JBoss LoginInitialContext Factory Implementation

      Jboss has a series of implementation of InitialContext Factory, but  this blog only concentrated on org.jboss.security.jndi.LoginInitialContextFactory, and I was planned to prestent this issue as Two main part, Part One: Theroy-based(including some definition of LoginInitialContextFactory, InitialContext Properties description), and Part Two: Demo-based(Complete a simple demo which use LoginInitialContextFactory).

 

PART ONE: The Login InitialContext Factory Implementation

1. why LoginInitialContextFactory?

      JAAS is the preferred method for authenticating a remote client to JBoss. However, for simplicity and to ease the migration from other application server environment that does not use JAAS, JBoss allows you the security credentials to be passed through the InitialContext, so the LoginInitialContextFactory came out.

 

2. Originally or Old version JBoss DO NOT support LoginInitialContextFactory.

      Historically JBoss has not supported providing login information via the InitialContext factory environment. The reason being that is JAAS provides a much more flexible framework. For simplicity and migration from other application server environment that do make use of this mechanism, since jboss-3.0.3 there has been an InitialContext factory implementation that allow this.

 

3. How the LoginInitialContextFactory work(authenticating clients through JAAS)?

      Authough this kinds of authentication is thought as J2EE JAAS, but there is no manifest use of the JAAS interface in the client application, Only be taken placed in Server which we can say what JAASis used under the covers.

      What this basically does is that when the client is trying to download the naming proxy on the client side, JAAS login is performed with the login configuration name to be equal to the name passed in Context.SECURITY_PROTOCOL, username and credential from the context information. Only after the login succeeds, will the naming proxy be returned.

 

4. InitialContext environment properties for LoginInitialContextFactory

      The factory class that provides this capability is the org.jboss.security.jndi.LoginInitialContextFactory. The complete set of supported InitialContext environment properties for this factory as the below Table:

Name	Description	Value
java.naming.factory.initial (Context.INITIAL_CONTEXT_FACTORY )	The name of the environment property for specifying the initial context factory,	org.jboss.security.jndi.LoginInitialContextFactory
java.naming.provider.url (java.naming.provider.url )
java.naming.security.principal (Context.SECURITY_PRINCIPAL )	The principal to authenticate	This may be either a java.security.Principal implementation or a string representing the name of a principal.
java.naming.security.credentials (Context.SECURITY_CREDENTIALS )	The credentials that should be used to authenticate the principal
java.naming.factory.url.pkgs		For all JBoss JNDI provider this must be org.jboss.naming:org.jnp.interfaces
java.naming.security.protocol (Context.SECURITY_PROTOCOL)	This gives the name of the JAAS login module to use for the authentication of the principal and credentials.

Sample Java Code for this properties:

Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.LoginInitialContextFactory");
env.put(Context.PROVIDER_URL, "jnp://192.168.68.83");
env.put(Context.SECURITY_PRINCIPAL, "principal ");
env.put(Context.SECURITY_CREDENTIALS, "credentials ");
new InitialContext(env);

 

PART TWO: a simple Demo to use The Login InitialContext Factory Implementation

1. deploy a ejb on JBoss, the session bean class and remote interfaces as following:

public interface TestService {
	public abstract String ping();
	public abstract String getDate();
}

 

public interface TestServiceLocal extends TestService {

}

 

@Stateless
@Remote(TestService.class)
@Local(TestServiceLocal.class)
@TransactionManagement(TransactionManagementType.CONTAINER)
@TransactionAttribute(TransactionAttributeType.REQUIRED)
@PermitAll
public class LoginInitialContextFactoryTestSession implements TestServiceLocal{

	public String ping() {
		return "Ping LoginInitialContextFactoryTestSession suceessful...";
	}

	public String getDate() {
		return "[" + new SimpleDateFormat("yyyy-MM-dd'T'kk:mm:ss").format(new Date()) + "]";
	}

}

 as depicted: LoginInitialContextFactoryTestSession is a stateless seeion bean, it own a remote interface and local interface, also need transaction attribute and security setting. when we complete the deploy we can use LoginInitialContextFactory as factoty and pass the princial and credencials what to execute JAAS authentication and authrization, as fllowing code:

File authFile = new File("D:/dev-tools/jboss-eap-4.3/jboss-as/client/auth.conf");   
System.setProperty("java.security.auth.login.config", "file:///" + authFile.getAbsolutePath()); 
		
        Properties properties = new Properties();
        properties.setProperty(Context.INITIAL_CONTEXT_FACTORY , "org.jboss.security.jndi.LoginInitialContextFactory");
        properties.setProperty(Context.PROVIDER_URL, "jnp://192.168.68.83:1099");
        properties.setProperty(Context.SECURITY_PRINCIPAL, "homeTest");
        properties.setProperty(Context.SECURITY_CREDENTIALS, "kylin");
        
        Context ctx = new InitialContext(properties);
        TestService stub = (TestService) ctx.lookup("home-test-v2/LoginInitialContextFactoryTestSession/remote");
        System.out.println(stub);
        System.out.println(stub.ping());
        System.out.println(stub.getDate());

 

run the method the output stream will print:

jboss.j2ee:ear=home-test-v2.ear,jar=LoginInitialContextFactoryTestSession.jar,name=LoginInitialContextFactoryTestSession,service=EJB3
Ping LoginInitialContextFactoryTestSession suceessful...
[2011-05-19T16:28:36]

 

ENDING...