java如何在WebSphere8.5.5中的我的JAAS自定义登录模块中使用SAML令牌属性值
我正在使用一个自定义JAAS登录模块来实现idAssertion。我已经配置了一个有效的TAI,它将使用令牌数据或属性值返回SAML响应。我需要使用来自SAML令牌的JAAS登录模块中的组详细信息。如何在此处获取组和属性值?已使用WSSUtilFactory,但它返回空值。 JAAS登录模块
package com.hcl.portal.transparent;
import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.naming.InitialContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import com.ibm.portal.auth.tai.ExternalIdentityCredential;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.wssecurity.wssapi.WSSUtilFactory;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
import com.ibm.ws.security.util.AccessController;
import com.ibm.wsspi.security.auth.callback.WSTokenHolderCallback;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute;
import com.ibm.wsspi.wssecurity.saml.data.SAMLNameID;
public class loginModule implements LoginModule {
private boolean success = false;
Subject currentSubject;
CallbackHandler currentCallbackHandler;
Map<String, Object> currentSharedState;
Map<String, Object> currentOptions;
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String, ?> sharedState, Map<String, ?> options) {
currentSubject = subject;
currentCallbackHandler = callbackHandler;
currentSharedState = (Map<String, Object>) sharedState;
currentOptions = (Map<String, Object>) options;
success = false;
System.out.println("kousik level 0.1");
}
@Override
public boolean login() throws LoginException {
String uniqueid = "";
Hashtable hashtable = new Hashtable();
Callback callbacks[] = new Callback[3];
System.out.println("kousik level 0.2");
try {
callbacks[0] = new WSTokenHolderCallback("");
callbacks[1] = new NameCallback("User:");
callbacks[2] = new PasswordCallback("Password:", false);
currentCallbackHandler.handle(callbacks);
boolean requiresLogin = ((WSTokenHolderCallback) callbacks[0]).getRequiresLogin();
if (requiresLogin) {
String username = ((NameCallback) callbacks[1]).getName();
String userDefaultname = ((NameCallback) callbacks[1]).getDefaultName();
System.out.println("k----------username = " + username);
System.out.println("k----------Dusername = " + userDefaultname);
if (username != null) {
try {
InitialContext ctx = new InitialContext();
UserRegistry reg = (UserRegistry) ctx.lookup("UserRegistry");
uniqueid = reg.getUniqueUserId(username);
} catch (com.ibm.websphere.security.EntryNotFoundException e1) {
System.out.println("Login Module - transient for base realm ");
uniqueid = "uid=" + username + ",o=base,o=transparent";
hashtable.put(AttributeNameConstants.WSCREDENTIAL_UNIQUEID,uniqueid);
hashtable.put(AttributeNameConstants.WSCREDENTIAL_SECURITYNAME,uniqueid);
// You may add specific users to specific groups to not only have all transient user as "AllAuthenticated"
ArrayList<String> groupList = new ArrayList<String>();
groupList.add("cn=wpsadmins,o=defaultWIMFileBasedRealm");
// AttributeNameConstants.WSCREDENTIAL_GROUPS
hashtable.put(AttributeNameConstants.WSCREDENTIAL_GROUPS,groupList);
// Add attributes for this special user as well
hashtable.put("sn",username);
hashtable.put("cn",username);
hashtable.put("uid",username);
hashtable.put("ibm-primaryEmail",username+"@portal.ibm.com");
// }
currentSubject.getPublicCredentials().add(hashtable);
currentSubject.getPublicCredentials().add(new ExternalIdentityCredential(hashtable));
currentSharedState.put(AttributeNameConstants.WSCREDENTIAL_PROPERTIES_KEY,hashtable);
} catch (Exception e1) {
System.out.println("Login Module failed for user lookup: "+ e1);
}
System.out.println("uniqueid = " + uniqueid);
} else {
System.out.println("uniqueid is null - do nothing");
success = false;
System.out.println("failed with uniqueid= " + uniqueid);
return success;
}
} else {
System.out.println("This is a repeat login, nothing to do.");
}
} catch (Exception e) {
System.out.println("Login Module failed: " + e);
}
success = true;
System.out.println("success with uniqueid= " + uniqueid);
return success;
}
@Override
public boolean commit() throws LoginException {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean abort() throws LoginException {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean logout() throws LoginException {
// TODO Auto-generated method stub
return false;
}
}
共 (0) 个答案