Java Magazine, July/August 2016
ORACLE COM JAVAMAGAZINE JULY AUGUST 2016 29 enterprise java Therefore you always return SUCCESS from your validate Request method FAILURE should be used as a return value only if there was some problem with your SAM for example if you were unable to contact some external resource such as an LDAP server Registering Your SAM To deploy your custom SAM with your application you package the implementation classes into the WAR file as you would for any other application classes The JASPIC specification defines how to register and unregister a custom SAM this can be done in a WebListener which is called when your web application starts Listing 7 shows how to register and unregister the SAM in a WebListener Listing 7 @ WebListener public class SimpleSAMWebListener implements ServletContextListener private String registrationid public void contextInitialized ServletContextEvent sce String appContext registrationid AuthConfigFactory getFactory registerConfigProvider new SimpleSAMAuthConfigProvider null null HttpServlet appContext Simple SAM public void contextDestroyed ServletContextEvent sce AuthConfigFactory getFactory removeRegistration registrationid There are some additional boilerplate classes required to integrate your SAM into the JASPIC infrastructure These classes are implementations of three interfaces and they are rarely different than the versions in the zip file available in the Java Magazine download area Typically if youre using a single SAM youll use the following files without modification AuthConfigProvider is a factory for creating ServerAuth Config objects ServerAuthConfig is an object that describes a configuration for a specific application context and message layer which in the case of my servlet application is always the same ServerAuthConfig is also a factory for ServerAuthContext objects ServerAuthContext is a class that wraps the SAM because in the general case there can be multiple SAMs but in most cases and in my example there is only one If there are multiple SAMs the ServerAuthContext implementation should call each in turn and then adjudicate the results The implementation included in this article will work as expected unless there are more complex initialization and configuration requirements or there are multiple SAMs that need to be invoked Testing the Example SAM In my example SAM I implemented validateRequest so that the user and groups were obtained from the servlet request parameters To test the SAM I need to define a servlet with a security constraint as shown in Listing 8
You must have JavaScript enabled to view digital editions.