[jboss-user] [Security] - Re: Caller unauthorized on using a ejb3 statetlesssessionbea
praenti
do-not-reply at jboss.com
Tue Oct 13 04:25:46 EDT 2009
Hi,
What I have to if I want to use the WebAuthentication further? Do I have to change the complete login to Web based authentication? I've seen I need then j_security_check, but I always get then that this resource is not available from tomcat.
For now I tried to use the WebAuthetication but the user is not authenticated then. I only get this error:
| vwg.audi.cancard.MyApplicationException: User is not authenticated or the isUserInRole check failed at vwg.audi.cancard.ui.action.Login.execute(Login.java:177) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultActionInvocation.java:441) at com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(DefaultActionInvocation.java:280) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:243) at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:165) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237) at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:252) at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237) at com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept(ConversionErrorInterceptor.java:122) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:195) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237) at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:195) at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237) at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:179) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237) at
| ...
|
The code I used in my Struts2 action:
| if(username == null || password == null)
| throw new RuntimeException("username or password is null");
| WebAuthentication pwl = new WebAuthentication();
| pwl.login(username, password);
|
| //Only when there is web login, does the principal be visible
| log.info("User Principal="+ServletActionContext.getRequest().getUserPrincipal());
| //Some basic checks to see if the user who just did a programmatic login has a role of "AuthorizedUser"
| log.info("isUserInRole(Authorized User)="+ServletActionContext.getRequest().isUserInRole("AuthorizedUser"));
| if(ServletActionContext.getRequest().getUserPrincipal() == null || !ServletActionContext.getRequest().isUserInRole("AuthorizedUser"))
| throw new MyApplicationException("User is not authenticated or the isUserInRole check failed");
|
| //Log the user out
| pwl.logout();
|
| if(ServletActionContext.getRequest().getUserPrincipal() != null || ServletActionContext.getRequest().isUserInRole("AuthorizedUser"))
| throw new MyApplicationException("User is still authenticated or pass: isUserInRole(Authorized User)");
|
In my log I see these two lines:
| 10:21:16,515 INFO [Login] User Principal=null
| 10:21:16,531 INFO [Login] isUserInRole(Authorized User)=false
|
But now the output of my JAAS login module is missing. I think that this is not running anymore. Something is missing...
Regards,
Michael
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4260010#4260010
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4260010
More information about the jboss-user
mailing list