Reputation: 1449
I think I've got a high level understanding of WebLogic's AuthenticationProviders
, but I can't get my head around how to pass user credentials to a provider.
When reading up on JAAS, I think I've got a grasp of how to use a LoginContext
to perform a login. The LoginContext
picks up on the LoginModule
and JAAS options from the JAAS config file. By defining an instance of some CallbackHandler
, you can pass along user credentials. After calling LoginContext.login()
, the login is performed using the associated LoginModule
.
After going through Oracle's documentation on AuthorizationProviders
, most of it seems pretty straightforward. An AuthenticationProvider
utilizes JAAS to perform a login. It seems like an AuthenticationProvider
manages a LoginContext
internally.
What I'm having a hard time grasping/finding is how WebLogic manages the LoginContext
and the CallbackHandler
that eventually get passed to the LoginModule.initialize
method.
The app:
Currently, the application uses a form login and submits with a "j_security_check" action. There's a custom AuthenticationProvider
and LoginModule
that handles the login and processes the username and password submitted in the form.
I'm assuming WebLogic can handle the "j_security_check" action internally and knows how to map the form input fields to a CallbackHandler
that's passed to the custom LoginModule
.
I'm attempting to create a second login process that involves extracting credentials (username/password) from HTTP request headers. The credentials are currently extracted with a servlet filter. One way or another, I'd like to pass these credentials to the LoginModule
that's already in place for the form login.
I would like to do one of the following:
AuthenticationProvider
(through some custom AuthenticationProvider
implementation and/or configuration)AuthenticationProvider
.What can I do to pass the header credentials to the LoginModule
?
AuthenticationProvider
that can pull a username and password from a header? Can you describe the flow from the request to the login?CallbackHandler
or LoginContext
used by an AuthenticationProvider
? This way I can pass the credentials to the AuthenticationProvider
myself.AuthenticationProvider
?It's very possible I'm missing some key concepts along the way, so feel free to put me on the right track with anything I've mentioned.
Thanks!
Upvotes: 2
Views: 2765
Reputation: 224
It's an old thread but I felt that it might be worth adding that a container agnostic option would be to call httpRequest.login(username,password) method.
Upvotes: 1
Reputation: 1449
My biggest hangup with understanding WebLogic's AuthenticationProviders
was in understanding how to pass the credentials. It seemed like too many things were "automagically" happening behind-the-scenes. I felt like I had to somehow get access to a LoginContext
and/or CallbackHandler
that WebLogic manipulated in the background. I was on the right track, but missed something important about JAAS authentication...
Authentication Providers - How JAAS Works With the WebLogic Security Framework
Steps 3 and 4 of a JAAS authentication are listed as:
The WebLogic Server container calls into the WebLogic Security Framework. If there is a client-side CallbackHandler containing authentication information, this is passed into the WebLogic Security Framework.
For each of the configured Authentication providers, the WebLogic Security Framework creates a CallbackHandler using the authentication information that was passed in. (These are internal CallbackHandlers created on the server-side by the WebLogic Security Framework, and are not related to the client's CallbackHandler.)
This is the part that threw me off. My mind was tunneled in on a CallbackHandler
passing WebLogic the authentication information. I failed to pick up on the note shown at the end of the steps:
Note:
For authentication performed entirely on the server-side, the process would begin at step 3, and the WebLogic Server container would call the weblogic.security.services.authentication.login method prior to step 4.
Authentication - Method Summary
And wouldn't you know it... Authentication
has four login
methods, each of which accepts a CallbackHandler
!
For my situation, I can use the servlet filter to pick out the credentials from a request header, pass them to a CallbackHandler
, then call Authentication.login(CallbackHandler callbackHandler)
to successfully log in with a custom LoginModule
.
Upvotes: 2