22-8 Oracle Fusion Middleware Application Security Guide public LoginModuleExample { super; } public Subject assertUserfinal String username throws Exception { CallbackHandler cbh = AccessController.doPrivilegednew PrivilegedExceptionActionCallbackHandler { public CallbackHandler run throws Exception { return new CustomCallbackHandlerusername; } }; Subject sub = new Subject; LoginService ls = JpsServiceLocator.getServiceLocator.lookupLoginService.class; LoginContext context = ls.getLoginContextsub, cbh; context.login; Subject s = context.getSubject; return s; } public Subject authenticatefinal String username, final char[] password throws Exception { CallbackHandler cbh = new CustomCallbackHandlerusername, password; Subject sub = new Subject; LoginService ls = JpsServiceLocator.getServiceLocator.lookupLoginService.class; LoginContext context = ls.getLoginContextsub, cbh; context.login; Subject s = context.getSubject; return s; } public static void mainString[] args { LoginModuleExample loginModuleExample = new LoginModuleExample; try { System.out.printlnauthenticated user subject = + loginModuleExample.authenticatetestUser, welcome1.toCharArray; System.out.printlnasserted user subject = + loginModuleExample.assertUsertestUser; } catch Exception e { e.printStackTrace; } } }

22.2.4 Using the OPSS API LoginService in Java SE Applications

To invoke a login module programmatically in Java SE applications, use the method getLoginContext of the interface oracle.security.jps.service.login.LoginService. Similar to the method LoginContext in the standard JAAS API, getLoginContext returns an instance of a LoginContext object that can be used to authenticate a user, Authentication for Java SE Applicaitons 22-9 but, more generally, it also allows the use of any number of login modules in any order. Authentication is then performed on just those login modules and in the order they were passed. The following code fragment illustrates user authentication against a subset of login modules in a prescribed order using getLoginContext: import oracle.security.jps.service.ServiceLocator; import oracle.security.jps.service.JpsServiceLocator; import oracle.security.jps.service.login.LoginService; Obtain the login service ServiceLocator locator = JpsServiceLocator.getServiceLocator; LoginService loginService = locator.lookupLoginService.class; Create the handler for given name and password CallbackHandler cbh = new MyCallbackHandlername, password.toCharArray; Invoke login modules selectively in a given order selectiveModules = new Sting[]{lmName1, lmName2, lmName3}; LoginContext ctx = loginService.getLoginContextnew Subject, cbh, selectiveModules; ctx.login; Subject s = ctx.getSubject; selectiveModules is an array of login module names, and the authentication uses precisely those login modules named in the array in the order listed in the array. Each name in the array must be the name of a service instance listed in the default context of the file jps-config-jse.xml. The following fragment illustrates the configuration of a stack of two login modules: serviceProvider type=LOGIN name=jaas.login.provider class=oracle.security.jps.internal.login.jaas.JaasLoginServiceProvider descriptionCommon definition for any login module instancesdescription serviceProvider serviceInstance name=auth.loginmodule provider=jaas.login.provider descriptionUser Authentication Login Moduledescription property name=loginModuleClassName value=oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticati onLoginModule property name=jaas.login.controlFlag value=REQUIRED serviceInstance serviceInstance name=custom.loginmodule provider=jaas.login.provider descriptionMy Custom Login Moduledescription property name=loginModuleClassName value=my.custom.MyLoginModuleClass property name=jaas.login.controlFlag value=REQUIRED serviceInstance jpsContexts default=aJpsContext jpsContext name=aJpsContext serviceInstanceRef ref=auth.loginmodule serviceInstanceRef ref=custom.loginmodule jpsContext jpsContexts