abort() called on LoginModule when login() returns true for Weblogic 8.1 - Weblogic

This is a discussion on abort() called on LoginModule when login() returns true for Weblogic 8.1 - Weblogic ; Hi, I'm trying to create my own Authentication Provider for Weblogic 8.1. I have modified the Manageable Sample Authentication Provider to gain access to my user database. Everything went smoothly until the last vital step. Even though the login() method ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: abort() called on LoginModule when login() returns true for Weblogic 8.1

  1. abort() called on LoginModule when login() returns true for Weblogic 8.1

    Hi,

    I'm trying to create my own Authentication Provider for Weblogic 8.1. I
    have modified the Manageable Sample Authentication Provider to gain
    access to my user database. Everything went smoothly until the last
    vital step. Even though the login() method of my LoginModule returns
    true, its abort() method is called instead of the commit() method. The
    correct group is added to the principalsForSubject Vector during the
    login() method. Does anyone have any suggestions on what I have done
    wrong? Any suggestions would be most appreciated.

    Best regards
    Brynjar Glesnes


    My LoginModule follows:


    import java.io.IOException;
    import java.util.ArrayList;
    import java.util.Collection;
    import java.util.Iterator;
    import java.util.Map;
    import java.util.Vector;

    import javax.security.auth.Subject;
    import javax.security.auth.callback.Callback;
    import javax.security.auth.callback.CallbackHandler;
    import javax.security.auth.callback.NameCallback;
    import javax.security.auth.callback.PasswordCallback;
    import javax.security.auth.callback.UnsupportedCallbackEx ception;
    import javax.security.auth.login.LoginException;
    import javax.security.auth.login.FailedLoginException;
    import javax.security.auth.spi.LoginModule;

    import com.takecargo.domainentities.user.UserEntityVO;
    import com.takecargo.domainentities.role.GroupVO;

    import weblogic.security.principal.WLSGroupImpl;
    import weblogic.security.principal.WLSUserImpl;

    final public class MyLoginModuleImpl implements LoginModule {

    private Subject subject;
    private CallbackHandler callbackHandler;
    private MyDAO accessor;

    private boolean isIdentityAssertion;

    // Authentication status
    private boolean loginSucceeded;
    private boolean principalsInSubject;
    private Vector principalsForSubject = new Vector();

    public void initialize(Subject subject, CallbackHandler
    callbackHandler,
    Map sharedState, Map options) {
    debug("ManageableSampleLoginModuleImpl.initialize");
    this.subject = subject;
    this.callbackHandler = callbackHandler;

    // Determine if we're in identity assertion or authentication
    mode
    isIdentityAssertion =

    "true".equalsIgnoreCase((String)options.get("IdentityAssertion"));

    // Get the object that manages the user and group definitions
    accessor = (MyDAO)options.get("accessor");
    }

    public boolean login() throws LoginException {
    try {
    debug("LdapLoginModuleImpl.login");

    Callback[] callbacks = getCallbacks();

    String userName = getUserName(callbacks);
    if (userName.length() > 0) {
    UserEntityVO user = accessor.getUser(userName);

    if (!isIdentityAssertion) {
    try {
    accessor.authenticate(userName,
    getPasswordHave(userName, callbacks));
    } catch (DAOException e) {
    throwFailedLoginException(
    "Login failed for " + userName);
    }
    }

    loginSucceeded = true;

    principalsForSubject.add(new WLSUserImpl(userName));
    Collection groups = listMemberGroups(user);
    for (Iterator i = groups.iterator(); i.hasNext() {
    GroupVO group = (GroupVO)i.next();
    String groupName = group.getGroupName();
    debug("\tgroupName\t= " + groupName);
    principalsForSubject.add(new
    WLSGroupImpl(groupName));
    }
    } else {
    SimpleDebugger.debug("\tempty userName");

    loginSucceeded = false;
    }

    SimpleDebugger.debug("Login resulted in " +
    loginSucceeded);

    return loginSucceeded;
    } catch (Exception e) {
    throwLoginException("Failure when authenticating");
    return false;
    }
    }

    protected Collection listMemberGroups(UserEntityVO userVO) {
    ...
    }

    public boolean commit() throws LoginException {
    debug("LdapLoginModule.commit");
    if (loginSucceeded) {
    subject.getPrincipals().addAll(principalsForSubjec t);
    principalsInSubject = true;
    return true;
    } else {
    return false;
    }
    }

    public boolean abort() throws LoginException {
    debug("LdapLoginModule.abort");
    if (principalsInSubject) {
    subject.getPrincipals().removeAll(principalsForSub ject);
    principalsInSubject = false;
    }
    return true;
    }

    ...
    }


  2. Re: abort() called on LoginModule when login() returns true for Weblogic 8.1

    Hi,

    I solved the problem myself.

    In the Weblogic Console I had kept the DefaultAuthenticator and the
    DefaultIdentityAsserter to hold the authentication details for the
    Weblogic Console itself, whereas my custom LoginModule was to hold
    authentication data for the application running on the Weblogic Server.

    When Changing the "Control Flag" to SUFFICIENT on both authenticators,
    my problem vanished.

    Regards
    Brynjar


  3. Re: abort() called on LoginModule when login() returns true for Weblogic 8.1

    Hi,

    I'm also facing the same issue.
    I dont know whether the correct group is added to the principalsForSubject Vector during the
    login() method. I used the following statements to add groups.

    principalsForSubject.add(new WLSUserImpl(userName));
    addGroupsForSubject(userName);

    Could you please suggest if the above methods are wrong to add groups?

    I changed the "Control Flag" to SUFFICIENT on DefaultAuthenticator .

    Thanks and regards,
    Swathi

  4. Re: abort() called on LoginModule when login() returns true for Weblogic 8.1

    Hi Brynjar,

    we are also facing the same issue. I have written custom SSPI connector.

    we are using WebLogic 9.2 version.

    But, I tried the same as you suggested. I couldn't resolve it.

    Please suggest.

+ Reply to Thread