[jboss-user] [Security & JAAS/JBoss] - SecurityAssociationCallback returns NULL-Principal in 5.0.0

Arakasi69 do-not-reply at jboss.com
Sat Feb 28 19:02:19 EST 2009 

Hello,

i'm migrating J2EE-application from jboss 4.0.3sp1 to 5.0.0 ga. This application will be accessed from a remote client (RMI over HTTP with HTTPInvokerServlet). Now the working custom jaas login from 4.0.3 fails in 5.0.0 GA because of a principal which is NULL, requested from the SecurityAssociationCallback in my server-side custom login module.

Any sugesstions how to deal with SecurityAssociationCallback in 5.0.0 GA ?

My custom login more in detail:
1) Client

auth.conf:
client-login {
  | 
  |     de.myapplication.secure.CustomClientLoginModule required
  | 	;
  | 	org.jboss.security.ClientLoginModule  required
  | 	password-stacking="useFirstPass"
  | 	;
  | };
  | 
The client uses a CustomPasswordHandler implementing CallbackHandler for additional login informations which results in a CustomPrincipal class. This CustomPrincipal class is needed at the server-side login module.

2) Server

The jboss-service.xml and the login-config.xml are located in the META-INF of SAR bundled in the EAR of the application. The following code snippet from the CustomServerLoginModule shows the occurence where the principal returns with NULL

        SecurityAssociationCallback callback = new SecurityAssociationCallback();
  |         Callback[] callbacks = { callback };
  | 
  | 
  |         callbackHandler.handle(callbacks);
  | 
  | 
  |         Principal principal = callback.getPrincipal();
  |         LOG.debug("'getUsernameAndPassword()' found Principal " + principal);
  | 

jboss-service.xml (snippet)

  <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="de.myapplication.secure:service=LoginConfig-Custom">
  |         <attribute name="AuthConfig">META-INF/login-config.xml</attribute>
  | 
  |         <!-- The service which supports dynamic processing of login-config.xml
  |          configurations.
  |         -->
  |         <depends optional-attribute-name="LoginConfigService">
  |             jboss.security:service=XMLLoginConfig </depends>
  | 
  |         <!-- Optionally specify the security mgr service to use when
  |          this service is stopped to flush the auth caches of the domains
  |          registered by this service.
  |         -->
  |         <depends optional-attribute-name="SecurityManagerService">
  |             jboss.security:service=JaasSecurityManager </depends>
  |     </mbean>
  | 

login-config.xml

<policy>
  |     <application-policy name = "lisa">
  |        <authentication>
  |           <login-module flag="required" code="de.myapplication.secure.jboss.CustomServerLoginModule">
  |              <module-option name="unauthenticatedIdentity">unauthenticatedUser</module-option>
  |              <module-option name="DATA_SOURCE">java:/custom.DataSource</module-option>
  |              <module-option name="PRINCIPAL_QUERY">...</module-option>
  |              <module-option name="ROLES_QUERY">...</module-option>
  |              <module-option name="LOCATION_QUERY">...</module-option>
  |           </login-module>
  |        </authentication>
  |     </application-policy>
  | </policy>
  | 

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4213972#4213972

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4213972

More information about the jboss-user mailing list