WebSphere Application Server, Version 6.1   
             オペレーティング・システム: AIX , HP-UX, Linux, Solaris, Windows, Windows Vista

             目次と検索結果のパーソナライズ化

例: インバウンド・マッピングのためのカスタム・ログイン・モジュール

このサンプルは、指定した NameCallback コールバックに基づ いて java.util.Hashtable ハッシュ・テーブルを作成する カスタム・ログイン・モジュールを示します。WebSphere Application Server ログイン・モジュールがハッシュ・テーブルの情報を見つけることができるように、java.util.Hashtable hashtable が sharedState java.util.Map マップに追加されます。

public customLoginModule()
{

	public void initialize(Subject subject, CallbackHandler callbackHandler, 
   Map sharedState, Map options) 
{
	// (For more information on initialization, see 
	//  システム・ログイン構成用のカスタム・ログイン・モジュール開発
.)
	_sharedState = sharedState;
}

public boolean login() throws LoginException 
{
	// (For more information on what to do during login, see 
	//  システム・ログイン構成用のカスタム・ログイン・モジュール開発
.)

   // Handles the WSTokenHolderCallback to see if this is an initial or 
   // propagation login.
	javax.security.auth.callback.Callback callbacks[] = 
     new javax.security.auth.callback.Callback[3];
	callbacks[0] = new javax.security.auth.callback.NameCallback("");
	callbacks[1] = new javax.security.auth.callback.PasswordCallback("Password: ", false);
		callbacks[2] = new com.ibm.websphere.security.auth.callback.
     WSCredTokenCallbackImpl("");
		callbacks[3] = new com.ibm.wsspi.security.auth.callback.
     WSTokenHolderCallback("");

	try
	{
                callbackHandler.handle(callbacks);
	} 
catch (Exception e)
	{
			// Handles the exception
	} 

	// Determines which callbacks contain information
	boolean identitySwitched = false;
	String uid = ((NameCallback) callbacks[0]).getName();
	char password[] = ((PasswordCallback) callbacks[1]).getPassword();
	byte[] credToken = ((WSCredTokenCallbackImpl) callbacks[2]).getCredToken();
	java.util.List authzTokenList = ((WSTokenHolderCallback) callbacks[3]).getTokenHolderList();
	if (credToken != null)
	{
		try {
			String uniqueID = WSSecurityPropagationHelper.validateLTPAToken(credToken);
			String realm = WSSecurityPropagationHelper.getRealmFromUniqueID (uniqueID);
       // Set the string to the UID so you can use the information to either 
       // map or login.
			uid = WSSecurityPropagationHelper.getUserFromUniqueID (uniqueID);
		}
catch (Exception e)
		{
	// handle exception
		}	
	}
	else if (uid == null)
	{
		// The authentication data is not valid. You must have either UID
    // or CredToken
		throw new WSLoginFailedException("invalid authentication data.");
	}
	else if (uid != null && password != null)
	{
     		// This is a typical authentication. You can choose to map this ID to
     // another ID or you can skip it and allow WebSphere Application Server
     // to log in for you. When passwords are presented, be very careful not
     // to validate the password because this is the initial authentication.
		
return true;
	}

  // You can map this uid to something else and set the identitySwitched
  // boolean. If the identity is changed, clear the following propagated
  // attributes so they are not used incorrectly.
	uid = myCustomMappingRoutine (uid);
	
	// Clear the propagated attributes because they no longer apply to the new identity
	if (identitySwitched)
	{
		((WSTokenHolderCallback) callbacks[3]).setTokenHolderList(null);
	}
		boolean requiresLogin = ((com.ibm.wsspi.security.auth.callback.
     WSTokenHolderCallback) callbacks[2]).requiresLogin();

	if (requiresLogin || identitySwitched)
	{
		// Retrieves the default InitialContext for this server.
javax.naming.InitialContext ctx = new javax.naming.InitialContext();

		// Retrieves the local UserRegistry object.
		com.ibm.websphere.security.UserRegistry reg = 
         (com.ibm.websphere.security.UserRegistry) ctx.lookup("UserRegistry");				

		// Retrieves the registry uniqueID based on the uid that is specified 
     // in the NameCallback.
		String uniqueid = reg.getUniqueUserId(uid);
	 	uid = WSSecurityPropagationHelper.getUserFromUniqueID (uniqueID);
			
		// Retrieves the display name from the user registry based on the uniqueID.
		String securityName = reg.getUserSecurityName(uid);
	
		// Retrieves the groups associated with this uniqueID.
		java.util.List groupList = reg.getUniqueGroupIds(uid);
			
		// Creates the java.util.Hashtable with the information that you gathered 
     // from the UserRegistry.
		java.util.Hashtable hashtable = new java.util.Hashtable();
			hashtable.put(com.ibm.wsspi.security.token.AttributeNameConstants.
       WSCREDENTIAL_UNIQUEID, uniqueid);
     			hashtable.put(com.ibm.wsspi.security.token.AttributeNameConstants.
       WSCREDENTIAL_SECURITYNAME, securityName);
			hashtable.put(com.ibm.wsspi.security.token.AttributeNameConstants.
       WSCREDENTIAL_GROUPS, groupList);

// Adds a cache key that is used as part of the lookup mechanism for
// the created Subject. The cache key can be an object, but has
// an implemented toString method. Make sure the cacheKey contains enough 
		// information to scope it to the user and any additional attributes you are 
     // using. If you do not specify this property, the Subject is scoped to the
		// WSCREDENTIAL_UNIQUEID returned, by default.
			hashtable.put(com.ibm.wsspi.security.token.AttributeNameConstants.
       WSCREDENTIAL_CACHE_KEY, "myCustomAttribute" + uniqueid);
		// Adds the hashtable to the shared state of the Subject.
				_sharedState.put(com.ibm.wsspi.security.token.AttributeNameConstants.
       WSCREDENTIAL_PROPERTIES_KEY,hashtable);
	}
	else if (requiresLogin == false)
	{
		// For more information on this section, see 
     // セキュリティー属性の伝搬
.
		// If you added a custom Token implementation, you can search through the 
     // token holder list for it to deserialize.
		// Note: Any Java objects are automatically deserialized by 
     // wsMapDefaultInboundLoginModule
		
		for (int i=0; i<authzTokenList.size(); i++)
		{
			if (authzTokenList[i].getName().equals("com.acme.MyCustomTokenImpl")
			{
				byte[] myTokenBytes = authzTokenList[i].getBytes();

          // Passes these bytes into the constructor of your implementation 
          // class for deserialization.
				com.acme.MyCustomTokenImpl myTokenImpl = new com.acme.MyCustomTokenImpl(myTokenBytes);
			}
		}
	}
}

public boolean commit() throws LoginException 
{
	// (For more information on what to do during a commit, see
  //   システム・ログイン構成用のカスタム・ログイン・モジュール開発
.)
}

// Defines your login module variables
com.ibm.wsspi.security.token.AuthorizationToken customAuthzToken = null;
com.ibm.wsspi.security.token.AuthenticationToken defaultAuthToken = null;
java.util.Map _sharedState = null;
}



関連概念
セキュリティー属性の伝搬
関連タスク
インバウンド ID マッピングの構成
関連資料
システム・ログイン構成用のカスタム・ログイン・モジュール開発
参照トピック    

ご利用条件 | フィードバック

最終更新: Jan 21, 2008 5:05:53 PM EST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/xsec_custloginbmap.html