如何在 Websphere 8.5.5 中的 JAAS 自定义登录模块中使用 SAML 令牌属性值

如何解决如何在 Websphere 8.5.5 中的 JAAS 自定义登录模块中使用 SAML 令牌属性值

我正在使用自定义 JAAS 登录模块来实现 idAssertion。我已经配置了一个有效的 TAI，它将使用令牌数据或属性值返回 SAML 响应。我需要使用来自 SAML 令牌的 JAAS 登录模块中的组详细信息。如何在此处获取组和属性值？已经使用 WSSUtilFactory 但它返回空值。 JAAS 登录模块

package com.hcl.portal.transparent;
import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.naming.InitialContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import com.ibm.portal.auth.tai.ExternalIdentityCredential;
import com.ibm.websphere.security.UserRegistry;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.wssecurity.wssapi.WSSUtilFactory;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
import com.ibm.ws.security.util.AccessController;
import com.ibm.wsspi.security.auth.callback.WSTokenHolderCallback;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute;
import com.ibm.wsspi.wssecurity.saml.data.SAMLNameID;

public class loginModule implements LoginModule {
    private boolean success = false;
    Subject currentSubject;
    CallbackHandler currentCallbackHandler;
    Map<String,Object> currentSharedState;
    Map<String,Object> currentOptions;

    @Override
    public void initialize(Subject subject,CallbackHandler callbackHandler,Map<String,?> sharedState,?> options) {
        currentSubject = subject;
        currentCallbackHandler = callbackHandler;
        currentSharedState = (Map<String,Object>) sharedState;
        currentOptions = (Map<String,Object>) options;
        success = false;
        System.out.println("kousik level 0.1");
    }

     @Override
    public boolean login() throws LoginException {
        String uniqueid = "";
        Hashtable hashtable = new Hashtable();
        Callback callbacks[] = new Callback[3];
        System.out.println("kousik level 0.2");
        
        try {
            callbacks[0] = new WSTokenHolderCallback("");
            callbacks[1] = new NameCallback("User:");
            callbacks[2] = new PasswordCallback("Password:",false);            
           
            currentCallbackHandler.handle(callbacks);
            boolean requiresLogin = ((WSTokenHolderCallback) callbacks[0]).getRequiresLogin();              

            if (requiresLogin) {
                String username = ((NameCallback) callbacks[1]).getName();
                String userDefaultname = ((NameCallback) callbacks[1]).getDefaultName();
                System.out.println("k----------username = " + username);
                System.out.println("k----------Dusername = " + userDefaultname);
                if (username != null) {
                    try {                        
                        InitialContext ctx = new InitialContext();
                        UserRegistry reg = (UserRegistry) ctx.lookup("UserRegistry");
                        uniqueid = reg.getUniqueUserId(username);
                    } catch (com.ibm.websphere.security.EntryNotFoundException e1) {                        
                        
                        System.out.println("Login Module - transient for base realm ");
                        uniqueid = "uid=" + username + ",o=base,o=transparent";
                        hashtable.put(AttributeNameConstants.WSCREDENTIAL_UNIQUEID,uniqueid);
                        hashtable.put(AttributeNameConstants.WSCREDENTIAL_SecurityNAME,uniqueid);
                        // You may add specific users to specific groups to not only have all transient user as "AllAuthenticated"
                      
                        ArrayList<String> groupList = new ArrayList<String>();
                        groupList.add("cn=wpsadmins,o=defaultWIMFileBasedRealm");
                        
                       // AttributeNameConstants.WSCREDENTIAL_GROUPS
                        hashtable.put(AttributeNameConstants.WSCREDENTIAL_GROUPS,groupList);
                        // Add attributes for this special user as well
                        hashtable.put("sn",username);
                        hashtable.put("cn",username);
                        hashtable.put("uid",username);
                        hashtable.put("ibm-primaryEmail",username+"@portal.ibm.com");
                       // }
                        currentSubject.getPublicCredentials().add(hashtable);
                        currentSubject.getPublicCredentials().add(new ExternalIdentityCredential(hashtable));
                        currentSharedState.put(AttributeNameConstants.WSCREDENTIAL_PROPERTIES_KEY,hashtable);
                    } catch (Exception e1) {
                        System.out.println("Login Module Failed for user lookup: "+ e1);
                    }
                    System.out.println("uniqueid = " + uniqueid);
                } else {
                    System.out.println("uniqueid is null - do nothing");
                    success = false;
                    System.out.println("Failed with uniqueid= " + uniqueid);
                    return success;
                }
            } else {
                System.out.println("This is a repeat login,nothing to do.");
            }

        } catch (Exception e) {
            System.out.println("Login Module Failed: " + e);
        }
        success = true;
        System.out.println("success with uniqueid= " + uniqueid);
        return success;
    }

    @Override
    public boolean commit() throws LoginException {
        // Todo Auto-generated method stub
        return false;
    }

    @Override
    public boolean abort() throws LoginException {
        // Todo Auto-generated method stub
        return false;
    }

    @Override
    public boolean logout() throws LoginException {
        // Todo Auto-generated method stub
        return false;
    }

}

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。