[jboss-user] [JBoss Portal] - Problems with SynchronizingLoginModule

gspillman do-not-reply at jboss.com
Thu Oct 11 10:33:43 EDT 2007 

I am encountering two problems when utilizing the SynchronizingLoginModule.  

1.  Role assignments are still syncing even when "synchronizeRoles" is set to false

2.  Dashboard displays the following error.  It is fixed by removing the "SynchronizingLoginModule" from login-config.xml

anonymous wrote : HTTP Status 403 - 
  | --------------------------------------------------------------------------------
  | type Status report
  | message 
  | description Access to the specified resource () has been forbidden.
  | --------------------------------------------------------------------------------
  | JBossWeb/2.0.0.GA
  | 
Both problems were discovered using JaasLounge(http://jaaslounge.sourceforge.net/) NTLMLoginModule, but can be duplicated using JBoss' UsersRolesLoginModule.

The Dashboard problem was originally discussed in the following thread, but seams to be a different problem since it can be duplicated using JBoss code only.
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=119733

Configuration:
Windows XP Professional Service Pack 2
JBoss Portal 2.6.2 + JBoss AS 4.2.1 Bundle

${jboss.server.home.dir}\deploy\jboss-portal.sar\conf\login-config.xml:

  | <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient">
  |   <module-option name="unauthenticatedIdentity">guest</module-option>
  |   <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
  |   <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
  |   <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
  |   <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
  |   <module-option name="additionalRole">Authenticated</module-option>
  |   <module-option name="password-stacking">useFirstPass</module-option>
  | </login-module>
  | 
  | <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required" />
  | 
  | <login-module code="org.jboss.portal.identity.auth.SynchronizingLoginModule" flag="optional">
  |   <module-option name="synchronizeIdentity">true</module-option>
  |   <module-option name="synchronizeRoles">false</module-option>
  |   <module-option name="additionalRole">Authenticated</module-option>
  |   <module-option name="defaultAssignedRole">User</module-option>
  |   <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
  |   <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
  |   <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
  |   <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
  | </login-module>	
  | 
${jboss.server.home.dir}\conf\defaultRoles.properties:

  | testuser=test
  | testuser2=test2
  | 
${jboss.server.home.dir}\conf\defaultUsers.properties:

  | testuser=testrole1,testrole2
  | testuser2=testrole3,testrole4
  | 

Procedure:
1.  Apply above configuration, run JBoss, and navigate to portal using browser.
2.  Login using testuser/test.
3.  Logout
4.  Login using admin/admin
5.  Click on the "Admin" link
6.  Click on the "Members" tab
7.  Click on "User Management" sub tab
8.  Click on "Search Users" link
9.  Find the "testuser" that should have been auto created in step #2
10. Click on "Role Management" sub tab
11. Click on "Create New Role" link
12. Enter "portalrole" for both "Role" and "Display Name" edit boxes
13. Click "Submit" button
14. Click on "User Management" sub tab
15. Click on "Search Users" link
16. Click on the "Roles" link to the right of "testuser"
17. Click the "portalrole" checkbox.
18. Click the "Submit" button.
19. Logout
20. Login using testuser/test
21. Navigate around the portal at your leasure (Sometimes this step can be skiped)
22. Logout
23. Login using admin/admin
24. Click on the "Admin" link
25. Click on the "Members" tab
26. Click on "User Management" sub tab
27. Click on "Search Users" link
28. Click on the "Roles" link to the right of "testuser"

The "portalrole" is now not checked.  If the synchronizeRoles is set to false, how can this be?  

29. Logout
30. Login using testuser/test
31. Click the "Dashboard" link.

The HTTP Status 403 error described above will be displayed.

Any help would be appreciated.  This problem is holding us up from deploying to a production environment.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4094126#4094126

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4094126

More information about the jboss-user mailing list