Sun Wbserver 7 Abhay Dabholkar

« CDSSO PART I | Main

Tuesday May 27, 2008

Custom Realm on Webserer 7.0u2

Sun Java System Web Server 7.0 suports following realms

1. File
2. LDAP
3. Solaris
4. Certificate
5. Native
6. Custom

To set a Authentication Realm from admin console
1. Select the configuration.
Select the configuration for which you need to add a new authentication realm. Click Configurations tab and select the configuration.
2. Click on Java > Security tab.
3. Click New Authentication Button.

Creating Custom Realm
Step 1 Implement JASS Login Module
Step 2 update web.xml & login.conf

Implementing JASS Login Module
Extend IASRealm. Code details can be found in samples directory in webserver 7 installation. Following is just a sample , no way a production code...





package com.sun.sls.cwp.realm;

import java.util.Properties;

import java.util.Vector;

import java.util.HashMap;

import com.sun.enterprise.security.acl.RoleMapper;

import com.sun.enterprise.security.auth.realm.BadRealmException;

import com.sun.enterprise.security.auth.realm.NoSuchUserException;

import com.sun.enterprise.security.auth.realm.NoSuchRealmException;

import com.sun.enterprise.security.auth.realm.InvalidOperationException;

import com.iplanet.ias.security.RealmConfig;

import com.iplanet.ias.security.auth.realm.IASRealm;

/**

 *

 * @author abhay

 */

public class CWPRealm extends IASRealm{

    public static final String AUTH_TYPE = "CWP";

    Properties _realmProperties = null;

    Vector  _emptyVector;




    /** Creates a new instance of CWPRealm */

    public CWPRealm() {

    }

    protected void init(Properties props)

    throws BadRealmException, NoSuchRealmException {

        _realmProperties = props;

        String jaasCtx = props.getProperty(IASRealm.JAAS_CONTEXT_PARAM);

        this.setProperty(IASRealm.JAAS_CONTEXT_PARAM, jaasCtx);

        _emptyVector = new Vector();

    }

        public String getAuthType()

    {

        return AUTH_TYPE;

    }

/* group hard coded in this example */

    public java.util.Enumeration getGroupNames(String username)

    throws InvalidOperationException, NoSuchUserException {

        Vector v = new Vector();

        v.add("cwp");

        v.add("employee");

        return v.elements();

    }




    public String getRealmProperty(String name) {

       return _realmProperties.getProperty(name);

    }

/* this can effectively used for caching */   

    public void setGroupNames(String username, String[] groups)    {

    }

}






package com.sun.sls.cwp.realm;




import java.util.Properties;

import java.util.Vector;

import java.util.HashMap;




import com.sun.enterprise.security.acl.RoleMapper;

import com.sun.enterprise.security.auth.realm.BadRealmException;

import com.sun.enterprise.security.auth.realm.NoSuchUserException;

import com.sun.enterprise.security.auth.realm.NoSuchRealmException;

import com.sun.enterprise.security.auth.realm.InvalidOperationException;




import com.iplanet.ias.security.RealmConfig;

import com.iplanet.ias.security.auth.realm.IASRealm;




/**

 *

 * @author abhay

 */

public class CWPRealm extends IASRealm{

    public static final String AUTH_TYPE = "CWP";

    Properties _realmProperties = null;

    Vector  _emptyVector;




    /** Creates a new instance of CWPRealm */

    public CWPRealm() {

    }

    protected void init(Properties props)

    throws BadRealmException, NoSuchRealmException {

        _realmProperties = props;

        String jaasCtx = props.getProperty(IASRealm.JAAS_CONTEXT_PARAM);

        this.setProperty(IASRealm.JAAS_CONTEXT_PARAM, jaasCtx);

        _emptyVector = new Vector();

    }

        public String getAuthType()

    {

        return AUTH_TYPE;

    }




    public java.util.Enumeration getGroupNames(String username)

    throws InvalidOperationException, NoSuchUserException {

        Vector v = new Vector();

        v.add("cwp");

        v.add("employee");

        return v.elements();

    }




        public String getRealmProperty(String name) {

       return _realmProperties.getProperty(name);

    }

   public void setGroupNames(String username, String[] groups)

    {




    }  




}

Updating web.xml file
Add following in default-web.xml



  <security-constraint>

     <web-resource-collection>

          <web-resource-name>video</web-resource-name>

          <description>

             Security constraint for resources in the video directory

          </description>

          <url-pattern>/video/*</url-pattern>

          <http-method>POST</http-method>

          <http-method>GET</http-method>

     </web-resource-collection>

     <auth-constraint>

          <description>

           constraint for rss and video feed

          </description>

          <role-name>cwp</role-name>

          <role-name>employee</role-name>

          <role-name>Administrator</role-name>

     </auth-constraint>

     <user-data-constraint>

          <description>SSL not required</description>

          <transport-guarantee>NONE
     </user-data-constraint>

</security-constraint>




<login-config>

    <auth-method>BASIC</auth-method>

    <realm-name>CWPAUTH</realm-name>

</login-config>\>




<security-role>

<role-name>employee</role-name>

</security-role>

<security-role>

<role-name>cwp</role-name>

</security-role>

Updating login.conf
Add following lines
CWPAUTH{
com.sun.sls.cwp.realm.Auth required;
};

Posted at 12:29PM May 27, 2008 by Abhay Dabholkar in Sun | Comments[0] | Permalink

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed

About This Weblog

Author: Abhay Dabholkar

Archives

« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today

Feeds

Search

Bookmarks

Other Blog Links

Today's Page Hits: 0