Custom JAAS LoginModule
Fortunately, LoginModule
uses a standard JAAS API and as such is well documented in many books and on the Internet. Here, we will write the simplest LoginModule that solves our problem of validating the principals over a legacy external SSO system using the HTTP protocol. As a didactical support, we will also write in the log when the Security Services container will call our method so that we can figure out when and how many times they are called.
Keep in mind that LoginModule is a stateful Bean; it must retain configuration data when it is initialized, and from the login callback state to the commit state (or abort or whatever) it must keep the state to answer in a correct and expected way.
Let's start with the definition; the instance fields will be declared as and when we need them. The code for our custom LoginModule is as follows:
public class PacktLoginModuleImpl implements LoginModule {
private final static Logger LOGGER = Logger.
getLogger(PacktLoginModuleImpl...
