Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 5 Advanced Topics : Authenticating Users

Authenticating Users
TIBCO Administrator implements the Java Authentication and Authorization Service (JAAS) framework. The framework allows you to perform web authentication and authorization in applications that use the administration server.
You must create an administration domain that uses HTTPS. The JAAS Authentication web service is then deployed on the tomcat server for the administration domain.
Authentication Using the JAAS Authentication Web Service
The Internet provides many tutorials for using the JAAS framework. See http://java.sun.com/developer/JDCTechTips/2001/tt0727.html for a tutorial that shows the JAAS Authentication web service checking the identity of a caller. Other tutorials may be available on the Internet that show the same functionality.
The above URL displays a tutorial that provides an introduction to JAAS and explains how to configure a JAAS LoginModule to validate passwords. The only difference between what is presented in the tutorial and how to use the Authentication web service is in the tutorial’s Configuration File section where the following lines

 
SimpleLogin {
SimpleLoginModule required;
};

 
instead would be:

 
AuthenticationService {
com.tibco.atlas.auth.jaas.AuthenticationServiceLoginModule
                                                          required
   soap_username="admin"
   soap_password="#!P3A46TfV7Mf4bOGq0cCUnad3hQllcn2W"
   authority=”putYourAdministratorHostNameHere:8443”
   scheme="https"
};

 
The password is encrypted using the obfuscate utility. See the TIBCO Runtime Agent Installation guide for details about using the utility.
Authentication Code Example
This example provides example code that shows how to validate a password for a user. The administration domain must have SSL enabled for the example to work. The following arguments specify the username and password to test and are used to configure the connection to the service provider.
username — name of the user to validate.
obfuscatedPassword — the obfuscated password of the user.
superuserName — the name of a superuser defined in TIBCO Administrator.
obfuscatedSuperuserPassword — the obfuscated password of the superuser.
authority — the host:port specification of the server where TIBCO Administrator is running. The default is localhost:8443
A malformedURLException is thrown if the service's URL is not formed correctly. This occurs if an unknown authority is set.

 
package sample.com.tibco.atlas.authentication;
 
import java.net.MalformedURLException;
import com.tibco.atlas.auth.authentication.AuthenticationService;
import com.tibco.atlas.auth.authentication.AuthenticationServiceFactory;
 
public class AuthenticateUser {
 
public static void main(String[] args) throws MalformedURLException {
String username = (args.length>0) ? args[0] : "user";
String obfuscatedPassword = (args.length>1) ? args[1] : "";
String superuserName = (args.length>2) ? args[2] : "superuserName";
String obfuscatedSuperuserPassword = (args.length>3) ? args[3] : "";
String authority = (args.length>4) ? args[4] : "localhost:8443";
 
        try{
boolean retVal = isUserValid(username, obfuscatedPassword, superuserName,
                                           obfuscatedSuperuserPassword, authority);
 
System.out.println("Password for user " + username + " is " + ((retVal) ?
                                                           "valid" : "not valid"));
      }
catch(Exception ex)
 
{
ex.printStackTrace()
}
}
 
public static boolean isUserValid(String username, String obfuscatedPassword,
      String superUserName, String obfuscatedSuperuserPassword, String authority)       throws Exception {
AuthenticationServiceFactory factory = new AuthenticationServiceFactory();
factory.setAuthority(authority);
factory.setSoapUsername(superUserName);
factory.setObfuscatedSoapPassword(obfuscatedSuperuserPassword);
AuthenticationService service = factory.createAuthenticationService();
return service.isPasswordValid(username, obfuscatedPassword);
}
}

 
Logging Information to a File
By default, the Authentication web service prints all runtime trace information to the TIBCO Administrator console. This section explains how to configure the Authentication web service to print trace information to a file.
The following system property needs to be set to the path of a logging configuration file. The property is then specified at startup in the client application command line.
-Djava.util.logging.config.file=path to logging properties file
Your logging properties file should be similar to the following:

 
# Logging Properties File
 
# "handlers" specifies a comma separated list of log Handler
# classes. These handlers will be installed during VM startup.
# Note that these classes must be on the system classpath.
# To log to the console use java.util.logging.ConsoleHandler below:
handlers= java.util.logging.FileHandler
 
# Default global logging level.
# This specifies which kinds of events are logged across
# all loggers. For any given facility this global level
# can be overriden by a facility specific level
# Note that the ConsoleHandler also has a separate level
# setting to limit messages printed to the console.
package.level= FINEST
 
# The default file output is in user's home directory.
java.util.logging.FileHandler.pattern = path to log file
java.util.logging.FileHandler.limit = 50000
java.util.logging.FileHandler.count = 1
java.util.logging.FileHandler.level = INFO
 
# XML can be output using java.util.logging.XMLFormatter:
java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter

 
handlers specifies the set of handlers to be loaded on startup.
package.level sets the default global logging level for each package. The values are ALL, OFF, FINEST, FINER, FINE, CONFIG, INFO, WARNING, SEVERE.
pattern provides the path to the log file for the given handle. If the path is not specified, the file is placed in the user’s home directory.
limit is the maximum size of the output file in bytes.
count is the number of output files to use. An integer is appended to the base file name.
level is the logging level. It uses the same values as the global logging level.
formatter describes the output style, simple or XML. The value can be java.util.logging.SimpleFormatter or java.util.logging.XMLFormatter

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved