Hello everyone
I am trying to create a new karaf JAAS module and preferably override the
current karaf JAAS domain.
I have my login module which basically just delegates everything to shiro,
as well as a blueprint to add it to the JAAS config.
My JAAS config xml from OSGI-INF\blueprint folder in the jar:
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/
blueprint-ext/v1.0.0">
<ext:property-placeholder placeholder-prefix="$["
placeholder-suffix="]"/>
<jaas:config name="ShiroBridge" rank="-1">
<jaas:module className="my.test.security.
karaf.ShiroJaasIntegration"
flags="sufficient">
</jaas:module>
</jaas:config>
</blueprint>
My LoginModule:
public class ShiroJaasIntegration implements LoginModule {
public static final Logger LOGGER = LoggerFactory.getLogger(
ShiroJaasIntegration.class);
private static final Class<org.apache.shiro.session.Session>
shiroSessionClass = org.apache.shiro.session.Session.class;
protected Set<Principal> principals = new HashSet<>();
private Subject subject;
private org.apache.shiro.session.Session shiroSession;
private CallbackHandler callbackHandler;
private Map<String, ?> sharedState;
private Map<String, ?> options;
private String user;
protected BundleContext bundleContext;
private boolean authenticated = false;
@Override
public void initialize(Subject subject, CallbackHandler
callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
LOGGER.info("initialize "+System.identityHashCode(this));
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
this.bundleContext = ((BundleReference) this.getClass().
getClassLoader()).getBundle().getBundleContext();
}
@Override
public boolean login() throws LoginException {
LOGGER.debug("login "+System.identityHashCode(this));
if (callbackHandler == null) {
throw new LoginException("No CallbackHandler found");
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("Username: ");
callbacks[1] = new PasswordCallback("Password: ", false);
if (callbackHandler != null) {
try {
callbackHandler.handle(callbacks);
} catch (IOException ioe) {
throw new LoginException(ioe.getMessage());
} catch (UnsupportedCallbackException uce) {
throw new LoginException(uce.getMessage() + " not available
to obtain information from user");
}
}
// user callback get value
if (((NameCallback) callbacks[0]).getName() == null) {
throw new LoginException("Username can not be null");
}
user = ((NameCallback) callbacks[0]).getName();
// password callback get value
if (((PasswordCallback) callbacks[1]).getPassword() == null) {
throw new LoginException("Password can not be null");
}
String password = new String(((PasswordCallback)
callbacks[1]).getPassword());
org.apache.shiro.subject.Subject shiroSubject = null;
//Do lots of shiro stuff to get the UserPrincipal and RolePrincipal objects
return authenticated;
}
@Override
public boolean commit() throws LoginException {
LOGGER.debug("commit "+System.identityHashCode(this));
subject.getPrincipals().addAll(principals);
return authenticated;
}
@Override
public boolean abort() throws LoginException {
user = null;
principals.clear();
user = null;
LOGGER.debug("abort "+System.identityHashCode(this));
return true;
}
@Override
public boolean logout() throws LoginException {
user = null;
subject.getPrincipals().removeAll(principals);
principals.clear();
LOGGER.debug("logout "+System.identityHashCode(this));
return true;
}
}
I have tried setting the rank inside the blueprint to -1, 0, and 1 and the
ShiroBridge does move up and down the list, but no log statements from the
ShiroJaasIntegration LoginModule are ever called, and in all cases i can
still login with karaf/karaf.
karaf@root()> jaas:realm-list
Index | Realm Name | Login Module Class Name
------+-------------+---------------------------------------------------------------
1 | ShiroBridge | my.test.security.karaf.ShiroJaasIntegration
2 | karaf |
org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
3 | karaf |
org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule
4 | karaf | org.apache.karaf.jaas.modules.audit.FileAuditLoginModule
5 | karaf | org.apache.karaf.jaas.modules.audit.LogAuditLoginModule
6 | karaf |
org.apache.karaf.jaas.modules.audit.EventAdminAuditLoginModule
So my module never seems to be called, and i can't really disable the karaf
realm.
Can someone help with this? My objective is to add my own LoginModule and
preferably replace the current karaf Realm
|