;

PasswordCallback pwdCallback = new PasswordCallback("Password:", false);

NameCallback userIdCallback = new NameCallback("User:");

Callback[] mycallbacks = new Callback[] { userIdCallback, pwdCallback };


System.out.println("Log3: About to get callbacks.");

try {



System.out.println("Log4: Callbacks recieved ok.");

} catch (IOException e) {

exception_on_the_way = e;

} catch (UnsupportedCallbackException e) {

exception_on_the_way = e;


String uid = userIdCallback.getName();

char[] pwd = pwdCallback.getPassword();


System.out.println("Log5: uid: " + uid + "; pwd: " + pwd.toString());

if (uid.length() == 0){


System.out.println("Log6: Exception Missing UID.");

throw new LoginException(MISSING_UID);


if (pwd.length == 0)



System.out.println("Log7: Execption Missing Password.");

throw new LoginException(MISSING_PASSWORD);


if (exception_on_the_way != null) {

// A productive application should write an entry

// into the trace here


System.out.println("Log8: Exception, could not handle callbacks.");


throw new LoginException("Could not handle callbacks");




System.out.println("Log9: About to declare LDAP Connection obj");

LDAPConnection ld = new LDAPConnection();

boolean blnWFIDFound = false;

try {

// Connect to an LDAP server. */


System.out.println("Log10: About to connect to LDAP");

ld.connect( "", LDAPv2.DEFAULT_PORT );


System.out.println("Log11: Connected to LDAP OK.");

// Authenticate to the server.


System.out.println("Log12: About to Authenticate as Admin in LDAP");

ld.authenticate( "cn=admin,o=myorganization",

"mypassword" );


System.out.println("Log13: Authenticated as Admin OK.");

// Search for all entries with uid = NCID value entered */


System.out.println("Log14: About to Search for user: " + uid);

LDAPSearchResults results = "ou=Users,o=Beacon",

LDAPv2.SCOPE_SUB, "(uid=" + uid.trim() + ")", null, false );

if (results.getCount() == 0) {


System.out.println("Log15: Exception NCID not found!");

throw new LoginException(NCID_NOT_FOUND);


// Get the Workforce ID if tthe uid is unique*/

if (results.getCount() == 1) {


System.out.println("Log16: uid: " + uid + " found.");

LDAPEntry entry =;


System.out.println("Log17: About to get WorkforceID.");

LDAPAttribute attWorkforceID = entry.getAttribute("workforceID");

String strWorkforceIDs[] = attWorkforceID.getStringValueArray();

_workforceID = strWorkforceIDs[0];


System.out.println("Log20: Workforceid=" + _workforceID);


System.out.println("Log20.1: About to clear user cache");


blnWFIDFound = true;


if (results.getCount() > 1) {


System.out.println("Log21: Multiple NCIDs Found.");

throw new LoginException(MULTIPLE_NCIDs);


} catch( LDAPException e ) {


System.out.println("Log22: LDAP Exception");

throw new LoginException("Error: " + e.toString());


// Disconnect from the server when done. */

try {


} catch( LDAPException e ) {


System.out.println("Log23: Error disconnecting from LDAP.");

throw new LoginException("Error: " + e.toString()) ;


if (blnWFIDFound) {

_sharedState.put(AbstractLoginModule.NAME, _workforceID);

_bSucceeded = true;


System.out.println("Log24: _sharedState NAME set to: " + _workforceID);

} else {


System.out.println("Log25: User Auth Failed.");

throw new LoginException(USER_AUTH_FAILED);


return true;


public boolean commit() {

if (_bSucceeded == false) {


System.out.println("Log26: _bSucceeded = false");

return false;

} else {

// add a Principal (authenticated identity) to the Subject

Principal principal = new Principal(_workforceID);


_sharedState.put(AbstractLoginModule.PRINCIPAL, principal);

UserInfo objUser

_sharedState.put("","test" );


System.out.println("Log27: Principal and _sharedState Principle set");


System.out.println("Log27.1:commit: Principal object printout: " + principal.toString());

System.out.println("Log27.2:commit: _sharedState object printout: " + _sharedState.toString());

System.out.println("Log27.3:commit: _subject object printout: " + _subject.toString() );

return true;



public boolean abort() throws LoginException {

if (_bSucceeded) {

_userId = null;

_bSucceeded = false;



System.out.println("Log28: Abort Hit.");

return true;


public boolean logout() throws LoginException {

// Remove principals and credentials from subject

if (_bSucceeded) {


_bSucceeded = false;



System.out.println("Log29: Logout method hit.");

return true;