Example: custom AuthenticationToken login module

This file shows how to determine if the login is an initial login or a propagation login

public customLoginModule() 
{
	public void initialize(Subject subject, CallbackHandler callbackHandler, 
    Map sharedState, Map options) 
	{
   // (For more information on what to do during initialization, see
   // Custom login module development for a system login configuration.)
		_sharedState = sharedState;
	}

	public boolean login() throws LoginException 
	{
   // (For information on what to do during login, see
   // Custom login module development for a system login configuration.)

		// Handles the WSTokenHolderCallback to see if this is an initial or 
     // propagation login.
		Callback callbacks[] = new Callback[1];
		callbacks[0] = new WSTokenHolderCallback("Authz Token List: ");
	        
		try
		{
			callbackHandler.handle(callbacks);
		} 
		catch (Exception e)
		{
			// Handles exception
		} 
            
		// Receives the ArrayList of TokenHolder objects (the serialized tokens)
		List authzTokenList = ((WSTokenHolderCallback) callbacks[0]).getTokenHolderList();
        
		if (authzTokenList != null)
		{
			// Iterates through the list looking for your custom token
			for (int i=0; i<authzTokenList.size(); i++)
			{
				TokenHolder tokenHolder = (TokenHolder)authzTokenList.get(i);

          // Looks for the name and version of your custom AuthenticationToken
          // implementation
				if (tokenHolder.getName().equals("your_oid_name") && tokenHolder.getVersion() == 1)
				{
            // Passes the bytes into your custom AuthenticationToken constructor
            // to deserialize
					customAuthzToken = new 									
						com.ibm.websphere.security.token.
               CustomAuthenticationTokenImpl(tokenHolder.getBytes());

				}
			}
		}
		else 
          // This is not a propagation login. Create a new instance of your 
          // AuthenticationToken implementation
		{
        //  Gets the principal from the default AuthenticationToken. This principal
        //  should match all default tokens.
        //  Note: WebSphere Application Server run time only enforces this for
        //  default tokens. Thus, you can choose  
        //  to do this for custom tokens, but it is not required.
			defaultAuthToken = (com.ibm.wsspi.security.token.AuthenticationToken) 
				sharedState.get(com.ibm.wsspi.security.auth.callback.Constants.WSAUTHTOKEN_KEY);
			String principal = defaultAuthToken.getPrincipal();

       // Adds a new custom authentication token. This is an initial login. Pass
       // the principal into the constructor 
			customAuthToken = new com.ibm.websphere.security.token.
          CustomAuthenticationTokenImpl(principal);

			// Adds any initial attributes
			if (customAuthToken != null)
			{
				customAuthToken.addAttribute("key1", "value1");
				customAuthToken.addAttribute("key1", "value2");
				customAuthToken.addAttribute("key2", "value1");
				customAuthToken.addAttribute("key3", "something different");
			}
		}

     // Note: You can add the token to the Subject during commit in case
     // something happens during the login.
	}

	public boolean commit() throws LoginException 
	{
   // (For more information on what do during commit, see
   // Custom login module development for a system login configuration.)

		if (customAuthToken != null)
		{
			// Sets the customAuthToken token into the Subject
			try
			{
				private final AuthenticationToken customAuthTokenPriv = customAuthToken;
          // Do this in a doPrivileged code block so that application code does
          // not need to add additional permissions
				java.security.AccessController.doPrivileged(new java.security.PrivilegedAction() 
				{
					public Object run() 
					{
						try
						{
                  // Adds the custom Authentication token if it is not
                  // null and not already in the Subject
                          						if ((customAuthTokenPriv != null) && 			
									(!subject.getPrivateCredentials().
                        contains(customAuthTokenPriv)))
							{
								subject.getPrivateCredentials().add(customAuthTokenPriv);
							}
						} 
						catch (Exception e)
						{
							throw new WSLoginFailedException (e.getMessage(), e);
						}

						return null;
					}
				});
			}
			catch (Exception e)
			{
				throw new WSLoginFailedException (e.getMessage(), e);
			}
		}
	}

	// Defines your login module variables
	com.ibm.wsspi.security.token.AuthenticationToken customAuthToken = null;
	com.ibm.wsspi.security.token.AuthenticationToken defaultAuthToken = null;
	java.util.Map _sharedState = null;
}

---

Implementing a custom AuthenticationToken

Custom login module development for a system login configuration
    

 

---