[jboss-user] [Security & JAAS/JBoss] - Help needed please, Authentication info propagation don't wo
lujop
do-not-reply at jboss.com
Wed Feb 28 12:15:04 EST 2007
What I try to do is:
Programatically establish an indentity in a servlet and propagate it to be disposable to all the web applications on the same realm.
(I have to do it programatically for: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=102853
The code of my servlet is:
| try {
| UsernamePasswordHandler handler = new UsernamePasswordHandler("XXX", "XXX");
| LoginContext lc = new LoginContext("MyDomain", handler);
| lc.login();
|
| }catch(Exception e ) {
| e.printStackTrace();
| }
|
|
And the log that I get is:
| DEBUG (MyLoginModule.java.java:98) - login()
| INFO (MyLoginModule.java.java:151) - User XXX ok with role YYY
| TRACE (org.jboss.security.ClientLoginModule.ClientLoginModule.java:103) - Security domain: MyDomain
| TRACE (org.jboss.security.ClientLoginModule.ClientLoginModule.java:121) - Enabling restore-login-identity mode
| TRACE (org.jboss.security.ClientLoginModule.ClientLoginModule.java:130) - Enabling useFirstPass mode
| TRACE (org.jboss.security.ClientLoginModule.ClientLoginModule.java:139) - Begin login
| TRACE (org.jboss.security.ClientLoginModule.ClientLoginModule.java:223) - commit, subject=Asunto:
| Principal: XXX
| Principal: Roles(members:YYY)
|
| TRACE (org.jboss.security.SecurityAssociation.SecurityAssociation.java:460) - pushSubjectContext, subject=Asunto:
| Principal: XXX
| Principal: Roles(members:YYY)
|
|
This is the debug code I get just after lc.login() in my servlet.
The problem is that then when the servlet ends I had this stacktrace:
| ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 252
| ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 173
| ReplyHeaderFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 96
| ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 202
| ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 173
| StandardWrapperValve.invoke(Request, Response) line: 213
| StandardContextValve.invoke(Request, Response) line: 178
| SecurityAssociationValve.invoke(Request, Response) line: 175
| BasicAuthenticator(AuthenticatorBase).invoke(Request, Response) line: 432
| JaccContextValve.invoke(Request, Response) line: 74
| StandardHostValve.invoke(Request, Response) line: 126
| ErrorReportValve.invoke(Request, Response) line: 105
| CachedConnectionValve.invoke(Request, Response) line: 156
| SingleSignOn.invoke(Request, Response) line: 392
| StandardEngineValve.invoke(Request, Response) line: 107
| CoyoteAdapter.service(Request, Response) line: 148
| Http11Processor.process(InputStream, OutputStream) line: 869
| Http11Protocol$JmxHttp11ConnectionHandler(Http11BaseProtocol$Http11ConnectionHandler).processConnection(TcpConnection, Object[]) line: 664
| PoolTcpEndpoint.processSocket(Socket, TcpConnection, Object[]) line: 527
| MasterSlaveWorkerThread.run() line: 112
| ThreadWithAttributes(Thread).run() line: 595
|
And when the arrives at BasicAuthenticator I get:
| popRunAsIdentity, runAs=null
|
| and then:
|
| 2007-02-28 17:43:17,688 TRACE (org.jboss.security.SecurityAssociation.SecurityAssociation.java:555) - clear, server=true
It looks as if the credential are deleted, aren't they?
The login-config.xml has:
| <application-policy name="MyDomain">
| <authentication>
| <login-module code="MyModule"
| flag = "required">
| <module-option name="password-stacking">useFirstPass</module-option>
| </login-module>
|
| <login-module code="org.jboss.security.ClientLoginModule" flag="required">
| <module-option name="password-stacking">useFirstPass</module-option>
| <module-option name="restore-login-identity">false</module-option>
| </login-module>
|
| </authentication>
| </application-policy>
|
|
Please, please, please,...... someone can help in this nigthmare?¿
PD: All is to try to solve the problem I also explain in :
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4023825#4023825
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4023825
More information about the jboss-user
mailing list