[jboss-user] [JBoss Portal] - Is this a JBP 2.6.1 bug? (403 Error From Dashboard Link)
NM-156
do-not-reply at jboss.com
Wed Sep 26 08:59:56 EDT 2007
I have a custom JAAS LoginModule configured for JBP 2.6.1, running in AS 4.0.5. After logging in, everything looks alright with the page. The only problem is that when I click the Dashboard link, I get a 403 Access Denied error. I have added Authenticated, Users, & Admin roles to the user in my LoginModule, and I see "Logged in as 'my user'" and also I have the Dashboard | Admin |Logout links on the page after signing in.
The Admin and Logout links work correctly. When I click on the Dashboard link, I get the 403 error, but there are no exceptions when I check the log.
Is it possible that this is a bug in JBP 2.6.1? If not, is there any way to turn on a lower level trace? I do not see anything in the LoginModule examples that would imply that it is necessary to link a user with a dashboard, programmatically speaking.
Here is my LoginModule. Can you please let me know if the 403 is due to a bug in the portal, or if I am doing something wrong when adding the roles (see getRoleSets())? Thank you for any light that you can shed.
| package test.custom.jaas.impl;
|
| import java.io.IOException;
| import java.security.Principal;
| import java.security.acl.Group;
| import java.util.Map;
|
| import javax.naming.NamingException;
| import javax.security.auth.Subject;
| import javax.security.auth.callback.Callback;
| import javax.security.auth.callback.CallbackHandler;
| import javax.security.auth.callback.NameCallback;
| import javax.security.auth.callback.PasswordCallback;
| import javax.security.auth.callback.UnsupportedCallbackException;
| import javax.security.auth.login.LoginException;
|
| import org.apache.log4j.Category;
| import org.jboss.security.SimpleGroup;
| import org.jboss.security.SimplePrincipal;
| import org.jboss.security.auth.spi.AbstractServerLoginModule;
| import test.jaas.LoginAuthenticator;
| import test.jaas.LoginAuthenticatorFactory;
| import test.login.exception.LoginConfigurationException;
|
| public class SsoPortalLoginModule extends AbstractServerLoginModule
| {
| private static final String SSO_USER_PROMPT_TEXT = "User Name: ";
| private static final String SSO_PASSWORD_PROMPT_TEXT = "Password: ";
|
| private static final Category logger = Category.getInstance(SsoPortalLoginModule.class);
|
| private CallbackHandler callbackHandler = null;
| private boolean successfulLogin = false;
| private String loginUser = null;
| private String loginPassword = null;
| private Principal identity = null;
|
| /**
| * Default constructor
| */
| public SsoPortalLoginModule(){logger.info("%%%%% CALLING SsoPortalLoginModule constructor from PORTAL %%%%%");}
|
| /**
| * Initialization method that is called by the container. Subject represents the user or service that is logging in
| * and will be populated automatically. Callbackhandler is also populated by the JBoss portal because this implementation
| * extends AbstractServerLoginModule
| *
| * @param Subject subject
| * @param CallbackHandler callbackHandler
| * @param Map sharedState
| * @param Map options
| */
| public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
| {
| logger.info("%%%%% CALLING SsoPortalLoginModule.initialize() method from PORTAL %%%%%");
|
| // Call base class constructor. This is a requirement.
|
| super.initialize(subject, callbackHandler, sharedState, options);
|
| // Set internal state
|
| setSubject(subject);
| setCallbackHandler(callbackHandler);
| setSharedState(sharedState);
| setOptions(options);
|
| // Set base class' loginOk variable. This flag must be set as
| // a requirement for successful login
|
| resetLoginOKInBaseClass();
| }
|
| /**
| * Set subject. This object represents the user or service that is logging in.
| *
| * @param Subject subject
| */
| private void setSubject(Subject subject)
| {
| this.subject = subject;
| }
|
| /**
| * Login method that is called by the container
| *
| * @return boolean
| */
| public boolean login() throws LoginException
| {
| return executeLDAPLogin();
| }
|
| /**
| * Execute LDAP login
| *
| * @return boolean
| */
| private boolean executeLDAPLogin()
| {
| try
| {
|
| // Get credentials:
|
| getCredentials();
|
| // Authenticate credentials against LDAP server
|
| authenticateUserOnLDAPServer();
|
| // Set login user as portal identity:
|
| setLoginUserAsIdentity();
| }
|
| catch (Exception e)
| {
| e.printStackTrace();
| resetLoginOKInBaseClass();
| setSuccessfulLogin(false);
| return isSuccessfulLogin();
| }
|
| setLoginOKInBaseClass();
| return isSuccessfulLogin();
| }
|
| /**
| * Set login user as portal identity.
| */
| private void setLoginUserAsIdentity()
| {
| setIdentity(new SimplePrincipal(getLoginUser()));
|
| // setIdentity(new SimplePrincipal("admin")); // ***** TEST ONLY *******
| }
|
| /**
| * Use call back handler to retrieve login credentials from the user
| *
| * @throws IOException
| * @throws UnsupportedCallbackException
| */
| private void getCredentials() throws IOException, UnsupportedCallbackException
| {
| Callback[] callbacks = createUICallBacks();
|
| getCallbackHandler().handle(callbacks);
|
| extractLoginUserFromCallback(callbacks);
| extractLoginPasswordFromCallback(callbacks);
| }
|
| /**
| * Create callback objects that will store user input
| *
| * @return Callback[]
| */
| private Callback[] createUICallBacks()
| {
| return new Callback[] {
| new NameCallback(SSO_USER_PROMPT_TEXT),
| new PasswordCallback(SSO_PASSWORD_PROMPT_TEXT, false)};
| }
|
| /**
| * Authenticate user credentials on LDAP server
| *
| * @throws NamingException
| * @throws LoginConfigurationException
| */
| private void authenticateUserOnLDAPServer() throws NamingException, LoginConfigurationException
| {
| LoginAuthenticator authenticator =
| LoginAuthenticatorFactory.create(LoginAuthenticatorFactory.LDAP);
|
| setSuccessfulLogin(authenticator.isLoginValid(getLoginUser(), getLoginPassword()));
| }
|
| /**
| * As per JBoss documentation, the loginOk protected variable must be set in the base
| * class based on login results
| */
| private void setLoginOKInBaseClass()
| {
| super.loginOk = true; // Set base class login flag to successful
| }
|
| /**
| * Reset loginOk protected variable in base class
| */
| private void resetLoginOKInBaseClass()
| {
| super.loginOk = false; // Reset base class login flag to false
| }
|
| /**
| * Extract user ID string from Callback array
| *
| * @param Callback[] callbacks
| */
| private void extractLoginUserFromCallback(Callback[] callbacks)
| {
| setLoginUser(((NameCallback)callbacks[0]).getName());
| }
|
| /**
| * Extract password string from Callback array
| *
| * @param Callback[] callbacks
| */
| private void extractLoginPasswordFromCallback(Callback[] callbacks)
| {
| // Be sure to create a String object from the getPassword() call or login will fail:
|
| setLoginPassword(new String(((PasswordCallback) callbacks[1]).getPassword()));
| }
|
| /**
| * Set call back handler for obtaining credentials from the user
| *
| * @param CallbackHandler callbackHandler
| */
| private void setCallbackHandler(CallbackHandler callbackHandler)
| {
| this.callbackHandler = callbackHandler;
| }
|
| /**
| * Return portal identity. This is the portal user ID. This method is called by the container.
| *
| * @return Principal
| */
| @Override
| protected Principal getIdentity()
| {
| return this.identity;
| }
|
| /**
| * Get role set. This is where roles are loaded from the back end.
| * Note that Group is a subinterface of Principal. This method is
| * called by the container.
| *
| * @return Group[]
| */
| @Override
| protected Group[] getRoleSets() throws LoginException
| {
| logger.info("%%%%% CALLING SsoPortalLoginModule.getRoleSets() method from PORTAL %%%%%");
|
| Group rolesGroup = new SimpleGroup("Roles");
|
| rolesGroup.addMember(new SimplePrincipal("Authenticated")); // Must add authenticated principle
| rolesGroup.addMember(new SimplePrincipal("Users")); // Gives portal Users rites (Test)
| rolesGroup.addMember(new SimplePrincipal("Admin")); // Gives portal admin rites (Test)
|
| // Note that the identity needs to exist as a user account inside the portal prior to login
|
| rolesGroup.addMember(getIdentity()); // Add login identity as role (Test)
|
| return new Group[] { rolesGroup };
| }
|
| /**
| * Get call back handler. This object is used to obtain credentials from the user.
| *
| * @return CallbackHandler
| */
| private CallbackHandler getCallbackHandler()
| {
| return callbackHandler;
| }
|
| /**
| * Get login password string
| *
| * @return String
| */
| private String getLoginPassword() {
| return loginPassword;
| }
|
| /**
| * Set login password string
| *
| * @param String loginPassword
| */
| public void setLoginPassword(String loginPassword) {
| this.loginPassword = loginPassword;
| }
|
| /**
| * Get login user string
| *
| * @return String
| */
| private String getLoginUser() {
| return loginUser;
| }
|
| /**
| * Set login user string
| *
| * @param String loginPassword
| */
| private void setLoginUser(String loginUser) {
| this.loginUser = loginUser;
| }
|
| /**
| * This method signals whether the login attempt was successful or not.
| *
| * @return boolean
| */
| private boolean isSuccessfulLogin() {
| return successfulLogin;
| }
|
| /**
| * This method sets the successful login flag.
| *
| * @return boolean
| */
| private void setSuccessfulLogin(boolean successfulLogin) {
| this.successfulLogin = successfulLogin;
| }
|
| /**
| * Set login options as Map
| *
| * @param Map options
| */
| private void setOptions(Map options)
| {
| this.options = options;
| }
|
| /**
| * Set shared state options as Map
| *
| * @param Map sharedState
| */
| private void setSharedState(Map sharedState) {
| this.sharedState = sharedState;
| }
|
| /**
| * Set portal identity
| *
| * @param Principal identity
| */
| private void setIdentity(Principal identity)
| {
| this.identity = identity;
| }
|
| }
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4088827#4088827
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4088827
More information about the jboss-user
mailing list