[jboss-user] [Security & JAAS/JBoss] - Re: Principal from Servlet to EJB not propagating?
forumer
do-not-reply at jboss.com
Thu Oct 26 09:40:52 EDT 2006
Thanks for your reply.
Empty password is intentional and is specified in users.properties as such as shown below. An exception is caused and login does fail if I specify a non-empty password in users.properties:
| fm_full=
|
roles.properties is:
| fm_full=FullUser
|
Here is an excerpt from trace/debug log output. As you can see login is happening. However, the servlet, after doing the login is dispatching to jsp and what is disturbing is "runAs: null". Could this be the problem and what can be done to resolve this?
| 2006-10-26 06:23:23,804 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] commit, loginOk=true
| 2006-10-26 06:23:23,804 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Checking user: fm_full, roles string: FullUser
| 2006-10-26 06:23:23,804 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Adding to Roles: FullUser
| 2006-10-26 06:23:23,804 TRACE [org.jboss.security.ClientLoginModule] commit, subject=Subject:
| Principal: fm_full
| Principal: Roles(members:FullUser)
|
| 2006-10-26 06:23:23,804 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
| Principal: fm_full
| Principal: Roles(members:FullUser)
| , sc=org.jboss.security.SecurityAssociation$SubjectContext at 2fb8d6{principal=fm_full,subject=17825859}
| .
| .
| .
| 2006-10-26 06:23:23,914 DEBUG [org.apache.catalina.core.ApplicationDispatcher] servletPath=/FleetAdminViewGroups.jsp, pathInfo=null, queryString=null, name=null
| 2006-10-26 06:23:23,914 DEBUG [org.apache.catalina.core.ApplicationDispatcher] Path Based Forward
| 2006-10-26 06:23:23,914 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null
| 2006-10-26 06:23:23,914 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null
|
|
To reiterate, I am expecting the call to the EJB method to fail as I have specified a non-existing roles in @RolesAllowed.
Thanks
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3981008#3981008
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3981008
More information about the jboss-user
mailing list