JAAS Archive

JAAS Login in Weblogic Server

The Java Authentication and Authorization Service (JAAS) is a standard extension to the security in the J2SE Development Kit 5.0. JAAS provides the ability to enforce access controls based on user identity. JAAS is provided in WebLogic Server as an alternative to the JNDI authentication mechanism.

WebLogic Server clients use the authentication portion of the standard JAAS only. The JAAS LoginContext provides support for the ordered execution of all configured authentication provider LoginModule instances and is responsible for the management of the completion status of each configured provider.

JAASLogin.java

import javax.security.auth.Subject;
import javax.security.auth.callback.*;
import javax.security.auth.login.*;

import weblogic.security.auth.callback.URLCallback;

public class JAASLogin
{
private static final class ConfigInfo
{
static String USERID = “weblogic”;
static String PASSWORD = “weblogic”;
static String URL = “t3://10.10.71.79:7001?;
static String JAAS_STRING = “other”;

}

public static void main(String[] args)
{

try{
System.out.println(“Server is at ” + ConfigInfo.URL);
System.out.println(“Userid: ” + ConfigInfo.USERID);
System.out.println(“Password: ” + ConfigInfo.PASSWORD);
LoginContext lc = new LoginContext(ConfigInfo.JAAS_STRING, new JAASLogin.CallbackHandler(ConfigInfo.USERID, ConfigInfo.PASSWORD, ConfigInfo.URL));
System.out.println(“LoginContext:: “);
lc.login();
System.out.println(“lc.login():: “);
Subject subject = lc.getSubject();
System.out.println(“Subject: ” + subject);
}
catch(AccountExpiredException ae){

ae.printStackTrace();
}
catch(CredentialExpiredException ce){

ce.printStackTrace();
}
catch(FailedLoginException fe){

fe.printStackTrace();
}
catch(LoginException le){

le.printStackTrace();
}

}

private static final class CallbackHandler implements javax.security.auth.callback.CallbackHandler
{
private String userid;
private String password;
private String url;

public CallbackHandler(String userid, String password, String url)
{
this.userid = userid;
this.password = password;
this.url = url;
}
public void handle(Callback[] callbacks) throws UnsupportedCallbackException
{
for (int i = 0; i < callbacks.length; i++)
{
if (callbacks[i] instanceof TextOutputCallback)
{
TextOutputCallback toc = (TextOutputCallback)callbacks[i];
System.err.println(“JAAS callback: ” + toc.getMessage());
}
else if (callbacks[i] instanceof NameCallback)
{
NameCallback nc = (NameCallback)callbacks[i];
nc.setName(userid);
}
else if (callbacks[i] instanceof PasswordCallback)
{
PasswordCallback pc = (PasswordCallback)callbacks[i];
pc.setPassword(password.toCharArray());
}
else if (callbacks[i] instanceof weblogic.security.auth.callback.URLCallback)
{
URLCallback uc = (URLCallback)callbacks[i];
uc.setURL(url);
}
else
{
System.out.println(callbacks[i] + ” Unrecognized Callback”);
throw new UnsupportedCallbackException(callbacks[i], “Unrecognized Callback”);
}
}
}
}
}