このサンプルは、指定した NameCallback コールバックに基づ いて java.util.Hashtable ハッシュ・テーブルを作成する カスタム・ログイン・モジュールを示します。WebSphere Application Server ログイン・モジュールがハッシュ・テーブルの情報を見つけることができるように、java.util.Hashtable hashtable が sharedState java.util.Map マップに追加されます。
public customLoginModule() { public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { // (For more information on initialization, see // システム・ログイン構成用のカスタム・ログイン・モジュール開発 .) _sharedState = sharedState; } public boolean login() throws LoginException { // (For more information on what to do during login, see // システム・ログイン構成用のカスタム・ログイン・モジュール開発 .) // Handles the WSTokenHolderCallback to see if this is an initial or // propagation login. javax.security.auth.callback.Callback callbacks[] = new javax.security.auth.callback.Callback[3]; callbacks[0] = new javax.security.auth.callback.NameCallback(""); callbacks[1] = new javax.security.auth.callback.PasswordCallback("Password: ", false); callbacks[2] = new com.ibm.websphere.security.auth.callback. WSCredTokenCallbackImpl(""); callbacks[3] = new com.ibm.wsspi.security.auth.callback. WSTokenHolderCallback(""); try { callbackHandler.handle(callbacks); } catch (Exception e) { // Handles the exception } // Determines which callbacks contain information boolean identitySwitched = false; String uid = ((NameCallback) callbacks[0]).getName(); char password[] = ((PasswordCallback) callbacks[1]).getPassword(); byte[] credToken = ((WSCredTokenCallbackImpl) callbacks[2]).getCredToken(); java.util.List authzTokenList = ((WSTokenHolderCallback) callbacks[3]).getTokenHolderList(); if (credToken != null) { try { String uniqueID = WSSecurityPropagationHelper.validateLTPAToken(credToken); String realm = WSSecurityPropagationHelper.getRealmFromUniqueID (uniqueID); // Set the string to the UID so you can use the information to either // map or login. uid = WSSecurityPropagationHelper.getUserFromUniqueID (uniqueID); } catch (Exception e) { // handle exception } } else if (uid == null) { // The authentication data is not valid. You must have either UID // or CredToken throw new WSLoginFailedException("invalid authentication data."); } else if (uid != null && password != null) { // This is a typical authentication. You can choose to map this ID to // another ID or you can skip it and allow WebSphere Application Server // to log in for you. When passwords are presented, be very careful not // to validate the password because this is the initial authentication. return true; } // You can map this uid to something else and set the identitySwitched // boolean. If the identity is changed, clear the following propagated // attributes so they are not used incorrectly. uid = myCustomMappingRoutine (uid); // Clear the propagated attributes because they no longer apply to the new identity if (identitySwitched) { ((WSTokenHolderCallback) callbacks[3]).setTokenHolderList(null); } boolean requiresLogin = ((com.ibm.wsspi.security.auth.callback. WSTokenHolderCallback) callbacks[2]).requiresLogin(); if (requiresLogin || identitySwitched) { // Retrieves the default InitialContext for this server. javax.naming.InitialContext ctx = new javax.naming.InitialContext(); // Retrieves the local UserRegistry object. com.ibm.websphere.security.UserRegistry reg = (com.ibm.websphere.security.UserRegistry) ctx.lookup("UserRegistry"); // Retrieves the registry uniqueID based on the uid that is specified // in the NameCallback. String uniqueid = reg.getUniqueUserId(uid); uid = WSSecurityPropagationHelper.getUserFromUniqueID (uniqueID); // Retrieves the display name from the user registry based on the uniqueID. String securityName = reg.getUserSecurityName(uid); // Retrieves the groups associated with this uniqueID. java.util.List groupList = reg.getUniqueGroupIds(uid); // Creates the java.util.Hashtable with the information that you gathered // from the UserRegistry. java.util.Hashtable hashtable = new java.util.Hashtable(); hashtable.put(com.ibm.wsspi.security.token.AttributeNameConstants. WSCREDENTIAL_UNIQUEID, uniqueid); hashtable.put(com.ibm.wsspi.security.token.AttributeNameConstants. WSCREDENTIAL_SECURITYNAME, securityName); hashtable.put(com.ibm.wsspi.security.token.AttributeNameConstants. WSCREDENTIAL_GROUPS, groupList); // Adds a cache key that is used as part of the lookup mechanism for // the created Subject. The cache key can be an object, but has // an implemented toString method. Make sure the cacheKey contains enough // information to scope it to the user and any additional attributes you are // using. If you do not specify this property, the Subject is scoped to the // WSCREDENTIAL_UNIQUEID returned, by default. hashtable.put(com.ibm.wsspi.security.token.AttributeNameConstants. WSCREDENTIAL_CACHE_KEY, "myCustomAttribute" + uniqueid); // Adds the hashtable to the shared state of the Subject. _sharedState.put(com.ibm.wsspi.security.token.AttributeNameConstants. WSCREDENTIAL_PROPERTIES_KEY,hashtable); } else if (requiresLogin == false) { // For more information on this section, see // セキュリティー属性の伝搬 . // If you added a custom Token implementation, you can search through the // token holder list for it to deserialize. // Note: Any Java objects are automatically deserialized by // wsMapDefaultInboundLoginModule for (int i=0; i<authzTokenList.size(); i++) { if (authzTokenList[i].getName().equals("com.acme.MyCustomTokenImpl") { byte[] myTokenBytes = authzTokenList[i].getBytes(); // Passes these bytes into the constructor of your implementation // class for deserialization. com.acme.MyCustomTokenImpl myTokenImpl = new com.acme.MyCustomTokenImpl(myTokenBytes); } } } } public boolean commit() throws LoginException { // (For more information on what to do during a commit, see // システム・ログイン構成用のカスタム・ログイン・モジュール開発 .) } // Defines your login module variables com.ibm.wsspi.security.token.AuthorizationToken customAuthzToken = null; com.ibm.wsspi.security.token.AuthenticationToken defaultAuthToken = null; java.util.Map _sharedState = null; }