Filling in the Source Code for the
Authentication Template
Prerequisites
A new Java project is created.
A new Java class is created.
Procedure
...
1. Create source code for each method in the class, using the template structure.
2. Choose File ® Save.
Result
You can see the following in the Package Explorer view of the SAP NetWeaver Developer Studio:
Example
/** * Copyright (c) 2002 by SAP AG, Walldorf., * url: http://www.sap.com * All rights reserved. * * This software is the confidential and proprietary information * of SAP AG, Walldorf. You shall not disclose such Confidential * Information and shall use it only in accordance with the terms * of the license agreement you entered into with SAP. */
import java.util.Map; import java.io.IOException;
import javax.security.auth.login.LoginException; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.Callback; import javax.security.auth.callback.UnsupportedCallbackException;
import com.sap.engine.interfaces.security.auth.AbstractLoginModule; import com.sap.engine.lib.security.http.HttpGetterCallback; import com.sap.engine.lib.security.http.HttpCallback; import com.sap.engine.lib.security.LoginExceptionDetails; import com.sap.engine.lib.security.Principal;
public class ExampleLoginModule extends AbstractLoginModule {
private CallbackHandler callbackHandler = null; private Subject subject = null; private Map sharedState = null; private Map options = null; private String userName = null; private boolean successful; private boolean nameSet;
/** * Initialize the login module with the relevant * authentication and state information. */ public void initialize( Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { super.initialize(subject, callbackHandler, sharedState, options);
this.callbackHandler = callbackHandler; this.subject = subject; this.sharedState = sharedState; this.options = options; this.successful = false; this.nameSet = false; }
/** * Retrieves the user credentials and checks them. This is * the first part of the authentication process. */ public boolean login() throws LoginException { /* Get the user name from HTTP request parameters. */ Callback[] callbacks = new Callback[1]; callbacks[0] = new HttpGetterCallback();
/* The type and the name specify which part of the HTTP request should be retrieved. For web container authentication the supported types are defined in interface com.sap.engine.lib.security.http.HttpCallback. For programmatic authentication with custom callback handler the supported types depend on the used callback handler.*/ ((HttpGetterCallback) callbacks[0]).setType( HttpCallback.REQUEST_PARAMETER); ((HttpGetterCallback) callbacks[0]).setName("user_name");
try { callbackHandler.handle(callbacks); } catch (UnsupportedCallbackException e) { return false; } catch (IOException e) { throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION); }
/* Returns an array of all request parameters with name "user_name". */ String[] requestParameters = (String[]) ((HttpGetterCallback) callbacks[0]).getValue(); if ((requestParameters != null) && requestParameters.length > 0) { userName = requestParameters[0]; }
if (userName == null) { throwNewLoginException("No user name provided."); }
/* After the user name is known, an update of the user info from the persistance should be made. The operation must be done before the user credentils checks. This method also checks the user name so that if user with such name does not exist in the active user store, a java.lang.SecurityException is thrown.*/ try { refreshUserInfo(userName); } catch (SecurityException e) { throwUserLoginException(e); }
/* Checks if the given user name starts with the specified prefix in the login module otions. If no prefix is specified, then all users are trusted.*/ String prefix = (String) options.get("user_name_prefix");
if ((prefix != null) && !userName.startsWith(prefix)) { throwNewLoginException("The user is not trusted."); }
/* This is done if the authentication of the login module is successful. Only one and exactly one login module from the stack must put the user name in the shared state. This user name is considered to represent the authenticated user. For example if the login is successful, method getRemoteUser () of the HTTP request will retrieve exactly this name. */ if (sharedState.get(AbstractLoginModule.NAME) == null) { sharedState.put(AbstractLoginModule.NAME, userName); nameSet = true; } successful = true; return true; }
/** * Commit the login. This is the second part of the * authentication process. * * If a user name has been stored by the login() method, it * is added to the subject as new principal. */ public boolean commit() throws LoginException { if (successful) { /* The principals that are added to the subject should implement java.security.Principal. You can use the class com.sap.engine.lib.security.Principal for this purpose. */ Principal principal = new Principal(userName);
subject.getPrincipals().add(principal);
/* If the login is successful, then the principal corresponding to the <userName> ( the same user name that has been added to shared state ) must be added in the shared state too. This principal is considered to be the main principal representing the user. For example, this principal will be retrieved from method getUserPrincipal() of HTTP request. */ if (nameSet) { sharedState.put(AbstractLoginModule.PRINCIPAL, principal); } } else { userName = null; }
return true; }
/** * Abort the authentication process. */ public boolean abort() throws LoginException { if (successful) { userName = null; successful = false; }
return true; }
/** * Log out the user. Also removes the principals and * destroys or removes the credentials that were associated * with the user during the commit phase. */ public boolean logout() throws LoginException { if (successful) { subject.getPrincipals(Principal.class).clear(); successful = false; }
return true; } } |