NOTE: This works only in Linux (other Unix Systems).
PAM Authentication in Java application gives a possibility to use native Linux (and other Unix Systems) features in Java application.
With PAM in Java a developer can use Linux users for authenticating them in a Java application.
JPam project: http://jpam.sourceforge.net/
Some more functionality was added in this implementation. It is possible to authenticate Linux users in a Java application, and get a list of groups for these users. It is possible to use this group for controlling permissions in JCR. In this case a system administrator can control user permissions in JCR by adding or removing them in a group.
For exapmle:
Now this user1 is in a new group admin. In Java application a developer can get a list of groups for the current user
and give or not give him permission for performing some actions.
The source code is here: svn://svn.forge.objectweb.org/svnroot/exoplatform/projects/core/trunk/component/organization/pam.
This project includes Java and C code. For building both of them run the command:
You can find Java and C libraries in the target folder.
If you like to test these tools see the scripts test-jpam.sh and test-jass.sh in the project root folder.
NOTE! Check the classpath in the script before running it! And copy the file src/main/conf/exo-jpam to pam /etc/pam.d.
May be you need to edit the file exo-jpam, PAM configuration can be very different in Linux systems.
And you must be able to read the file /etc/shadow!
Configuration:
And about building the native code for systems other than Linux32. See src/main/c/makefile and edit pom.xml for your system.
A part of pom.xml.
root@somehost # groups user1 users dialout video root@somehost # usermod -a -G admin user1 root@somehost # groups user1 admin users dialout video
mvn clean install antrun:run.
root@somehost $ ./test-jpam.sh _user_ _password_
02.09.2007 12:39:40 org.exoplatform.services.organization.auth.pam.Pam main
INFO: Response: Successful function return.- Place the exo.core.component.organization.pam-X.X.X.jar into your classpath.
- Ensure that any libraries required to satisfy dependencies are also in the classpath.
- As an optional step, configure an appropriate logging level.
- Copy the native library libjpam.so to the Java Native Library Path.
- Copy src/main/conf/exo-jpam to the pam folder. In Linux this is /etc/pam.d. Configure it as you like.
- You must be able to read the file /etc/shadow.
- If you are going to use JAAS authentication put the file src/main/conf/jpam-jaas.config wherever you want, and remember to add -Djava.security.auth.login.config=path_to_jpam-jaas.config when running an application.
Set<JAASGroup> gprincipals = loginContext.getSubject().getPrincipals(
JAASGroup.class);
if (gprincipals != null && gprincipals.size() != 0) {
out.println(">>> User is memebr of groups : ");
for (JAASGroup gp : gprincipals) {
out.print(gp.getName() + " : ");
Enumeration<GroupPrincipal> g = gp.members();
while (g.hasMoreElements()) {
out.print(g.nextElement().getName() + "; ");
}
out.println();
}
}<exec executable="make"> <arg value="--directory=src/main/c"/> <arg value="libjpam.x86"/> </exec>
on 27/03/2008 at 14:58