Skip to Content
author's profile photo Former Member
Former Member

Using custom LoginModule

Hi all,

I've got a question concerning custom LoginModules. We implemented a LoginModule as part of an application which uses a jaas.policy to find the appropriate class:

***jaas.policy ***

XYZLoginModule{

com.my.path.to.a.class.LDAPLoginModule required debug=true;

};

**Authentication EJB**

import javax.security.auth.login.LoginContext; [...]

//This one returns the path to jaas.policy

String path = IKPropertyHandlerManager.init().getPropertyFilePath("jaas.policy","conf/security");

System.setProperty("java.security.auth.login.config",path);

[...]

LoginContext lc = null;

[...]

lc = new LoginContext(loginmodule, subject, callback);

lc.login(); <-- ERROR

As I'm getting an javax.security.auth.login.LoginException (no LoginModules have been configured for XYZLoginModule), it's obviously not possible to use this jaas.policy in the manner we did (The error is in german language - that's odd, as we did not use any german in our code).

>> Is this because it's not possible to use System.setProperty() in the way we did ??

So I wanted to set up a LoginModule via the Visual Administrator (As described in SAP Documentation).

>> It seems that I have to extract the login module from the application and to deploy it as a library - is this the only way?

I'm sorry, but I couldn't find any help neither in SAP Service Marketplace, nor in SAP Documentation and exisitng SDN Threads.

Thanks a lot for your help,

Nadine

Add a comment
10|10000 characters needed characters exceeded

Related questions

3 Answers

  • Best Answer
    Posted on Feb 01, 2005 at 04:34 PM

    Hi Nadine,

    To your first question:

    According to the EJB specification you must not attempt to set a system property in an EJB. Also, "the enterprise bean must not attempt to obtain the security policy information for a particular code source." (EJB 2.0, chapters 24.1.2 and 24.2.1).

    As per the second question, I'm not 100% sure but I think this is the only way.

    Hope this helps,

    Vladimir

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Feb 02, 2005 at 07:34 AM

    Hi Nadine,

    to your second question:

    >> It seems that I have to extract the login module from the application and to deploy it as a library - is this the only way?

    No, it is not the only way but it <b>is</b> the recommended way to go when using custom login modules.

    >> I'm sorry, but I couldn't find any help neither in SAP Service Marketplace, nor in SAP Documentation and exisitng SDN Threads.

    Don't know if you've seen this tutorial already.. if not - it is quite comprehensive one containing all the steps of using the Developer Studio to develop, assemble, and deploy the login module, develop the source code itself, as well as configure the use of the login module in the Visual Administrator. You can find it on the following address:

    http://service.sap.com/security -> Hot Topic J2EE -> SAP NW '04: J2EE Engine 6.40 -> Tutorial: Custom Login Module

    Hope that helps!

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Ivaylo,

      thanks for the link, but unfortunatly it's the pdf version of SAP Documentation, which does not explain how to use a LoginModule included in an application.

      Can you give me some tips how to proceed to use this LoginModule, deployed inside an EJB-Component, which in turn is part of an application.

      I'm migrating this application to SAP Web AS, so I prefer to change as less code as possible as this migration is just to know how to run our application on SAP Web AS. For development an so on, another Appserver is used. But if this recommended way to deploy the LoginModule as library is the only way - I'll do whatever it might take to run this app on Web AS 😉

      Thanks a lot again for your help,

      Nadine

  • author's profile photo Former Member
    Former Member
    Posted on Feb 02, 2005 at 04:07 PM

    Hi all (again),

    I managed to create my LoginModules etc.

    Now I'm getting some strange errors. When creating the LoginContext, everything seems to work fine. In my logfiles, I can see, that the Module successfully authenticates the user with the correct roles. The commit() is called successfully, but then abort() is called and I'm getting a "User not authorized" error. The code worked fine on JBoss.

    Any ideas?

    Thanks a lot!

    Nadine

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.