Solved: Using custom LoginModule

Former Member · ‎02-01-2005

Hi all,

I've got a question concerning custom LoginModules. We implemented a LoginModule as part of an application which uses a jaas.policy to find the appropriate class:

***jaas.policy ***

XYZLoginModule{

com.my.path.to.a.class.LDAPLoginModule required debug=true;

};

**Authentication EJB**

import javax.security.auth.login.LoginContext; [...]

//This one returns the path to jaas.policy

String path = IKPropertyHandlerManager.init().getPropertyFilePath("jaas.policy","conf/security");

System.setProperty("java.security.auth.login.config",path);

[...]

LoginContext lc = null;

[...]

lc = new LoginContext(loginmodule, subject, callback);

lc.login(); <-- ERROR

As I'm getting an javax.security.auth.login.LoginException (no LoginModules have been configured for XYZLoginModule), it's obviously not possible to use this jaas.policy in the manner we did (The error is in german language - that's odd, as we did not use any german in our code).

>> Is this because it's not possible to use System.setProperty() in the way we did ??

So I wanted to set up a LoginModule via the Visual Administrator (As described in SAP Documentation).

>> It seems that I have to extract the login module from the application and to deploy it as a library - is this the only way?

I'm sorry, but I couldn't find any help neither in SAP Service Marketplace, nor in SAP Documentation and exisitng SDN Threads.

Thanks a lot for your help,

Nadine

Vlado · ‎02-01-2005

Hi Nadine,

To your first question:

According to the EJB specification you must not attempt to set a system property in an EJB. Also, "the enterprise bean must not attempt to obtain the security policy information for a particular code source." (EJB 2.0, chapters 24.1.2 and 24.2.1).

As per the second question, I'm not 100% sure but I think this is the only way.

Hope this helps,

Vladimir

Former Member · ‎02-02-2005

Hi all (again),

I managed to create my LoginModules etc.

Now I'm getting some strange errors. When creating the LoginContext, everything seems to work fine. In my logfiles, I can see, that the Module successfully authenticates the user with the correct roles. The commit() is called successfully, but then abort() is called and I'm getting a "User not authorized" error. The code worked fine on JBoss.

Any ideas?

Thanks a lot!

Nadine

Former Member · ‎02-02-2005

Hi Nadine,

to your second question:

>> It seems that I have to extract the login module from the application and to deploy it as a library - is this the only way?

No, it is not the only way but it <b>is</b> the recommended way to go when using custom login modules.

>> I'm sorry, but I couldn't find any help neither in SAP Service Marketplace, nor in SAP Documentation and exisitng SDN Threads.

Don't know if you've seen this tutorial already.. if not - it is quite comprehensive one containing all the steps of using the Developer Studio to develop, assemble, and deploy the login module, develop the source code itself, as well as configure the use of the login module in the Visual Administrator. You can find it on the following address:

http://service.sap.com/security -> Hot Topic J2EE -> SAP NW '04: J2EE Engine 6.40 -> Tutorial: Custom Login Module

Hope that helps!

Using custom LoginModule

Accepted Solutions (1)

Accepted Solutions (1)

Answers (2)

Answers (2)

Re: SAP BUILD deployment to production

Re: SAP Build process Automation - Document Extrac...

Re: Error for Document Date in AR Invoice #59921

Re: Trigger Basic Idoc from scratch

Re: How to navigate from ALV report output to Outl...