Accessing Spring context inside a JAAS login module

**sds** · Oct 14th, 2004, 09:17 AM

I've written a JAAS login module that uses our proprietary LDAP (with very specific role configuration). We're still evaluating whether to use JNDI or straight LDAP access through the netscape LDAP libraries, so I have 2 implementations. In order to configure which service to use and what the LDAP connection parameters are, I would like to set this in the Spring configuration. (Another advantage: avoid the use of singleton implementation). However, since I don't have access to the ServletContext, nor is my LoginModule set by spring (it is configured by JAAS), how can I access the Spring context ?

Stefaan.

**Ben Alex** · Oct 14th, 2004, 04:40 PM

I don't know how to do it without a ServletContext or wiring it from Spring in the first place, but the way we approach the problem with a JBoss login module is as follows:

Code:

    public void initialize&#40;Subject subject, CallbackHandler callbackHandler,
        Map sharedState, Map options&#41; &#123;
        super.initialize&#40;subject, callbackHandler, sharedState, options&#41;;

        this.key = &#40;String&#41; options.get&#40;"key"&#41;;

        if &#40;&#40;key == null&#41; || "".equals&#40;key&#41;&#41; &#123;
            throw new IllegalArgumentException&#40;"key must be defined"&#41;;
        &#125;

        String appContextLocation = &#40;String&#41; options.get&#40;"appContextLocation"&#41;;

        if &#40;&#40;appContextLocation == null&#41; || "".equals&#40;appContextLocation&#41;&#41; &#123;
            throw new IllegalArgumentException&#40;
                "appContextLocation must be defined"&#41;;
        &#125;

        if &#40;Thread.currentThread&#40;&#41;.getContextClassLoader&#40;&#41;.getResource&#40;appContextLocation&#41; == null&#41; &#123;
            throw new IllegalArgumentException&#40;"Cannot locate "
                + appContextLocation&#41;;
        &#125;

        ClassPathXmlApplicationContext ctx = new ClassPathXmlApplicationContext&#40;appContextLocation&#41;;
        .....
&#125;

**sds** · Oct 15th, 2004, 08:21 AM

This doesn't seem to work. I'm able to get the application context location out of the JAAS login configuration, but I get the error javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: Cannot locate '/WEB-INF/config/spring/applicationContext.xml'. The file located in the above path, however it is not in the WEB-INF/classes directory where the Resin classloader is lookin for.

I saw that you had similar code for the ResinAcegiAuthenticator, so I'm starting to think my resin configuration is wrong ?

**Ben Alex** · Oct 15th, 2004, 08:53 AM

Could I ask why you're using JAAS in the first place? We have an LDAP implementation in the sandbox, or you can use your own (as you probably will need to given your specific LDAP needs) and implement PasswordAuthenticationDao.

If you need JAAS for EJB I'd understand, but if it's for a pureplay Spring WAR, it's better not to add to the complexity.

Correct configuration details for the Resin adapter are provided in the Acegi Security reference guide.

**sds** · Oct 15th, 2004, 09:58 AM

I definitely agree JAAS gives extra complexity, but I'm afraid JAAS login is a requirement for the application

As for the Resin configuration, I did look in the Acegi security reference guide, where you acknoledge that each webapplication can have the security application context in the WEB-INF directory. I've tried with putting everything in a war file instead of using the eclipse plugin of resin, but it still doesn't work, even if I put the configuration files outside the war file (in the classes dir of resin), it doesn't work.

I guess I'll have to fallback on a singleton implementation of the service, and have the service created by spring.

**RayKrueger** · Oct 15th, 2004, 02:53 PM

Outside of the ideas you guys are talking about now, should I consider checking to see if the LoginContext is an instanceof ApplicationContextAware?

For example...

Code:

    public Authentication authenticate&#40;Authentication auth&#41;
            throws AuthenticationException &#123;
        if &#40;auth instanceof UsernamePasswordAuthenticationToken&#41; &#123;
            UsernamePasswordAuthenticationToken token = &#40;UsernamePasswordAuthenticationToken&#41; auth;

            try &#123;
                //Create the LoginContext object, and pass our InternallCallbackHandler
                LoginContext lc = new LoginContext&#40;loginContextName,
                        new InternalCallbackHandler&#40;auth&#41;&#41;;

                if &#40;lc instanceof ApplicationContextAware&#41; &#123;
                    &#40;&#40;ApplicationContextAware&#41; lc&#41;.setApplicationContext&#40;context&#41;;
                &#125;.......

**sds** · Oct 18th, 2004, 02:31 AM

Ray,

The LoginContext is a JAAS class while the LoginModule is a custom class. You can't access the LoginModule from within the LoginContext, all the interesting methods and members of LoginModule are set to privite (so you can't override them). Even the callback handler is wrapped by a delegate class, so in the LoginModule you can't cast the callback handler to the class you've passed to JAAS (to pass the context trough), nor do you have a getter to get the wrapped callback handler.

I ended up setting a static field applicationContext of my login module in an overriden version of the JaasAuthenticationProvider. Not a very nice solution indeed.

Cheers, Stefaan.

**RayKrueger** · Oct 20th, 2004, 08:23 PM

Wow, I'm sorry. I'm a boob sometimes. I meant to do all of that with the LoginModule lol...

Thread: Accessing Spring context inside a JAAS login module

Thread Tools

Display

Accessing Spring context inside a JAAS login module

Similar Threads

Loosing my SecureContext

Accessing spring context from JSP 2.0 EL functions

Spring code remarks

Spring Framework / Spring Rich Client Library Hell?

Comments to this way of implementing Spring into ejbs

Posting Permissions