karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Nielsen <mny...@gmail.com>
Subject Using a custom JAAS LoginModule with karaf
Date Tue, 03 Apr 2018 15:42:57 GMT
 Hello everyone

I am trying to create a new karaf JAAS module and preferably override the
current karaf JAAS domain.

I have my login module which basically just delegates everything to shiro,
as well as a blueprint to add it to the JAAS config.

My JAAS config xml from OSGI-INF\blueprint folder in the jar:

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
           xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
           xmlns:ext="http://aries.apache.org/blueprint/xmlns/
blueprint-ext/v1.0.0">


    <ext:property-placeholder placeholder-prefix="$["
placeholder-suffix="]"/>

    <jaas:config name="ShiroBridge" rank="-1">
        <jaas:module className="my.test.security.
karaf.ShiroJaasIntegration"
                     flags="sufficient">
        </jaas:module>
    </jaas:config>

</blueprint>

My LoginModule:

public class ShiroJaasIntegration implements LoginModule {

    public static final Logger LOGGER = LoggerFactory.getLogger(
ShiroJaasIntegration.class);
    private static final Class<org.apache.shiro.session.Session>
shiroSessionClass = org.apache.shiro.session.Session.class;

    protected Set<Principal> principals = new HashSet<>();
    private Subject subject;
    private org.apache.shiro.session.Session shiroSession;
    private CallbackHandler callbackHandler;
    private Map<String, ?> sharedState;
    private Map<String, ?> options;
    private String user;
    protected BundleContext bundleContext;
    private boolean authenticated = false;

    @Override
    public void initialize(Subject subject, CallbackHandler
callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
        LOGGER.info("initialize "+System.identityHashCode(this));
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = sharedState;
        this.options = options;
        this.bundleContext = ((BundleReference) this.getClass().
getClassLoader()).getBundle().getBundleContext();
    }

    @Override
    public boolean login() throws LoginException {
        LOGGER.debug("login "+System.identityHashCode(this));
        if (callbackHandler == null) {
            throw new LoginException("No CallbackHandler found");
        }

        Callback[] callbacks = new Callback[2];

        callbacks[0] = new NameCallback("Username: ");
        callbacks[1] = new PasswordCallback("Password: ", false);
        if (callbackHandler != null) {
            try {
                callbackHandler.handle(callbacks);
            } catch (IOException ioe) {
                throw new LoginException(ioe.getMessage());
            } catch (UnsupportedCallbackException uce) {
                throw new LoginException(uce.getMessage() + " not available
to obtain information from user");
            }
        }

        // user callback get value
        if (((NameCallback) callbacks[0]).getName() == null) {
            throw new LoginException("Username can not be null");
        }
        user = ((NameCallback) callbacks[0]).getName();

        // password callback get value
        if (((PasswordCallback) callbacks[1]).getPassword() == null) {
            throw new LoginException("Password can not be null");
        }
        String password = new String(((PasswordCallback)
callbacks[1]).getPassword());

        org.apache.shiro.subject.Subject shiroSubject = null;

//Do lots of shiro stuff to get the UserPrincipal and RolePrincipal objects

        return authenticated;

    }

    @Override
    public boolean commit() throws LoginException {
        LOGGER.debug("commit "+System.identityHashCode(this));
        subject.getPrincipals().addAll(principals);
        return authenticated;
    }

    @Override
    public boolean abort() throws LoginException {
        user = null;
        principals.clear();
        user = null;
        LOGGER.debug("abort "+System.identityHashCode(this));
        return true;
    }

    @Override
    public boolean logout() throws LoginException {
        user = null;
        subject.getPrincipals().removeAll(principals);
        principals.clear();
        LOGGER.debug("logout "+System.identityHashCode(this));
        return true;
    }

}

I have tried setting the rank inside the blueprint to -1, 0, and 1 and the
ShiroBridge does move up and down the list, but no log statements from the
ShiroJaasIntegration LoginModule are ever called, and in all cases i can
still login with karaf/karaf.

karaf@root()> jaas:realm-list

Index | Realm Name  | Login Module Class Name

------+-------------+---------------------------------------------------------------

1     | ShiroBridge | my.test.security.karaf.ShiroJaasIntegration

2     | karaf       |
org.apache.karaf.jaas.modules.properties.PropertiesLoginModule

3     | karaf       |
org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule

4     | karaf       | org.apache.karaf.jaas.modules.audit.FileAuditLoginModule

5     | karaf       | org.apache.karaf.jaas.modules.audit.LogAuditLoginModule

6     | karaf       |
org.apache.karaf.jaas.modules.audit.EventAdminAuditLoginModule



So my module never seems to be called, and i can't really disable the karaf
realm.


Can someone help with this? My objective is to add my own LoginModule and
preferably replace the current karaf Realm

Mime
View raw message