如何解决如何在 Websphere 8.5.5 中的 JAAS 自定义登录模块中使用 SAML 令牌属性值
我正在使用自定义 JAAS 登录模块来实现 idAssertion。我已经配置了一个有效的 TAI,它将使用令牌数据或属性值返回 SAML 响应。我需要使用来自 SAML 令牌的 JAAS 登录模块中的组详细信息。如何在此处获取组和属性值?已经使用 WSSUtilFactory 但它返回空值。 JAAS 登录模块
package com.hcl.portal.transparent;
import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.naming.InitialContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import com.ibm.portal.auth.tai.ExternalIdentityCredential;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.wssecurity.wssapi.WSSUtilFactory;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
import com.ibm.ws.security.util.AccessController;
import com.ibm.wsspi.security.auth.callback.WSTokenHolderCallback;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute;
import com.ibm.wsspi.wssecurity.saml.data.SAMLNameID;
public class loginModule implements LoginModule {
private boolean success = false;
Subject currentSubject;
CallbackHandler currentCallbackHandler;
Map<String,Object> currentSharedState;
Map<String,Object> currentOptions;
@Override
public void initialize(Subject subject,CallbackHandler callbackHandler,Map<String,?> sharedState,?> options) {
currentSubject = subject;
currentCallbackHandler = callbackHandler;
currentSharedState = (Map<String,Object>) sharedState;
currentOptions = (Map<String,Object>) options;
success = false;
System.out.println("kousik level 0.1");
}
@Override
public boolean login() throws LoginException {
String uniqueid = "";
Hashtable hashtable = new Hashtable();
Callback callbacks[] = new Callback[3];
System.out.println("kousik level 0.2");
try {
callbacks[0] = new WSTokenHolderCallback("");
callbacks[1] = new NameCallback("User:");
callbacks[2] = new PasswordCallback("Password:",false);
currentCallbackHandler.handle(callbacks);
boolean requiresLogin = ((WSTokenHolderCallback) callbacks[0]).getRequiresLogin();
if (requiresLogin) {
String username = ((NameCallback) callbacks[1]).getName();
String userDefaultname = ((NameCallback) callbacks[1]).getDefaultName();
System.out.println("k----------username = " + username);
System.out.println("k----------Dusername = " + userDefaultname);
if (username != null) {
try {
InitialContext ctx = new InitialContext();
UserRegistry reg = (UserRegistry) ctx.lookup("UserRegistry");
uniqueid = reg.getUniqueUserId(username);
} catch (com.ibm.websphere.security.EntryNotFoundException e1) {
System.out.println("Login Module - transient for base realm ");
uniqueid = "uid=" + username + ",o=base,o=transparent";
hashtable.put(AttributeNameConstants.WSCREDENTIAL_UNIQUEID,uniqueid);
hashtable.put(AttributeNameConstants.WSCREDENTIAL_SecurityNAME,uniqueid);
// You may add specific users to specific groups to not only have all transient user as "AllAuthenticated"
ArrayList<String> groupList = new ArrayList<String>();
groupList.add("cn=wpsadmins,o=defaultWIMFileBasedRealm");
// AttributeNameConstants.WSCREDENTIAL_GROUPS
hashtable.put(AttributeNameConstants.WSCREDENTIAL_GROUPS,groupList);
// Add attributes for this special user as well
hashtable.put("sn",username);
hashtable.put("cn",username);
hashtable.put("uid",username);
hashtable.put("ibm-primaryEmail",username+"@portal.ibm.com");
// }
currentSubject.getPublicCredentials().add(hashtable);
currentSubject.getPublicCredentials().add(new ExternalIdentityCredential(hashtable));
currentSharedState.put(AttributeNameConstants.WSCREDENTIAL_PROPERTIES_KEY,hashtable);
} catch (Exception e1) {
System.out.println("Login Module Failed for user lookup: "+ e1);
}
System.out.println("uniqueid = " + uniqueid);
} else {
System.out.println("uniqueid is null - do nothing");
success = false;
System.out.println("Failed with uniqueid= " + uniqueid);
return success;
}
} else {
System.out.println("This is a repeat login,nothing to do.");
}
} catch (Exception e) {
System.out.println("Login Module Failed: " + e);
}
success = true;
System.out.println("success with uniqueid= " + uniqueid);
return success;
}
@Override
public boolean commit() throws LoginException {
// Todo Auto-generated method stub
return false;
}
@Override
public boolean abort() throws LoginException {
// Todo Auto-generated method stub
return false;
}
@Override
public boolean logout() throws LoginException {
// Todo Auto-generated method stub
return false;
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。