Friday, June 1, 2007

Authentication using JAAS and Kerberos


A lot of Organizations tend to use Kerberos for authentication and JAAS does support Kerberos for authenticating users. Well here is a step-by-step approach to Kerberos authentication with JAAS. I am not going to talk about Kerberos server or the installation. It is all about authentication. Please see the list of issues below.

-Djava.security.krb5.conf=krb5.conf
-Djava.security.auth.login.config=$FILE-PATH\kerberoscontext.conf -Djava.security.krb5.realm=ABC.NET
-Djava.security.krb5.kdc=ABC.XYZ.NET

The above configurations are required and I will explain each one of them.

1. Create a file krb5.conf and here are the contents of the file.
Place this file in JAVA_HOME/jre/lib/security. This is required by this configuration here -Djava.security.krb5.conf=krb5.conf. No need of file path.

[libdefaults]
default_realm = ABC.NET
dns_lookup_kdc = true

[domain_realm]
.abc.net = ABC.NET

You need to get this information from the Organization's Kerberos management team or administrators. You need to know Kerberos REALM and Kerberos KDC.

2. Create a Kerberos login module configuration file (kerberoscontext.conf). Place this file anywhere you like, but you need to mention the absolute file path within this configuration parameter : -Djava.security.auth.login.config=$FILE-PATH>\kerberoscontext.conf . This file is a JAAS requirement.

Kerberos5LoginModule {
com.sun.security.auth.module.Krb5LoginModule required debug="true"
};

One can add more parameters depending upon the needs. This is the minimum requirements.

3. Now you need to develop a Security Service or Manager which can authenticate based on the user input (user & password). You can find the complete code here AuthenticationService.

4. You also need to develop a Login Module Adapter. This makes the Authentication Service decoupled from the type of Authentication(Kerberos, NT, AD, Unix etc.). This is very important even if you know what type of authentication you are going to use. This type of Design is very important when you are involved in Agile development. Agile Development warrants a developer with adding code incrementally and adding functionality incrementally. Adding functionality will certainly add code, but adding code might not add functionality to the application. Check the code for Login Module Adapter. KerberosLoginModuleAdapter.


5. AuthenticationService is an implementation of IAuthenticationService. This interface has a method authenticate(user, password). This method needs to be implemented. Once the user is authenticated , the necessary data is captured within A User object (for e.g IUser). This object can be used within the application as per the needs.

6. Develop a test program to test authentication. Pass the above -D parameters as VM parameters to the test program.

References:
JAAS API
Kerberos reference.

Posted by at
Labels:

Display Tag and External Pagination with Spring and Hibernate

Display tag is a very handy tag for displaying data in a tabular format.
I had to design and implement external pagination making use of the provided PaginatedList interface. What does it take to make it work:

Display tag requires an object of type PaginatedList. PaginatedList is an Interface as provided by Display Tag. The Web page (a jsp in this case required an object of type PaginatedList).
So I defined an Interface IExtendedPaginatedList which extended PaginatedList and added a few more methods that were required.

Here is the implementation for IExtendedPaginatedList PaginatedListImpl.

One of the JSP page is paginatedList.jsp which was included in those other jsp pages which required pagination. This page was included using jsp:include page="/paginatedList.jsp"

paginatedList.jsp snippet:

<%      IExtendedPaginatedList paginatedList = null;          if(request.getAttribute("PAGINATED_LIST") != null){         paginatedList  =(IExtendedPaginatedList)request.getAttribute("PAGINATED_LIST");         request.setAttribute("paginatedList", paginatedList );        } %>

The display tag was used in a different jsp page displayUserList.jsp:
<display:table name="paginatedList" sort="list"  requestURI="/searchUserAction.do?isPagination=yes">

     <display:column property="firstName" title="First Name"  sortable="false" headerClass="sortable"/>

<display:column property="lastName" title="Last Name" sortable="false" headerClass="sortable"/>
<display:column property="login" title="User Name" sortable="false" headerClass="sortable"/>

<display:column property="group.groupName" title="Group" sortable="false" headerClass="sortable"/>
<display:column property="location" title="Location" sortable="false" headerClass="sortable"/>

</display:table>


Both of these jsp pages are included within a main jsp page (for e.g searchUsers.jsp ).

The Controller or the Action class is responsible for creating this object and getting back the data from the Data Access Layer(DAO). I had developed this PaginatedDAO so that the rest of the team can make use of this DAO. Much of the responsibility lies with this DAO. This DAO class could be extended by other DAOs to make use of the pagination. Here is the code for the interface IPaginatedDAO and the implementation PaginatedDAO. This DAO at this point of time is using Spring framework and Hibernate and you can do it without Spring too. The PaginatedDAO has methods which provides different parameters and are for convenience for different usage. One method uses Hibernate Criteria and others accept a SQL Query string. In order for the pagination to work you need to execute two methods from this DAO. 1. getPaginatedListBy.....(.....) and 2. getTotalCountOfRowsBy....(...). Both of them are required. One can combine both as well.

In the action or controllers you will need this code to create an instance of IExtendedPaginatedList :


    public IExtendedPaginatedList getPaginatedListFromRequest(HttpServletRequest request){     
        
        IExtendedPaginatedList paginatedList = new PaginatedListImpl();
        String sortCriterion = request.getParameter(IExtendedPaginatedList.IRequestParameters.SORT);       
        paginatedList.setSortDirection(IExtendedPaginatedList.IRequestParameters.DESC.equals(request.getParameter(IExtendedPaginatedList.IRequestParameters.DIRECTION))? SortOrderEnum.DESCENDING : SortOrderEnum.ASCENDING);
        paginatedList.setSortCriterion(sortCriterion);
        int pageSize = 25; // Rows per page
        paginatedList.setPageSize(pageSize);
        String thePage = request.getParameter(IExtendedPaginatedList.IRequestParameters.PAGE);    
        if(thePage != null){
           int index = paginatedList == null? 0 : Integer.parseInt(thePage) - 1;
           paginatedList.setIndex(index);
        }else{
         paginatedList.setIndex(0);
        }
       
        return paginatedList;
    }



This is all is required for pagination. It is easy and simple with Display Tag.

click here to get all the code:
References:
Display Tag
Display Tag Examples



Posted by at
Labels:
Subscribe to: Posts (Atom)