I am trying to write my own authenticator which will read particular custom cookies and authenticate user based on token which is stored in that cookie. As an example I took this class: org.jboss.security.negotiation.NegotiationAuthenticator
So I start to writing my own authenticator:
public class SampleAuthenticator extends AuthenticatorBase{
@Override
protected boolean authenticate(Request arg0, Response arg1, LoginConfig arg2) throws IOException {
System.out.println("===CHECK===");
return false;
}
As you can see my class contains only needed method that must be implemented with default values.
I have installed this authenticator as module in Jboss "modules" directory.
Then I have added new security-domain in standalone.xml:
<security-domain name="sso" cache-type="default">
<authentication>
<login-module code="UsersRoles" flag="required" />
</authentication>
</security-domain>
I have made my module as global in standalone.xml as well (in jboss domain subsystem):
<global-modules>
<module name="com.myexample.authenticator"/>
</global-modules>
Now it seems that my authenticator is ready for use (just for output word "===CHECK===")
Into my example web application I have added jboss-web.xml descriptor:
<jboss-web>
<security-domain>sso</security-domain>
<valve>
<class-name>com.myexample.authenticator.SampleAuthenticator</class-name>
</valve>
</jboss-web>
My web.xml descriptor is following:
<security-constraint>
<web-resource-collection>
<web-resource-name>MyResourceName</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>My kinda secure web application</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
Finally when I am trying to deploy my web application it is throwing this exception:
12:41:28,554 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.web.valve.myvalve: org.jboss.msc.service.StartException in service jboss.web.valve.myvalve: java.lang.ClassCastException: com.myexample.authenticator.SampleAuthenticator cannot be cast to org.apache.catalina.Valve
at org.jboss.as.web.WebValveService.start(WebValveService.java:92)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.4.GA-redhat-1.jar:1.0.4.GA-redhat-1]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.4.GA-redhat-1.jar:1.0.4.GA-redhat-1]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_55]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_55]
at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_55]
Caused by: java.lang.ClassCastException: com.myexample.authenticator.SampleAuthenticator cannot be cast to org.apache.catalina.Valve
at org.jboss.as.web.WebValveService.start(WebValveService.java:72)
... 5 more
I am stuck at this point. I tried to reimplement some authenticators but this ClassCastException is always there.
Can anybody help me with writing own authenticator? I am using Jboss EAP 6.2 with Jboss 7.1.1
The problem was that I was using wrong lib. Problem was solved by using this maven dependency:
<dependency>
<groupId>org.jboss.as</groupId>
<artifactId>jboss-as-web</artifactId>
<version>7.2.0.Final</version>
<scope>provided</scope>
</dependency>