pessoal!
seguindo o Tutorial de JAAS do GUJ, criei meus Principals e LoginModule
[code]package br.com.empresa.core.login;
import java.security.Principal;
public class Role implements Principal {
private String name;
// …
}[/code]
[code]package br.com.empresa.core.login;
import java.security.Principal;
import java.util.*;
public class User implements Principal {
private String name;
private Set<Role> roles;
// …
}[/code]
[code]package br.com.empresa.core.login;
import java.io.IOException;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.*;
import javax.security.auth.login.LoginException;
import org.tempuri.*;
public class LoginModule implements javax.security.auth.spi.LoginModule {
private Subject subject;
private CallbackHandler callbackHandler;
private Map sharedState;
private Map options;
private boolean debug;
private User user;
private boolean autenticated = false;
private boolean commited = false;
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
debug = "true".equals((String) options.get("debug"));
if (debug)
System.out.println("LoginModule.initialize");
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
if (debug)
System.out.println("LoginModule.initialize:debug=" + debug);
}
@Override
public boolean login() throws LoginException {
if (debug)
System.out.println("LoginModule.login");
if (callbackHandler == null) {
throw new LoginException("Error: no CallbackHandler available to garner authentication information from the user");
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("nomeUsuario");
callbacks[1] = new PasswordCallback("senha", false);
try {
String system = (String) options.get("system");
if (debug)
System.out.println("LoginModule.initialize:system=" + system);
callbackHandler.handle(callbacks);
String user = ((NameCallback) callbacks[0]).getName();
if (debug)
System.out.println("LoginModule.login:user=" + user);
String password = new String(((PasswordCallback) callbacks[1]).getPassword());
if (debug)
System.out.println("LoginModule.login:password=" + password);
((PasswordCallback) callbacks[1]).clearPassword();
// um serviço que autentica no AD e consulta as permissões do usuário
Usuario u = new Login(system, "empresa\\" + user, password).getUser();
if (!"".equals(u.getLogin())) {
this.user = new User(user);
for (Sistema s : u.getSistema()) {
this.user.addRole(new Role(s.getCodigo()));
if (debug)
System.out.println("LoginModule.login:system=" + s.getCodigo());
for (Perfil p : s.getPerfil()) {
this.user.addRole(new Role(p.getNome()));
if (debug)
System.out.println("LoginModule.login:profile=" + p.getNome());
}
}
sharedState.put("javax.security.auth.principal", this.user);
sharedState.put("javax.security.auth.roles", this.user.getRoles());
autenticated = true;
if (debug)
System.out.println("LoginModule.login:athenticated=true");
} else {
throw new LoginException("Warning: Invalid user or password");
}
} catch (IOException e) {
throw new LoginException(e.toString());
} catch (UnsupportedCallbackException e) {
throw new LoginException("Error: " + e.getCallback() + " not available to garner authentication information from the user");
} catch (Exception e) {
throw new RuntimeException(e);
}
if (debug)
System.out.println("LoginModule.login:loged=true");
return true;
}
@Override
public boolean commit() throws LoginException {
if (debug)
System.out.println("LoginModule.commit");
if (user != null && !subject.getPrincipals().contains(user)) {
subject.getPrincipals().add(user);
subject.getPrincipals().addAll(user.getRoles());
}
commited = true;
if (debug)
System.out.println("LoginModule.commit:commited=true");
return true;
}
@Override
public boolean abort() throws LoginException {
if (debug)
System.out.println("LoginModule.abort");
if (!autenticated) {
if (debug)
System.out.println("LoginModule.abort:aborted=false");
return false;
} else {
if (debug)
autenticated = false;
if (commited) {
logout();
}
}
subject = null;
callbackHandler = null;
sharedState = null;
if (debug)
System.out.println("LoginModule.abort:aborted=true");
return true;
}
@Override
public boolean logout() throws LoginException {
if (debug)
System.out.println("LoginModule.logout");
subject.getPrincipals().removeAll(user.getRoles());
subject.getPrincipals().remove(user);
if (debug)
System.out.println("LoginModule.logout:loged=false");
return true;
}
}[/code]
gerei o jar (empresa-core-version) e coloquei o arquivo no diretório {catalina_home}/lib
depois criei o arquivo jaas.conf
modulo {
br.com.empresa.core.login.LoginModule required
debug=true
system="SISTEMA";
};
e o coloquei no diretório {catalina_home}/conf
então, configurei o JVM arguments do servidor no Eclipse dando duplo clique no servidor, clicando no link "Open launch configuration", selecionando a aba "Arguments" e no campo "Vm arguments" digitando -Djava.security.auth.login.config="diretorioDeInstalaçãoDoTomcat\conf\jaas.conf"
aí configurei o web.xml da aplicação
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<!-- ... -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>default</realm-name>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/login-fail.xhtml</form-error-page>
</form-login-config>
</login-config>
<!-- ... -->
<security-constraint>
<web-resource-collection>
<web-resource-name>modulo</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>MODULO</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>MODULO</role-name>
</security-role>
<!-- ... -->
</web-app>
e finalmente meu formulário de login
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!-- ... -->
<form action="j_security_check" method="post">
<label for="j_username">Nome de usuário</label><br />
<input name="j_username" type="text" /><br />
<label for="j_password">Senha</label><br />
<input name="j_password" type="password" /><br /><br />
<input type="submit" value="Entrar" />
</form>
<!-- ... -->
</html>
mas nada acontece. sou redirecionado para a tela de login-fail e não imprime nada no console.
alguém sabe o que posso estar fazendo errado?
obrigado a todos.