27 Eylül 2010 Pazartesi

3-adf security. (with ldap and database provider from weblogic)








sample login method like this.

package MBeans;

import java.io.IOException;

import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;

import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import oracle.adf.model.BindingContext;
import oracle.adf.view.rich.component.rich.input.RichInputText;

import oracle.binding.BindingContainer;

import weblogic.security.SimpleCallbackHandler;
import weblogic.security.services.Authentication;

import weblogic.servlet.security.ServletAuthentication;


public class LoginBean
{
  private RichInputText txtUserName;
  private RichInputText txtPassword;

  public LoginBean()
  {
  }

  public BindingContainer getBindings()
  {
    return BindingContext.getCurrent().getCurrentBindingsEntry();
  }

  public String SubmitLogin_action()
  {
    String un = "";
    String pws = "";
    byte[] pw = null;
    try
    {
      un = (String) txtUserName.getValue();
      pws = (String) txtPassword.getValue();
      pw = pws.getBytes();
    }
    catch (Exception ex)
    {
      System.out.println(ex);
    }


    FacesContext ctx = FacesContext.getCurrentInstance();
    HttpServletRequest request =
      (HttpServletRequest) ctx.getExternalContext().getRequest();
    CallbackHandler handler = new SimpleCallbackHandler(un, pw);
    try
    {
      //login i?lemini ldap üzerinden gerçekle?tiriyor
      Subject mySubject = Authentication.login(handler);
      System.out.println("ldap");
      if (mySubject != null)
      {
        String un1 = un;
        String pwscakma = un;
        byte[] pwcakma = pwscakma.getBytes();
        //login i?lemi ldap üzerinden gerçekle?iyor ise db den roller için bir daha login oluyor
        CallbackHandler handler2 = new SimpleCallbackHandler(un1, pwcakma);
        Subject mySubject2 = Authentication.login(handler2);
        System.out.println("db");
        System.out.println(mySubject.getPrincipals());
        System.out.println(mySubject2.getPrincipals());
        ServletAuthentication.runAs(mySubject2, request);
        ServletAuthentication.generateNewSessionID(request);
        //db den contexte selam

        //BindingContainer bindings = getBindings();
        //OperationBinding operationBinding =
        //bindings.getOperationBinding("setContext");
        //operationBinding.getParamsMap().put("kullaniciad", un1);
        //operationBinding.execute();

        //yönlendiriliyor
        String loginUrl =
          "/adfAuthentication?success_url=/faces/WepPages/Welcome.jspx";
        HttpServletResponse response =
          (HttpServletResponse) ctx.getExternalContext().getResponse();
        sendForward(request, response, loginUrl);
      }
    }
    catch (FailedLoginException fle)
    {
      fle.printStackTrace();
      FacesMessage msg =
        new FacesMessage(FacesMessage.SEVERITY_ERROR, "Yanl?? Kullan?c? ad? veya parola?",
                         "Yanl?? Kullan?c? ad? veya parola");
      ctx.addMessage(null, msg);
    }
    catch (LoginException le)
    {
      reportUnexpectedLoginError("LoginException", le);
    }
    return null;
  }

  private void sendForward(HttpServletRequest request,
                           HttpServletResponse response, String loginUrl)
  {
    FacesContext ctx = FacesContext.getCurrentInstance();
    RequestDispatcher dispatcher = request.getRequestDispatcher(loginUrl);
    try
    {
      dispatcher.forward(request, response);
    }
    catch (ServletException se)
    {

    }
    catch (IOException ie)
    {

    }
    ctx.responseComplete();

  }

  private void reportUnexpectedLoginError(String string, LoginException le)
  {
    FacesMessage msg =
      new FacesMessage(FacesMessage.SEVERITY_ERROR, "Giri? Esnas?nda Beklenmeyen bir hata olu?tu",
                       "Giri? Esnas?nda Beklenmeyen bir hata olu?tu (" +
                       string + "), Detaylar için Loglara bak?n?z");
    FacesContext.getCurrentInstance().addMessage(null, msg);
    le.printStackTrace();

  }

  public void setTxtUserName(RichInputText txtUserName)
  {
    this.txtUserName = txtUserName;
  }

  public RichInputText getTxtUserName()
  {
    return txtUserName;
  }

  public void setTxtPassword(RichInputText txtPassword)
  {
    this.txtPassword = txtPassword;
  }

  public RichInputText getTxtPassword()
  {
    return txtPassword;
  }
}

for using db or ldap or both of them for authantication. you must define provider in weblogic.




here is the some sample usage of security context.

in java

ADFContext.getCurrent().getSecurityContext().getUserName();
ADFContext.getCurrent().getSecurityContext().isUserInRole();

in jspx
Gönderen erkan.karamese zaman: 01:14
Etiketler: , ,

Hiç yorum yok:

Yorum Gönder

Kaydol: Kayıt Yorumları (Atom)