Why queries are private inside DefaultAuthProvider instead of protected? I can’'t now extend it to change the query.
Also why AuthProvider class doesn’'t follow JAAS standards? Anyway, queries must be gathered from outiside. Maybe from conf/jive_messenger.xml
Hope it’'ll change in svn/trunk.
Evrim.
DefaultAuthProvider is an implementation, if you want to create a new AuthProvider you can copy DefaultAuthProvider and make the changes there.
JAAS is tricky on the server side since it’‘s typically built towards a client application. For instance how to handle Callback handlers on a server? (Actually XMPP could probably handle it). It worth looking into. What’'s your experience with JAAS?
Noah
Abstraction is good but useless unless rooting from a standard. You should read some java security book.
Start from google or here: http://java.sun.com/developer/technicalArticles/Security/jaasv2/
Have a nice day.
Evrim.
Ok, here is the JBoss authentication provider. It’'s simple. One may provide jbossauth.securitydomain property inside jive-messenger.xml. Otherwise it defaults to “other”.
package org.jivesoftware.messenger.auth;
import java.security.Principal;
public class JBossProvider implements AuthProvider {
protected String securityDomain = null;
public JBossProvider() {
this.securityDomain = JiveGlobals.getXMLProperty(“jbossauth.securitydomain”);
if (null == this.securityDomain)
this.securityDomain = “other”;
}
public boolean isPlainSupported() {
return true;
}
public boolean isDigestSupported() {
return false;
}
public void authenticate(String nick, String pass)
throws UnauthorizedException {
Principal p = new SimplePrincipal(nick);
CallbackHandler handler =
new org.jboss.security.auth.callback.SecurityAssociationHandler(p, pass.toCharArray());
try {
LoginContext lc = new LoginContext(securityDomain, handler);
lc.login();
} catch (LoginException e) {
throw new UnauthorizedException();
}
}
public void authenticate(String username, String token, String digest)
throws UnauthorizedException {
// FIXME: Somebody will do it in the future.
throw new UnauthorizedException(
“Digest authentication is not implemented yet.”);
}
}
It seems this module is not sufficient to login to admin console. I have added a username which is ok for jboss login-module also added to authorizedUsernames inside jive-messenger.xml but refuses to login.
Any ideas? I’‘ll continue tomorrow i’'m very tired.
Have a nice day.
The login is page only allows certain users (based on name) to access the admin portlet…
The Jive property it’'s looking for its adminConsole.authorizedUsernames which is a comma separated list of users. You need to make sure that your “Admin” user matches one of the names on the list.
Noah
I’‘ve seen that if user do not exists in UserProvider db, any authenticationProvider doesn’‘t work cos’’ UserManager decides the final decision.