[jboss-user] [Security & JAAS/JBoss] - Help needed please, Authentication info propagation don't wo

lujop do-not-reply at jboss.com
Wed Feb 28 12:15:04 EST 2007 

What I try to do is:

Programatically establish an indentity in a servlet and propagate it to be disposable to all the web applications on the same realm.

(I have to do it programatically for: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=102853
The code of my servlet is:


  |     try {
  |     UsernamePasswordHandler handler = new UsernamePasswordHandler("XXX", "XXX");
  |     LoginContext lc = new LoginContext("MyDomain", handler);
  |     lc.login();
  |     
  |     }catch(Exception e ) {
  |       e.printStackTrace();
  |     }   
  | 
  | 

And the log that I get is:

    
  | DEBUG (MyLoginModule.java.java:98)     - login()
  | INFO  (MyLoginModule.java.java:151)     - User XXX ok with role YYY
  | TRACE (org.jboss.security.ClientLoginModule.ClientLoginModule.java:103)     - Security domain: MyDomain
  | TRACE (org.jboss.security.ClientLoginModule.ClientLoginModule.java:121)     - Enabling restore-login-identity mode
  | TRACE (org.jboss.security.ClientLoginModule.ClientLoginModule.java:130)     - Enabling useFirstPass mode
  | TRACE (org.jboss.security.ClientLoginModule.ClientLoginModule.java:139)     - Begin login
  | TRACE (org.jboss.security.ClientLoginModule.ClientLoginModule.java:223)     - commit, subject=Asunto:
  | 	Principal: XXX
  | 	Principal: Roles(members:YYY)
  | 
  | TRACE (org.jboss.security.SecurityAssociation.SecurityAssociation.java:460)     - pushSubjectContext, subject=Asunto:
  | 	Principal: XXX
  | 	Principal: Roles(members:YYY)
  | 
  | 

This is the debug code I get just after lc.login() in my servlet.



The problem is that then when the servlet ends I had this stacktrace:


  | ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 252	
  | ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 173	
  | ReplyHeaderFilter.doFilter(ServletRequest, ServletResponse, FilterChain) line: 96	
  | ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 202	
  | ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 173	
  | StandardWrapperValve.invoke(Request, Response) line: 213	
  | StandardContextValve.invoke(Request, Response) line: 178	
  | SecurityAssociationValve.invoke(Request, Response) line: 175	
  | BasicAuthenticator(AuthenticatorBase).invoke(Request, Response) line: 432	
  | JaccContextValve.invoke(Request, Response) line: 74	
  | StandardHostValve.invoke(Request, Response) line: 126	
  | ErrorReportValve.invoke(Request, Response) line: 105	
  | CachedConnectionValve.invoke(Request, Response) line: 156	
  | SingleSignOn.invoke(Request, Response) line: 392	
  | StandardEngineValve.invoke(Request, Response) line: 107	
  | CoyoteAdapter.service(Request, Response) line: 148	
  | Http11Processor.process(InputStream, OutputStream) line: 869	
  | Http11Protocol$JmxHttp11ConnectionHandler(Http11BaseProtocol$Http11ConnectionHandler).processConnection(TcpConnection, Object[]) line: 664	
  | PoolTcpEndpoint.processSocket(Socket, TcpConnection, Object[]) line: 527	
  | MasterSlaveWorkerThread.run() line: 112	
  | ThreadWithAttributes(Thread).run() line: 595	
  | 

And when the arrives at BasicAuthenticator I get:


  | popRunAsIdentity, runAs=null
  | 
  | and then:
  | 
  | 2007-02-28 17:43:17,688 TRACE (org.jboss.security.SecurityAssociation.SecurityAssociation.java:555)     - clear, server=true

It looks as if the credential are deleted, aren't they?

The login-config.xml has:


  |     <application-policy name="MyDomain">
  |       <authentication>
  |        <login-module code="MyModule"
  |           flag = "required">
  |           <module-option name="password-stacking">useFirstPass</module-option>
  |        </login-module>
  | 
  |        <login-module code="org.jboss.security.ClientLoginModule" flag="required">
  |        	<module-option name="password-stacking">useFirstPass</module-option>
  |        	<module-option name="restore-login-identity">false</module-option>
  |        </login-module>
  | 
  |       </authentication>
  |     </application-policy> 
  | 
  | 

Please, please, please,...... someone can help in this nigthmare?¿

PD: All is to try to solve the problem I also explain in :


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4023825#4023825

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4023825

More information about the jboss-user mailing list