Search...
FAQs
Subscribe
Pie
FAQs
Recent topics
Flagged topics
Hot topics
Best topics
Search...
Search within Security
Search Coderanch
Advance search
Google search
Register / Login
Post Reply
Bookmark Topic
Watch Topic
New Topic
programming forums
Java
Mobile
Certification
Databases
Caching
Books
Engineering
Micro Controllers
OS
Languages
Paradigms
IDEs
Build Tools
Frameworks
Application Servers
Open Source
This Site
Careers
Other
Pie Elite
all forums
this forum made possible by our volunteer staff, including ...
Marshals:
Campbell Ritchie
Jeanne Boyarsky
Ron McLeod
Paul Clapham
Liutauras Vilda
Sheriffs:
paul wheaton
Rob Spoor
Devaka Cooray
Saloon Keepers:
Stephan van Hulst
Tim Holloway
Carey Brown
Frits Walraven
Tim Moores
Bartenders:
Mikalai Zaikin
Forum:
Security
Secure Login through JAAS and servlet
Manish Sahni
Ranch Hand
Posts: 41
I like...
posted 13 years ago
Number of slices to send:
Optional 'thank-you' note:
Send
Hi,
I am new to JAAS and i tried to implement JAAS into my
servlet
.
However i am facing problem .
My snippet of code is:-
package com; import java.util.Map; import java.sql.*; import javax.naming.Context; import javax.naming.InitialContext; import javax.naming.NamingException; import javax.security.auth.spi.LoginModule; import javax.security.auth.*; import javax.security.auth.callback.*; import javax.security.auth.login.*; import javax.sql.*; public class DataSourceLoginModule implements LoginModule { //These instance variables will be initialized by the //initialize( ) method CallbackHandler handler; Subject subject; Map sharedState; Map options; private boolean loginPassed = false; public DataSourceLoginModule( ){}//no-arguments constructor public void initialize(Subject subject, CallbackHandler handler, Map sharedState, Map options){ this.subject = subject; this.handler = handler; this.sharedState = sharedState; this.options = options; } public boolean login( ) throws LoginException { String name = ""; String pass = ""; Context env = null; Connection conn = null; Statement stmt = null; ResultSet rs = null; DataSource pool = null; boolean passed = false; try{ //Create the CallBack array to pass to the //CallbackHandler.handle( ) method Callback[] callbacks = new Callback[2]; //Don't use null arguments with the NameCallback constructor! callbacks[0] = new NameCallback("Username:"); //Don't use null arguments with PasswordCallback! callbacks[1] = new PasswordCallback("Password:", false); handler.handle(callbacks); //Get the username and password from the CallBacks NameCallback nameCall = (NameCallback) callbacks[0]; name = nameCall.getName( ); PasswordCallback passCall = (PasswordCallback) callbacks[1]; pass = new String ( passCall.getPassword( ) ); //Look up our DataSource so that we can check the username and //password env = (Context) new InitialContext( ).lookup("java:comp/env"); pool = (DataSource) env.lookup("jdbc/upl_db"); if (pool == null) throw new LoginException( "Initializing the DataSource failed."); //The SQL for checking a name and password in a table named //athlete String sql = "select * from login where username='"+name+"'"; String sqlpass = "select * from login where pswd='"+pass+"'"; //Get a Connection from the connection pool conn = pool.getConnection( ); stmt = conn.createStatement( ); //Check the username rs = stmt.executeQuery(sql); //If the ResultSet has rows, then the username was //correct and next( ) returns true passed = rs.next( ); rs.close( ); if (! passed){ loginPassed = false; throw new FailedLoginException( "The username was not successfully authenticated"); } //Check the password rs = stmt.executeQuery(sqlpass); passed = rs.next( ); if (! passed){ loginPassed = false; throw new FailedLoginException( "The password was not successfully authenticated"); } else { loginPassed = true; return true; } } catch (Exception e){ throw new LoginException(e.getMessage( )); } finally { try{ //close the Statement stmt.close( ); //Return the Connection to the pool conn.close( ); } catch (SQLException sqle){ } } //finally } //login public boolean commit( ) throws LoginException { //We're not doing anything special here, since this class //represents a simple example of login authentication with JAAS. //Just return what login( ) returned. return loginPassed; } public boolean abort( ) throws LoginException { //Reset state boolean bool = loginPassed; loginPassed = false; return bool; } public boolean logout( ) throws LoginException { //Reset state loginPassed = false; return true; } //logout } //DataSourceLoginModule
CallBackHandler:-
package com; import javax.security.auth.callback.*; import javax.servlet.ServletRequest; public class WebCallBackHandler implements CallbackHandler { private String userName; private String password; public WebCallBackHandler(ServletRequest request){ userName = request.getParameter("Username"); password = request.getParameter("Password"); } public void handle(Callback[] callbacks) throws java.io.IOException, UnsupportedCallbackException { //Add the username and password from the request parameters to //the Callbacks for (int i = 0; i < callbacks.length; i++){ if (callbacks[i] instanceof NameCallback){ NameCallback nameCall = (NameCallback) callbacks[i]; nameCall.setName(userName); } else if (callbacks[i] instanceof PasswordCallback){ PasswordCallback passCall = (PasswordCallback) callbacks[i]; passCall.setPassword(password.toCharArray( )); } else{ throw new UnsupportedCallbackException (callbacks[i], "The CallBacks are unrecognized in class: "+getClass( ). getName( )); } } //for } //handle }
Loginservlet
package com; import javax.servlet.*; import javax.servlet.http.*; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import javax.security.auth.callback.CallbackHandler; public class Loginservlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, java.io.IOException { //The CallbackHandler gets the username and password from //request parameters in the URL; therefore, the ServletRequest is //passed to the CallbackHandler constructor WebCallBackHandler webcallback = new WebCallBackHandler(request); LoginContext lcontext = null; boolean loginSuccess = true; try{ lcontext = new LoginContext( "WebLogin",webcallback ); //this method throws a LoginException //if authentication is unsuccessful lcontext.login( ); } catch (LoginException lge){ loginSuccess = false; } response.setContentType("text/html"); java.io.PrintWriter out = response.getWriter( ); out.println( "<html><head><title>Thanks for logging in</title>"+ "</head><body>"); out.println("<h2>Your logged in status</h2>"); out.println(""+ ( loginSuccess ? "Logged in" : "Failed Login" )); out.println("</body></html>"); } //doGet public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, java.io.IOException { doGet(request,response); } //doPost } //LoginServlet
Error:-
Jan 1, 2002 3:46:40 AM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet Loginservlet threw exception java.lang.SecurityException: Unable to locate a login configuration at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at java.lang.Class.newInstance0(Class.java:355) at java.lang.Class.newInstance(Class.java:308) at javax.security.auth.login.Configuration$3.run(Configuration.java:246) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:241) at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.init(LoginContext.java:234) at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403) at com.Loginservlet.doGet(Loginservlet.java:28) at com.Loginservlet.doPost(Loginservlet.java:61) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) at java.lang.Thread.run(Thread.java:619) Caused by: java.io.IOException: Unable to locate a login configuration at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:250) at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91) ... 32 more
Please do let me know the root cause
Kumar Raja
Ranch Hand
Posts: 558
2
I like...
posted 13 years ago
Number of slices to send:
Optional 'thank-you' note:
Send
Are you using
Tomcat
as your web container.
May be this will help you
SecurityException
Regards
KumarRaja
Manish Sahni
Ranch Hand
Posts: 41
I like...
posted 13 years ago
Number of slices to send:
Optional 'thank-you' note:
Send
yes the container i am using is tomcat 6.0.20
Kumar Raja
Ranch Hand
Posts: 558
2
I like...
posted 13 years ago
Number of slices to send:
Optional 'thank-you' note:
Send
Have you tried the link I posted. Did that help you ?
Regards
KumarRaja
Manish Sahni
Ranch Hand
Posts: 41
I like...
posted 13 years ago
Number of slices to send:
Optional 'thank-you' note:
Send
I have tried that link but still i am stuck
please help
regards
rajan patil
Greenhorn
Posts: 3
posted 13 years ago
Number of slices to send:
Optional 'thank-you' note:
Send
Did you used configuration file?
whose contents will be like :
WebLogin{
com.DataSourceLoginModule required
};
Exception shows that its unable to find that config file.
reply
reply
Bookmark Topic
Watch Topic
New Topic
Boost this thread!
Similar Threads
Is this possible with JAAS, or WebSphere even for that matter?
JBoss 5.1.0 GA. FORM based authentication
EJB Security: Not getting correct name in Principal
Using cookies in JAAS to extend a Single Sign On
Tomcat JAAS Authentication NullPointerException
More...